Key parts of the Internet infrastructure face large-scale attacks that threaten the global system of Web traffic, the Internet’s address keeper said on Friday.
The Internet Corporation for Assigned Names and Numbers (ICANN) said after an emergency meeting that there is “an ongoing and significant risk” to key parts of the infrastructure that affects the domains on which Web sites reside.
“They [hackers] are going after the Internet infrastructure itself,” ICANN chief technology officer David Conrad told reporters. “There have been targeted attacks in the past, but nothing like this.”
The attacks could date back to 2017, but have sparked growing concerns from security researchers in the past few weeks, which prompted the ICANN meeting.
The malicious activity targets the domain name system (DNS), which routes traffic to intended online destinations.
ICANN specialists and others say these attacks have a potential to snoop on data along the way, sneakily send the traffic elsewhere or enable attackers to impersonate or “spoof” critical Web sites.
“There isn’t a single tool to address this,” Conrad said, as ICANN called for an overall hardening of Web defenses.
“This is roughly equivalent to someone lying to the post office about your address, checking your mail, and then hand delivering it to your mailbox,” the US Department of Homeland Security said in a recent cybersecurity alert. “Lots of harmful things could be done to you [or the senders] depending on the content of that mail.”
So-called “DNSpionage” attacks might date back to at least 2017, said Ben Read, FireEye senior manager of cyberespionage analysis.
The list of targets included Web site registrars and Internet service providers, particularly in the Middle East.
“We’ve seen primarily targeting of e-mail names and passwords,” Read said. “There is evidence that it is coming out of Iran and being done in support of Iran.”
DNSpionage hackers appeared intent on stealing account credentials, such as e-mail passwords, in Lebanon and the United Arab Emirates, said Adam Meyers, vice president of intelligence at CrowdStrike, a cybersecurity firm.
Similar attacks took place in Europe and other parts of the Middle East, with targets including governments, intelligence services, police, airlines and the oil industry, cybersecurity specialists said.
“You definitely need knowledge of how the Internet works and you have to handle a lot of traffic being directed to you,” Meyers said of the DNSpionage hackers. “With that access, they could temporarily break portions of how the Internet works. They chose to intercept and spy on folks.”
The attack itself is technically simple, but its scope and targeting of Internet service providers along with large government entities made it “a big deal,” Meyers said.
ICANN is putting out word to Web site and online traffic handlers to ramp up security or leave users vulnerable to being tricked.
The organization urged broader implementation of domain name system security extension technology, which adds digital signatures that act as virtual seals of sorts to expose when data have been tampered with.
“It aims to assure that Internet users reach their desired online destination by helping to prevent so-called ‘man in the middle’ attacks, where a user is unknowingly redirected to a potentially malicious site,” ICANN said in the release.
Part of the challenge to keeping the Internet infrastructure safe is that Web site owners do not always grasp the imperative guarding against wily hackers, Conrad said.
“We want to make sure people understand what it means to own a domain name and put it on the Internet, because all of your customers are only as secure as you are,” Conrad said.
MORE VISITORS: The Tourism Administration said that it is seeing positive prospects in its efforts to expand the tourism market in North America and Europe Taiwan has been ranked as the cheapest place in the world to travel to this year, based on a list recommended by NerdWallet. The San Francisco-based personal finance company said that Taiwan topped the list of 16 nations it chose for budget travelers because US tourists do not need visas and travelers can easily have a good meal for less than US$10. A bus ride in Taipei costs just under US$0.50, while subway rides start at US$0.60, the firm said, adding that public transportation in Taiwan is easy to navigate. The firm also called Taiwan a “food lover’s paradise,” citing inexpensive breakfast stalls
TRADE: A mandatory declaration of origin for manufactured goods bound for the US is to take effect on May 7 to block China from exploiting Taiwan’s trade channels All products manufactured in Taiwan and exported to the US must include a signed declaration of origin starting on May 7, the Bureau of Foreign Trade announced yesterday. US President Donald Trump on April 2 imposed a 32 percent tariff on imports from Taiwan, but one week later announced a 90-day pause on its implementation. However, a universal 10 percent tariff was immediately applied to most imports from around the world. On April 12, the Trump administration further exempted computers, smartphones and semiconductors from the new tariffs. In response, President William Lai’s (賴清德) administration has introduced a series of countermeasures to support affected
CROSS-STRAIT: The vast majority of Taiwanese support maintaining the ‘status quo,’ while concern is rising about Beijing’s influence operations More than eight out of 10 Taiwanese reject Beijing’s “one country, two systems” framework for cross-strait relations, according to a survey released by the Mainland Affairs Council (MAC) on Thursday. The MAC’s latest quarterly survey found that 84.4 percent of respondents opposed Beijing’s “one country, two systems” formula for handling cross-strait relations — a figure consistent with past polling. Over the past three years, opposition to the framework has remained high, ranging from a low of 83.6 percent in April 2023 to a peak of 89.6 percent in April last year. In the most recent poll, 82.5 percent also rejected China’s
PLUGGING HOLES: The amendments would bring the legislation in line with systems found in other countries such as Japan and the US, Legislator Chen Kuan-ting said Democratic Progressive Party (DPP) Legislator Chen Kuan-ting (陳冠廷) has proposed amending national security legislation amid a spate of espionage cases. Potential gaps in security vetting procedures for personnel with access to sensitive information prompted him to propose the amendments, which would introduce changes to Article 14 of the Classified National Security Information Protection Act (國家機密保護法), Chen said yesterday. The proposal, which aims to enhance interagency vetting procedures and reduce the risk of classified information leaks, would establish a comprehensive security clearance system in Taiwan, he said. The amendment would require character and loyalty checks for civil servants and intelligence personnel prior to
RSS