[ISN] Researchers˘ Typosquatting Stole 20 GB of E-Mail From Fortune 500

From: InfoSec News <alerts_at_private>
Date: Fri, 9 Sep 2011 02:59:41 -0500 (CDT)
http://www.wired.com/threatlevel/2011/09/doppelganger-domains/

By Kim Zetter
Threat Level
Wired.com
September 8, 2011

Two researchers who set up doppelganger domains to mimic legitimate 
domains belonging to Fortune 500 companies say they managed to vacuum up 
20 gigabytes of misaddressed e-mail over six months.

The intercepted correspondence included employee usernames and 
passwords, sensitive security information about the configuration of 
corporate network architecture that would be useful to hackers, 
affidavits and other documents related to litigation in which the 
companies were embroiled, and trade secrets, such as contracts for 
business transactions.

"Twenty gigs of data is a lot of data in six months of really doing 
nothing," said researcher Peter Kim from the Godai Group. "And nobody 
knows this is happening."

Doppelganger domains are ones that are spelled almost identically to 
legitimate domains, but differ slightly, such as a missing period 
separating a subdomain name from a primary domain name -- as in the case 
of seibm.com as opposed to the real se.ibm.com domain that IBM uses for 
its division in Sweden.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/
Received on Fri Sep 09 2011 - 00:59:41 PDT

This archive was generated by hypermail 2.2.0 : Fri Sep 09 2011 - 00:58:23 PDT