MIT got hacked. Anonymous defaced the MIT to protest against the case of “Aaron Swartz”.
Without getting into who really hacked or the “cause” behind the protest, I just wanted to dissect it as an interesting case of multi-stage attack which proves that just securing your application is not good enough.
Anatomy of the MIT Hack
Step 1: MIT Network Operations Center (NOC) person is sent an email with a malicious link containing a browser exploit.
Step 2: Victim opens the email, clicks the link and gets compromised
Step 3: Attacker steals the “Educause” credentials of the NOC person
Step 4: Attacker creates a cloudflare account with DNS entries pointing to their own servers. Attacker also adds MX records such that mails are forwarded to their own servers.
Step 5: Attacker logs into the Educause domain control panel and changed the nameserver to point to the cloudflare account created before. Also they change the password of the domain control panel-Tweet This Blog
Learning from the MIT hack
- Just securing the applications is not enough
- You need to look into complex possibilities of social engineering vectors
- Have a robust Emergency Response process-Tweet This Blog