[ISN] Hack puts AOL off limits

From: mea culpa (jerichot_private)
Date: Mon Oct 26 1998 - 14:24:18 PST

  • Next message: mea culpa: "[ISN] Shadow Group Sees Patterns with Network Hackers"

    Hack puts AOL off limits
    By Janet Kornblum
    Staff Writer, CNET News.com
    October 16, 1998, 2:40 p.m. PT
    URL: http://www.news.com/News/Item/0,4,27655,00.html
    
    Internet users trying to send email to America Online users or get to the
    online giant's site have been plagued by problems due to a major glitch
    with the Internet's domain naming system. 
    
    As reported earlier, instead of being routed directly to AOL, some users
    from the Net trying to send email to the company's 13 million members or
    trying to get to the company's portal were instead redirected to the
    servers of a company called Autonet.net, AOL spokeswoman Ann Brackbill has
    confirmed. 
    
    The problem was caused when someone forged an email message to the
    InterNIC, run by Network Solutions, requesting that Network Solutions
    change AOL's designated name server. AOL had designated the lowest
    security clearance for changing its InterNIC records, which made it easier
    for a hacker to wreak havoc. 
    
    The records were altered for several hours and have now been fixed.
    Because different ISPs update their name server records at different
    times, it is not clear how widespread the problem was. But systems
    administrators began noticing bounced email messages and problems
    resolving requests to get to the AOL site mid-morning. 
    
    When Net surfers try to reach an address on the Net, they type it in their
    Web browsers or in an email message. In order to reach their destinations,
    the names are routed through the Net and sent to the domain name server.
    If the server is wrong, the surfer will not reach the proper destination
    and neither will his or her email. 
    
    Most Internet access providers cache their domain name server records, so
    not everyone on the Internet would have instantly known there was a
    problem.  There also may be continuing problems throughout the day due to
    caching and latency. 
    
    A spokesperson for Autonet.net could not be reached for comment. 
    
    NSI changes between 10 and 15,000 records every day, said Christopher
    Clough, a spokesman for NSI. Some are done automatically; others are done
    by people. Records requests are handled according to the security options
    designated by the registrar, Clough said. 
    
    AOL had chosen the least secure option--which is also the default--in
    which the registrant states that Network Solutions is authorized to change
    the registration with a simple email message from the correct person. The
    most secure option requires the requesting party to use key encryption. 
    
    It is fairly rudimentary to forge an email address. 
    
    As a result, Network Solutions changed the records between 11 p.m. and 1
    a.m. PT, Clough said. The InterNIC record was changed at 1:27 a.m. PT. The
    records were changed back to AOL's servers this afternoon, both Clough and
    Brackbill said. 
    
    Brackbill said that AOL and Network Solutions have been working all
    morning to first correct the problem and then prevent it from reoccurring. 
    
    It may take a while for systems throughout the Net to catch up with the
    corrected domain name server. 
    
    "We've worked with them immediately to make sure this never happens
    again,"  Brackbill said. 
    
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:50 PDT