Bitcoin wallet provider Blockchain.info walks through its DNS hijack hack
Transparency is important in the event of being hacked, and although some companies (like Yahoo) fail miserably when the worst occurs, others now understand how important it is to communicate with their customers in a time of crisis.
Bitcoin wallet provider Blockchain.info is one such company, with the firm having its domain name server hijacked earlier this week. According to SiliconANGLE’s “Bitcoin Weekly“:
Users of the Blockchain.info web wallet complained early Wednesday that the website was unavailable. Others, however, discovered that the domain name service for Blockchain.info was sending them to an altogether different website. This is part of an attack known as a “DNS hijack,” in which an attacker spoofs the DNS of a target website and sends visitors to a different locale, often to use to collect passwords and personal information through phishing.
Blockchain.info immediately started making statements on social media to let customers know what was occurring, and have now followed up with a full disclosure of exactly what occurred.
Hijack
In a post to the Blockchain.info blog, the company explains that an attacker changed their DNS servers by gaining access to their accounts through breaching the systems of their DNS registrar, that is to say, that Blockchain.info itself was not directly attacked.
“Within minutes, our internal systems alerted our infrastructure team who immediately began to assess the attack,” the company noted. After shutting down their platform so they could investigate what had occurred, they discovered a highly sophisticated attack against the registrar’s infrastructure, with registrar then being able to manually regain control and revert the DNS changes.
Given the DNS hack caused visitors to the site to be redirected to a phishing site, Blockchain.info found that due to the attacker using a self-signed SSL certificate, users using modern browsers – which the wallet requires – were prevented from being exposed to the phishing site. “Due to the quick response of our team, the attacker’s DNS changes were allowed only to propagate partially across the Internet,” they added. “We were also able to locate the owners of the compromised machine being used by the attackers and have it shut down.”
Once it was confirmed that their DNS had propagated and that their systems were not compromised, the site was eventually restored.
“Ultimately, any disruption in service is something we take seriously and we extend our sincere apologies,” company Chief Executive Officer Peter Smith noted. “While we sometimes remain offline for longer than necessary, we do so out of an abundance of caution while we check to ensure all systems are fully protected and functional.”
Image credit: karenborter/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU