On 19th Feb, President Trump's website, secure2.donaldjtrump.com, was hacked by the Iraqi hacker calling himself "Pro_Mast3r". The website was defaced to the following:
However, the interesting bit is that, apparently, this hacker contacted the security news reporter Brian Krebs saying that he used the Subdomain Takeover attack described here to do so.
So, here's my TL;DR about it.
Attack Scenario:
1) The victim has a website setup on the subdomain of one of the several service providers like Heroku, Github, Bitbucket, etc.
2) The victim is no longer using that service but they did not remove the redirect to it.
3) Attacker creates an account with the service provider claiming that the domain is theirs.
4) Attacker uses the domain to phish legitimate users.
Requirements:
1) Victim must still redirect to the subdomain in some way.
2) Victim must not own/use that subdomain anymore.
Cause:
1) Victim's mistake, obviously.
2) Service providers do not verify subdomain ownership.
Extent:
Detectify has identified 17 providers (which became over a 100) that did not verify subdomain ownership,Heroku, Github, Bitbucket, Squarespace, Shopify, Desk, Teamwork, Unbounce, Helpjuice, HelpScout, Pingdom, Tictail, Campaign Monitor, CargoCollective, StatusPage.io and Tumblr.
For further details read their blogpost. Enjoy.
So, here's my TL;DR about it.
Attack Scenario:
1) The victim has a website setup on the subdomain of one of the several service providers like Heroku, Github, Bitbucket, etc.
2) The victim is no longer using that service but they did not remove the redirect to it.
3) Attacker creates an account with the service provider claiming that the domain is theirs.
4) Attacker uses the domain to phish legitimate users.
Requirements:
1) Victim must still redirect to the subdomain in some way.
2) Victim must not own/use that subdomain anymore.
Cause:
1) Victim's mistake, obviously.
2) Service providers do not verify subdomain ownership.
Extent:
Detectify has identified 17 providers (which became over a 100) that did not verify subdomain ownership,Heroku, Github, Bitbucket, Squarespace, Shopify, Desk, Teamwork, Unbounce, Helpjuice, HelpScout, Pingdom, Tictail, Campaign Monitor, CargoCollective, StatusPage.io and Tumblr.
For further details read their blogpost. Enjoy.
No comments:
Post a Comment