Open Close

How MIT website got hacked despite having any vulnerability ?

FacebookGoogle+LinkedInDiggEmailRedditStumbleUponPinterestDeliciousShare/Save

MIT got hacked.  Anonymous defaced the MIT to protest against the case of “Aaron Swartz”.

Without getting into who really hacked or the “cause” behind the protest, I just wanted to dissect it as an interesting case of multi-stage attack which proves that just securing your application is not good enough.

(Read More:  Using 80/20 rule in Application Security Management)

 Anatomy of the MIT Hack

Step 1: MIT Network Operations Center (NOC) person is sent an email with a malicious link containing a browser exploit.

Step 2: Victim opens the email, clicks the link and gets compromised

Step 3: Attacker steals the “Educause” credentials of the NOC person

Step 4: Attacker creates a cloudflare account with DNS entries pointing to their own servers.  Attacker also adds MX records such that mails are forwarded to their own servers.

Step 5: Attacker logs into the Educause domain control panel and changed the nameserver to point to the cloudflare account created before. Also they change the password of the domain control panel-Tweet This Blog

Download Free Checklist:   How to assess your Penetration Testing Vendor?

Learning from the MIT hack

  • Just securing the applications is not enough
  • You need to look into complex possibilities of social engineering vectors
  • Have a robust Emergency Response process-Tweet This Blog

(Read More:  4 Reasons Why Artificial Intelligence Fails in Automated Penetration Testing?)

References:

http://gizmodo.com/5978039/hackers-incoherently-deface-entire-mit-website
http://news.cnet.com/8301-1023_3-57563752-93/anonymous-hacks-mit-after-aaron-swartzs-suicide/
http://www.zdnet.com/mit-website-hacked-over-aaron-swartz-a-second-time-7000010148/

Leave a comment

All fields marked (*) are required