A Deep Dive on the Recent Widespread DNS Hijacking

[eric.kuhnke at gmail.com (Eric Kuhnke)]

One thing to consider with authentication for domain registrar accounts:

DO NOT USE 2FA VIA SMS.

This is a known attack vector that's been used by SS7 hijacking techniques
for several well documented thefts of cryptocurrency, from people who were
known to be holding large amounts of (bitcoin, ethereum, whatever) on
exchanges which supported 2FA authentication.

In some cases there was no SS7 hijacking going on, but rather social
engineering of (t-mobile, sprint, verizon, at&t) customer service
representatives to get a new SIM card issued for the attack target's phone.

tl;dr: ss7 considered harmful





On Mon, Feb 25, 2019 at 10:48 AM Owen DeLong <owen at delong.com> wrote:

>
>
> > On Feb 25, 2019, at 09:25 , Paul Ebersman <list-nanog2 at dragon.net>
> wrote:
> >
> > ebersman> If someone owns your registry account, you're screwed. And
> > ebersman> right now, it tends to be the most neglected part of the
> > ebersman> entire zone ownership world. Let's use this opportunity to
> > ebersman> help folks lock down their accounts, not muddying the waters
> > ebersman> with dubious claims.
> >
> > Reread this and felt I should clarify that I realize that John and Doug
> > are not the ones saying DNSSEC is useless. I just hate to see the knee
> > jerk "oh, see, DNSSEC didn't save the day so it's obviously
> > useless". Let's give the world a better explanation.
>
> @Paul â?? I think you meant â??registrar accountâ?? rather than â??registry
> accountâ??
> since most domain holders donâ??t have registry accounts. Registry accounts
> are
> primarily held by registrars. If someone owns a registrarâ??s registry
> account, then
> all of their customers (and potentially many many others) are screwed.
>
> Owen
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190225/9184f60c/attachment.html>