Jul 30, 2019 07:00:00

What is the measure the US government took to prevent the '.gov' domain from being taken over as 'DNS hijacking' spreads worldwide?

by

Roman Koester

The activity of Sea Turtle, a hacker group that hacks domain name system (DNS) and steals data, has been expanding and has been reported since the beginning of 2019. In preparation for such hacker attacks, the DotGov Program, which manages the '.gov' domain used by the US federal government and local government agencies, has announced new measures.

US Govt Rolls Out New DNS Security Measures for .gov Domains
https://www.bleepingcomputer.com/news/security/us-govt-rolls-out-new-dns-security-measures-for-gov-domains/

Sea Turtle's target is mainly government agencies, and so far nearly 40 government agencies have been hacked by DNS hijacking. At the time of writing, hackers attacked telecommunication companies and Internet service providers with country code top-level domains (ccTLDs), and ultimately risked destroying the overall reliability of the Internet. It has been.

'Sea Turtle' spreading infection by DNS hijacking
https://gblogs.cisco.com/jp/2019/07/talos-sea-turtle-keeps-on-swimming/

The National Center for Cyber Security and Communications (NCCIC) advises network administrators on the following hijacking campaigns, such as those conducted by Sea Turtle:

・ Implement multi-factor authentication in the system that corrects domain registrar account and DNS records
Check that the DNS infrastructure shows the correct internet protocol address and host name
Search for encrypted certificates for the domain and revoke suspicious certificate requests

Under these circumstances, the DotGov Program, which operates and manages the '.gov' domain used by the US federal government and local government agencies, has announced the implementation of new security measures. According to the DotGov Program, if '.gov' registrants make DNS changes after July 17, 2019, they will automatically be notified by email to the government.

DNS changes by '.gov' registrants are usually reflected within 24 hours. Therefore, 'If you plan to make changes on the weekend, please contact us here by Thursday to reflect the information within the working day,' said a representative. The DotGov Program has already implemented two-step authentication as one of the '.gov' security measures.

by Philipp Katzenberger

The DNS hijacking by Sea Turtle makes it possible to skip data from a specific domain to any IP address, so the worst is that another DNS server willing to use the bank's online service It is possible that a situation could occur. For this reason, it is considered dangerous as 'the reliability of the entire Internet is lost.' Also, according to Cisco Systems, Sea Turtle's activity is considered 'abnormally bold' and it is unlikely that the attack will stall.

It should be noted that the United Kingdom Cyber Crime Center (NCSC) is also the recommendation of the security measures in response to this situation has been announced .