Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Security Pro Seizes Expired DR Congo Top-Level Domain, Takes Over 50% Of DNS Traffic

It’s rare for the top-level domains of countries to fall into the hands of individuals, but in some cases it is the only way to stop cybercriminals from exploiting expired domains.

On January 15, Fredrik Almroth, founder and head of engineering at Detectify, described how a general scan on nameserver records used by top-level domains (TLDs) worldwide resulted in the discovery of a country code top-level domain (ccTLD) in immediate danger of becoming vulnerable to attack.

Almroth’s scan, performed in December 2020, showed that ‘scpt-network.com’ linked to the nameservers managing the ccTLD used by the Democratic Republic of Congo (.cd) – home to approximately 87 million people – was displaying the Extensible Provisioning Protocol (EPP) status code ‘redemptionPeriod’.

In a technical blog post, the security researcher described how this was concerning, prompting him to monitor the domain. A week later, he received an alert that the domain was ‘pendingDelete’ – a status usually reserved for when an owner forgets to, or elects not to, renew their domain name.

Disaster averted

The moment the domain expired, threat actors could snap it up and, therefore, would also seize the nameserver capabilities of .cd.

Now able to intercept traffic running through the ccTLD, attackers could perform DNS hijacking, surveillance, Manipulator-in-the-Middle (MitM) attacks, and data theft.

Apex .cd domains, too, would be at risk, as attackers controlling the TLD could potentially take them over, perform distributed denial-of-service (DDoS) attacks, or infiltrate local networks.

“As an end-user, you would not be able to trust any content seen on any .cd website,” Almroth told The Daily Swig.

“If used maliciously a threat actor could leverage the position to issue new SSL/TLS certificates for most websites at will. The same goes for file downloads and the like which could be manipulated while in transit.”

To prevent this and to keep the domain “from falling into the wrong hands”, Almroth purchased the domain on December 30. As a result, temporarily, the researcher obtained control of approximately 50% of all DNS traffic for the top-level domain.

Returned to rightful owner

On January 7, the researcher reached out to contacts listed for the .cd domain with the Internet Assigned Numbers Authority (IANA) in order to transfer ownership.

While no follow-up confirmation was received, the issue was tackled within 14 hours and both nameserver delegations and traffic has now been redirected.

Almroth still owns the domain name for scpt-network.com. The incident was also reported to HackerOne’s Internet Bug Bounty on January 8, but as of the time of the writing, the researcher has not been in further contact with the team.

Almroth told us that he did uncover interesting data regarding the DNS queries, but this will “require further analysis before doing a statement of any additional findings”.

A spokesperson for ICANN told us that the agency has “a very limited role” in regard to ccTLDs as they “operate within their respective countries and [are] accountable to their local communities”.

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/security-pro-seizes-expired-dr-congo-top-level-domain-takes-over-50-of-dns-traffic

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business News

In this grab taken from video, workers stand by a container to collect oil spill waste, in Ogoniland, Nigeria, June 16, 2023. An oil...

Business News

Rifkatu Andruwus, 66, stands in front of her makeshift home, at the Durami camp for the displaced, in Abuja, Nigeria, Friday, June 9, 2023....

Accidents

Jeff Woodke, and his wife, Els, pose for a photo at their home in McKinleyville, Calif., Monday, June 5, 2023. American missionary Jeff Woodke...

Business News

FILE – A gay Ugandan man covers himself with a pride flag as he poses for a photograph in Uganda on March 25, 2023....

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO