Sea Turtle DNS Hijacking Threatens The Internet

A new and highly skilled team of hackers spying on dozens of government targets is never welcome news, but one team of cyberspies has pulled off that scale of espionage with a rare and troubling trick, exploiting a weak link in the internet's cybersecurity that experts have warned about for years. It is DNS hijacking, a technique that meddles with the fundamental address book of the internet.


Researchers at Cisco's Talos security division has revealed that a hacker group calling itself Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organisations. In the process, they went so far as to compromise multiple country-code top-level domains—the suffixes like .co.uk or .ru that end a foreign web address—putting all the traffic of every domain in multiple countries at risk.


The hackers attacked telecoms, internet service providers and domain registrars responsible for implementing the domain name system. But the majority of the victims and the ultimate targets, Cisco believes, were a collection of mostly governmental organisations, including ministries of foreign affairs, intelligence agencies, military targets, and energy-related groups, all based in the Middle East and North Africa. By corrupting the internet's directory system, hackers were able to silently use "man in the middle" attacks to intercept all internet data from email to web traffic sent to those victim organisations.


Cisco Talos researcher Craig Williams says the Sea Turtle campaign is disturbing not only because it represents a series of brazen cyberspying operations but also because it calls into question that basic trust model of the internet.


"When you're on your computer and visit your bank, you assume DNS servers will tell you the truth," Williams says. "Unfortunately what we're seeing is that, from a regional perspective, someone has broken that trust. You go to a website and it turns out you don’t have any guarantee of who you’re talking to."

more news

Varonis Blog Highlights 110 Cybersecurity Statistics


Cybersecurity company Varonis has issued its predictions for the forthcoming year with a blog post entitled 110 Cybersecurity Statics For 2020. The blog states that cybersecurity issues are becoming a day-to-day struggle for businesses. Recent trends and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.

read more

UK To Go On The Cyber Offensive


The UK Government is about to launch a new proactive and offensive cybersecurity team that will wage cyberwarfare against hostile nation-states and online crime organisations. It would be naive to believe that the UK has not launched cyberattacks against third parties, but the killing of Qassem Soleimani has brought this out into the open.

read more

Are You Ready For Iranian Revenge Cyberattacks?


Following the killing of Qassem Suleimani no-one can be sure of what military action Iran will take, but experts agree that its cyberattacks will increase against countries and governments it sees as hostile.

read more

Ringing The Changes For IOT Security


Buying and installing a cyber-doorbell through which you can monitor callers even if you are away from home makes sense, yes? Not unless you are a user from Alabama who has launched a $5million legal against action after it is alleged that a hacker cracked the Ring doorbell and started harassing the family.

read more