Email Security Strategies

Before we begin, you can have the most advanced cyber security practices and anti-virus in place, but if you do not have a strong enough password to secure your devices or online accounts, all your security measures might as well be useless. As I have already explained in a previous tutorial, more people are hacked as a result of weak passwords than any other single factor. With that established, the 2nd most common way to hack someone is through their email inboxes or accounts – just ask Hillary Clinton, John Podesta, John Brennan and the DNC about that.

Make no mistake, if some of the worlds most powerful people can have their personal emails hacked, so can you. This is also why learning how to practice better email habits should be of the upmost importance for you heading into the future.

What To Avoid & How Email Hacks are Pulled Off:

While browsing through your email account(s), never open a single email or click on any link(s) from a sender you do not know personally. It might seem harmless, but the simple act of curiously opening an email or clicking on a link within an email can open Malware or register and transmit the IP Address of the device you are using to the sender of that email or link.

When a hacker sends compromising emails or links to your personal inbox it is a technique known as “Phishing,” and it is perhaps the most common form of cyber-attack you will ever encounter. I am willing to bet that everyone whom has ever owned an email account has seen a phishing scheme at one point or another in their lifetime, whether they were even aware of it or not. This is also why it is important to not just leave your email out in the open for all the world to see, or blindly pass it around to so many pages across the internet – especially if you have something to lose.

Believe it or not, there are even free and public services which allow any person to secretly attach a program to any given link or email they send, which automatically transmits data such as your IP Address as soon as you open it. This type of program also reveals things like the time of day you clicked the link, the type of browser you were using and how long you kept the window open. This is also what is referred to as a “trap-link.” The most common of which comes in the form of an “IP-logger,” which automatically registers the data of any device that clicks on it. While this might sound extremely complicated or foreign to you, again, regardless of the legality of it all, there are actually multiple free services, platforms and tools available on the internet for people to do just this.

Needless to say, always use caution and judgement when clicking on any links in your inbox, online chat, message or social media network alike – especially from people/sources/senders you do not know/trust or have never done business with directly. Lastly, getting your IP logged is the least of your concerns – it’s just the most common practice. Typically, hackers will “Spear-Phish” different/specific emails with malicious links that can secretly upload or install malware onto a users device, granting further access to their information. Additionally, every file you download should be immediately scanned by your anti-virus, because Microsoft Word documents and weaponized pdf’s are increasingly being used by the world’s most sophisticated hackers – because these are the most widely downloaded types of documents online, making them the easiest means to widely install malware on more peoples devices.

Separate Your Inboxes:

A good practice is to also use separate accounts for different purposes. For example, use a separate email account for your online banking and/or business than you would use for family, friends, or subscribing to magazines. This ensures that if one account is ever breached or compromised, not every aspect of your life gets compromised along with it. Additionally, use separate passwords for separate accounts and always reserve your strongest passwords for your most important accounts. You should also utilize two-factor authentication whenever and wherever possible.

If you are a website domain owner, or own multiple email accounts, you can also secure your personal or business inbox behind a mail forwarding service through your domains DNS settings or an alternative service provider. Selecting this option will allow you to pass out an email address without actually revealing the true end destination where those emails will be sent, essentially turning the mail forwarding address into an “alias” or “proxy” for your real account.

If you would like to learn more about alternative/encrypted email service providers, as well as why you should consider making the switch to them, please utilize the following link: https://roguemedia.co/2019/11/02/making-the-switch-to-encrypted-emails-2/

If you need help learning how to read, write and remember stronger passwords to secure your online accounts, please utilize the following link: https://roguemedia.co/2019/10/30/tutorial-learning-how-to-write-remember-un-hackable-passwords/

Criteria To Consider When Purchasing A VPN

I read somewhere recently that there are over 500 VPN companies world-wide in 2019, but what really separates one from the other? How can you be sure which company is best? Well, yesterday I came across this list from Comparitech Privacy Advocate and Raul Bischoff, which is think constitutes the best explanation I have seen to date – which is why I am republishing it here today.

Please note that VPN’s are not a tool for criminals, they are tool through which you can protect your own fundamental rights to freedom and privacy – rights which Governments all around the world are slowly but surely trying to take away from us. So, when you read about Anonymous forms of payment below, this doesn’t mean researchers are trying to show you something dark or illegal, but are rather pointing out which companies are willing to go the furthest to protect your data, identity and privacy – ideals which should be at the heart of any/every VPN specific company. After-all, this is literally the only purpose a VPN serves.

1.) Traffic logging policy: Traffic logs refer to records of user activity and the content they viewed while using the VPN. A VPN provider should have no traffic logs of any sort whatsoever.

2.) Metadata logging policy: This refers to logs that contain the source IP of users. Not considering bandwidth or timestamp logs, which contain no identifying information.

3.) VPN protocol: Must use a secure VPN protocol such as OpenVPN, L2TP, SSTP, or IKEv2.

4.) Channel encryption: Must use the AES 128-bit algorithm or higher.

5.) Authentication protocol: Must be SHA256 or better. SHA1 has vulnerabilities, but HMAC SHA1 is arguably still safe and doesn’t suffer from collisions, so points are not deducted for HMAC SHA1.

6.) Key exchange: RSA and DH keys must be 2,048-bit or higher.

7.) Perfect forward secrecy: Session keys cannot be compromised even if the private key of the server is compromised.

8.) DNS leak protection: DNS leak protection must be built into the provider’s apps.

9.) WebRTC leak prevention: WebRTC leak prevention must be built into the provider’s apps.

10.) IPv6 leak prevention: IPv6 leak prevention must be built into the provider’s apps.

11.) Kill switch: VPNs should have a kill switch that halts traffic when the VPN connection drops is a must.

12.) Private DNS servers: The provider must operate its own DNS servers and not route DNS requests through the default ISP or a public provider such as OpenDNS or Google DNS.

13.) Servers: Physical server are preferred.

14.) Anonymous payment methods: Accepting Bitcoin as payment earns the point, but also take note of those who accept gift vouchers and other cryptocurrencies.

15.) Torrenting policy: Downloading via BitTorrent must be allowed.

16.) Country of incorporation: Special consideration if a VPN is incorporated outside of the 14 Eyes: Australia, Canada, New Zealand, the United Kingdom, United States, Denmark, France, Netherlands, Norway, Germany, Belgium, Italy, Sweden, and Spain.

Learn More – Data Servers v Country of Origin: https://roguemedia.co/wp-content/uploads/2019/10/Data_v_Country.pdf

Read Full Doc:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/10/Data_v_Country.pdf”]

** If you cant navigate the document, hover your mouse over the pdf (above) and notice the up and down arrows at the bottom left. These will help you flip through the pages **

 

How and Why To Re-Rout DNS Through Your Computer or Phone

In a few of my previous tutorials I briefly touch on DNS re-routing, but never really get into it in full details, so I figured why not here today? Before moving forward, learning to re-route your DNS is important because it is a means of protecting your personal data, devices, network connectivity and internet traffic away from the spying or prying eyes of your Internet Service Provider (ISP), Government and any other interested 3rd parties, such as advertisers or even hackers. As for how DNS works or how switching it effects your internet connectivity, I think the short video below is the best demonstration. It explains how DNS re-routing configures your computer or phone to connect through a DNS server first, in order to connect to a website second – instead of connecting to a server owned by your ISP to connect to that same website, get it?

While there are number of ways to re-route your DNS and different services providers to choose from, for the purposes of this article, I consider the following to be the worlds best “Top 3” – Cloudflare DNS, IBM Quad 9 and Google’s Public DNS. As you can read below, each of which have their own unique benefits.

Cloudflare DNS:

Ipv4: 1.1.1.1
Ipv6: 1.0.0.1
Ipv6: 2606:4700:4700::1111
Ipv6: 2606:4700:4700::1001

Cloudflare DNS is my personal DNS provider of choice, installed on both my computer and phone. As for why I choose them, this is because Cloudflare DNS anonymizes IP Addresses, deletes logs daily and doesn’t mine any user data. Additionally, Cloudlfare DNS also offers security features not available in many other public DNS service providers, such as “Query Name Minimization” – which diminishes privacy leakage by sending minimal query names to authoritative DNS servers when connecting to websites.

Learn More – Cloudflare DNS: https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/

IBM Quad 9:

Ipv4: 9.9.9.9
Ipv4: 149.112.112.112
Ipv6: 2620:fe::fe
Ipv6: 2620:fe::9

IBM Quad 9. Whereas Cloudflare may be more beneficial for activists and researchers, IBM Quad 9 on the other hand is probably of more benefit to your average home owner, parent or business owner. This is because Quad 9 routes your internet connections through DNS servers that actively blacklist known malicious websites, as well as websites which have previously been compromised by data breaches. In addition to this, Quad 9 servers also protect your internet’s incoming/outgoing connections as a means of preventing any of your devices from being caught up in a botnet. Quite simply, this means that while on Quad 9 servers, you never have to worry about any of your devices being hijacked or caught up in any sort of DDoS or crypto-mining campaigns, even smart devices connected to the “Internet of Things” (IoT).

Learn More – IBM Quad9: https://www.quad9.net/

Google Public DNS:

Ipv4: 8.8.8.8
Ipv4: 8.8.4.4
Ipv6: 2001:4860:4860::8888
Ipv6: 2001:4860:4860::8844

Google Public DNS servers on the other hand are ideal for people in countries such as Ethiopia, Sudan, Turkey, Syria, North Korea and the like which are all known to have restricted, censored, shut down and/or sealed off access to certain portions of their national internet in the past. In fact, as you can see via the picture provided below, activists affiliated with Anonymous Cyber Guerrilla have literally spray painted Google’s 8.8.8.8 DNS in public places in times of National crises as a means of raising awareness and alerting citizens how to bypass local internet restrictions imposed by their Government – opening people back up to the global world-wide-web. In addition to bypassing regional internet restrictions, compared to ISP’s in some 3rd world regions, switching to Google DNS servers might actually help improve or speed up your load time/internet connection.

Learn More – Google Public DNS: https://developers.google.com/speed/public-dns/

No photo description available.

 

How To Switch DNS On Windows?

1.) Go to the start menu and type in “Settings,” press enter and then select “Network & Internet” options

No photo description available.

 

2.) Click on “Change Adapter Options

Image may contain: text

 

3.) Select the “Internet Connection” your are using then click on the “Properties” button when it pops up

No photo description available.

 

4.) Scroll through and individually select/click on “Internet Protocol Version IPv4” and “Internet Protocol Version IPv6” then press the “Properties” button again

No photo description available.

 

5.) Select “Use The Following DNS Server Address” and manually enter in your DNS service provider of choice – see IPv4 and IPv6 Addresses above – then press “OK

No photo description available.

 

That’s it, really. Generally speaking, the setup should be the same on your Apple PC just as well. It’s also important to note that you can actually do a mix-match of the addresses listed above. For example, you can use Cloudflare for IPv4, but then choose IBM for IPv6 – vice versa – and your internet connection will not be broken. Just so you are aware, while IPv2 usually signifies the country of origin or device where you are coming from, but most all devices on the world-wide-web these days connect to websites via IPv4 connections, making IPv4 the most important settings to modify.

How To Switch DNS On Phone?

Changing or re-routing the DNS settings on your phone can either be incredibly complicated or incredibly simple, depending on your level of skill/expertise. However, far and away the easiest means to go about accomplishing this is by installing a 3rd party App – either by going to your App, Apple or Google Play store(s). Simply just type in “Change DNS” to your search settings, press enter, and this should open up a whole host of options to choose from. Simply choose the one that you feel is best for you and enter in the Addresses listed above.

If You are A Little More Advanced…

OpenNIC Project. For those of you whom may be unfamiliar, “OpenNIC (also referred to as the OpenNIC Project) is a user owned and controlled top-level Network Information Center offering a non-national alternative to traditional Top-Level Domain (TLD) registries; such as ICANN. Instead, OpenNIC only operates namespaces and namespaces the OpenNIC has peering agreements with.

In other words, they are open DNS addresses, servers and proxies not indexed by global internet agencies or their Governments. Stay classy mi amigos 😉

Learn More -OpenNIC Project: https://www.opennic.org/

See Also – CyberGuerrilla Internet Censorship Care Package: https://www.cyberguerrilla.org/blog/anti-censorship-carepackage/

Online Tutorial: Phone Security

1.) Encryption

Encrypt your entire Operating System (OS). Phone encryption is the first line of defense for whichever phone you happen to use, ensuring that no one can even so much as turn on your device without the proper credentials. It is important to understand that encrypting your phone and setting a screen lock for it are not the same thing. It is also important to understand that, depending on the type of phone you have and who manufactured it, screen locks can be bypassed by 3rd parties – such as hackers – as well as through different back-doors found within various software applications/programs you’ve installed on it. Encrypting your phone on the other hand encrypts your entire operating system all at once, requiring password authentication for the phone to even boot up and power on in the first place – ensuring that no App, program or file can be exploited or corrupted to gain full access to your phone.

Depending on what type of phone you have, your settings might come with a built in feature allowing to encrypt individual Apps. If not, you can install a firewall application for that – more on this later on in the article. If you are unfamiliar where to find your phones encryption options, they are available in the “security” section under the main settings menu. Please note that it can take an hour or more to fully encrypt your phone, so it’s important to always begin with a fully charged battery.

Select an appropriate screen lock. Screen locks are a different form of encryption in a sense, ensuring that no one can use/operate your phone when you lose it, are away from it or leave it out in public. As far as how you set it up, there are 4 different options to choose from – each one having its pro’s and cons.

  • Password Lock. Users will be required to enter a unique password consisting of letters, numbers and symbols to unlock your device. Personally, I believe password protection to be by far the most secure of all options. However, for the same reason, it could be considered the most “inconvenient, because it requires the most amount of time/attention to enter every time you wish to unlock your device.
  • Pin Lock. Pin locks work exactly like password protections, only they exclude letters and symbols. Meaning that users will be required to enter a pass-code of random numbers in order to unlock your phone. For the very reason that pins exclude letters and symbols, they are a little less secure than passwords, exponentially decreasing the theoretical number of guesses it would take to crack/unlock your device.
  • Pattern Lock. I am finding that this is becoming the most “trendy” screen lock these days, simply requiring users to use their fingers to “connect the dots” and draw a unique pattern on the front of their screen before it unlocks. However, I find pattern locks to be less secure than some of the other options, because there is a much higher probability of successfully drawing a random pattern to unlock a device than their is guessing an advanced password or pin.
  • Biometrics. The newest “craze” is security is using your own fingerprints, eyes, face or facial expressions to unlock different devices. However, while these options may be the most convenient and fastest, they are also by far the least secure. I say this because multiple studies have proven how easy it is to trick biometric security measures, and often times the pictures off your own social media accounts are enough to bypass them.

Password/Pin protect your SIMor SSID card. It is important to understand that encrypting your operating system and setting a screen lock will do nothing to protect your data cards or memory chips, securing those is an entirely separate matter. So lastly, you are going to want to encrypt/password protect your SIM and/or SSID card. To do this simply enter into the security options within your phones main settings menu, find/select your memory chips and create a unique pin lock for them. This ensures that no matter where your memory chip goes or whatever phone/device it’s plugged into, no one will be allowed to access your contacts, photos, videos, messages, files or data without entering the correct pin code first.

If you would like help learning how to build strong and easy to remember passwords to encrypt your accounts/devices, please read more in the tutorial provided below.

How To Write Un-Hackable Passwords: https://roguesec.co/how-to-write-un-hackable-passwords/

2.) Firewalls

Some phones come pre-installed with various firewall options, but if yours does not then there is a sizeable number of firewall Apps to choose from. Firewalls are critically important to security because they allow users to seal off or block different Apps, limiting the possible points of entry for hackers or other 3rd parties. Depending on the type of firewall you select, you may also have the option to encrypt individual Apps on your phone, adding a 4th layer of encryption to your device while ensuring that even if someone is able to unlock it, they will not be allowed to use selected Apps without further permissions. This is particularly important/helpful if you utilize different types of chatrooms, group chats for work or VoIP services.

Perhaps most importantly, firewalls severely limit potential abuses of your phone. You can select different options to completely seal off individual Apps altogether, or seal off different settings/areas of your phone from outside sources.Not only does this prevent hackers from using selected Apps to compromise your phone, but at the same time it prevents App owners themselves and other 3rd parties from gaining access to your phone all the same. Firewalls also protect against unwarranted data collection of your phone, including call/text history and general phone usage. More importantly, building a strong firewall and sealing off selected Apps can free up memory space/data usage, both speeding up your phone and saving battery life. If there are Apps on your phone that you’ve never used a single day in your life, or you feel may be spying on you/invading your privacy, simply use your firewall to disable them altogether with the click of a button.

On a similar but side note, never blindly give every App different permissions just because they ask for them. For example, when first navigating a new phone you might find that you are regularly asked to allow different Apps to do random things, such as collect data or record audio/video. It might seem harmless, but think about it for a second. What the hell does the Google Chrome web browser possibly need to record audio for? The simple answer is it doesn’t, you are only being set up to have your phone hacked by authorities and/or law enforcement officials at a later date in time – should they ever feel the need. By checking these options and blindly granting permission to different Apps, your are secretly granting 3rd parties the permission to ‘flip the switch‘ so to speak and turn your phone into a spy/recording device whenever they want. So, don’t fall for it. There is literally no need to give different developers that much permission over your phone.

3.) Manage Security Certificates

Similarly, you should seriously check out the security certificates or “Trusted Credentials” list which came pre-installed on your phone. On my Android ZTE for example, my phone was handed to me with over 100 different security certificates installed on it, some of which grant different Government agencies/offices direct root access to my phone without requiring legal documents or warrants of any kind – no exaggeration. You might not have been told about this when you bought your phone, buy they are there. Just a short list of some of the organizations which have direct root access to my phone; China Financial Certification Authority, CyberTrust, Deutsche Telekom, Hellenic Academic Research Institute, HongKong Post, Japanese Government, VISA, TurkTrust,Wells Fargo, as well as countless other organizations operating under different Government umbrellas.

Thankfully though, you do have the ability to revoke these certificates/permissions if you like. Simply find where these certificates are under your settings menu and disable whichever ones you desire. Just note that disabling some of the most fundamental ones, such as those issues by your telecommunications provider, may break access to different areas of your phone – but this is always reversible.

4.) Internet Security & Antivirus

Most people are always surprised to learn that the same measures used to secure your computer can often times be transferred directly to your phone, this includes things like VPN’s and antivirus. For the purposes of this section of the article, I would like to discuss different measures you can install to help protect your phone and keep your data that much more private/secured.

  • VPN’s: I am not going to get into a breakdown of what VPN’s are and how they work, it is just important to understand that you can install and utilize a VPN connection on your phone all the same as a computer. If you already own a paid VPN account, simply install the service providers App on your phone and establish a new connection through it. Your IP Address and internet connection will be secured all the same, just note that the internet speed of your phone will be effected a little more significantly than a computer, simply because a phone can not process as much information as fast as a computer can.
  • Proxy’s: It is another common misconception that you can’t utilize proxy connections or the Tor network on your phone, this is simply untrue. You can either hide your IP address and internet activity by installing the Tor App directly, or you can install something known as Orbot – developed by The Tor Project. Orbot transfers all data/network activity from your phone across various tor relays, essentially turning the Tor network itself into a giant VPN connection/encryption setting for all of your data and every last thing you do on your phone. Unlike Tor, Orbot doesn’t just simply protect internet activity – even the Apps developers profess itself to be a “full phone VPN.
  • Re-Route DNS: Another way to protect against data spying, 3rd party abuses or intrusive hackers is to re-route your DNS through different service providers. For example, I personally route all of my network activity through Cloudflare DNS servers for added privacy and security. IBM’s Quad 9 DNS service is another good option, blocking you from gaining access to known malicious websites while preventing your device from ever becoming part of or wrapped up in a botnet. You can do your own research to find other options which may be more suitable, but another popular option is Google’s public DNS service.
  • Install Different Browsers: Just as with computers, you can choose a whole host of different browser options, many of which are far more secure and private than Google Chrome or the built in web browser found on your phone. If you would like to learn more about browsers, as well as the different/added benefits of each, please utilize the following link: https://roguesec.co/building-selecting-safer-web-browsers/
  • Antivirus: Phone antivirus programs essentially work the same as computer antivirus’, only they are far simpler and much cheaper. A good antivirus program for your phone should cost anywhere from $2-5$ per month, and will protect your phone against malicious hyperlinks, scan all downloads for viruses, as well as prevent all of the most common/basic forms of cyber attack. Some phone based antivirus service providers, such as Kaspersky Lab, also come with built in VPN connections to secure your internet activity at the same time.

5.) VoIP Services

While VoIP services are not necessarily essential for everyday phone use, they do offer critical protections for political activists, journalists, researchers and citizens living under oppressive regimes all around the world. VoIP stands for “Voice over Internet Protocol,” which is just a fancy way of saying they transport all calls and messages over established internet connections, rather than routing them through your telecommunications or phone service provider – such as AT&T or Verizon. For this reason, VoIp services prevent your data from being intercepted, recorded or stolen by telecommunications companies and other 3rd parties, such as Governments, thus protecting any information you send across them. VoIP services also offer the ability to encrypt messages or calls between like users, further protecting your privacy. By comparison, both of these options are not available on standard text messages or phone calls. In politically oppressive countries, VoIp services offer a critical means to bypass Government imposed restrictions or blockades on national telecommunications. VoIP services also let you make international calls for free.

While this might sound a bit complex or advanced, once installed, operating a VoIP connection/application is no more different or complicated than making a regular phone call or sending traditional text messages. Lastly, VoIP connections also offer a secondary means to reach contacts, should your phone lose service, go out of range or come under blackout. Rather than relying on the signal strength of your network service provider, all you need to use VoIP services is an active internet connection.

The Best/Top VoIP Service Providers:

International Internet Censorship Care Package

For those of you who might be unaware, last month Egyptian voters allegedly passed new Constitutional Amendments that will allow Egyptian President Adbel Fattah al-Sisi to remain in power, unchecked, until at least 2030 – when the next round of national elections will take place. However, what has largely gone under reported is the fact that those same constitutional amendments also allow al-Sisi to block Egyptian based Internet Service Providers (ISP’s) from allowing access to over 34,000 websites – adding to countless other cyber/internet crackdowns enacted by the President over recent years.

Learn More – NetBlock Report of Egyptian Internet Censorship May 2019: https://netblocks.org/reports/egypt-filters-34000-domains-in-bid-to-block-opposition-campaign-platform-7eA1blBp

In response to these new amendments, and in addition to several other crackdowns against internet freedoms and freedoms of the press/information in and around Egypt, I’ve decided to release an internet based “Care Package” to the people of Egypt to better help them learn how to circumvent internet restrictions imposed by their President. Please share.

Egyptian Care Package Links/Tutorials:

Download Tor Browser: https://www.torproject.org/download/

Building & Selecting Safer Web Browsers: https://roguesecuritylabs.ltd/building-selecting-safer-web-browsers

Download Spybot Anti-Beacon: https://www.techspot.com/downloads/6747-spybot-anti-beacon.html

Top Free & Paid VPN Service Providers: https://www.cnet.com/best-vpn-services-directory/

16 Factors To Consider When Selecting A VPN Service Provider: https://roguesecuritylabs.ltd/criteria-to-consider-when-purchasing-a-vpn/

How & Why To Re-Route DNS Through Your Computer and/or Phone: https://roguesecuritylabs.ltd/how-why-to-re-route-dns-through-your-computer-and-or-phone/

CgAn Internet Censorship Care Package: https://www.cyberguerrilla.org/blog/anti-censorship-carepackage/

Encrypted Chatrooms & VoIP Apps: https://roguesecuritylabs.ltd/encrypted-chatrooms-voip-apps

Making The Switch To Encrypted Emails: https://roguesecuritylabs.ltd/making-the-switch-to-encrypted-emails/

Download ProtonVPN – Endorsed by Amnesty International: https://protonvpn.com/

Phone Security: https://roguesecuritylabs.ltd/phone-security

Operation Security by UnknownPress: https://iamanonymous.com/dont-be-burnt-toast-unknown-guide-to-operation-security/

How To Keep An Anonymous Identity Online: https://anonhq.com/anonymous-security-guide-2-0/

Hackers Take Down +1 Million Websites, Deface Them with Message Reading “Jerusalem Is The Capitol of Palestine”

According to multiple sources, this past weekend, April 2nd 2019, unknown hackers launched a massive attack against the Hebrew based website known as Nagich, a web hosting platform utilized by more than 1 millions businesses/users across the Middle East – including Partner, 012 Mobile and Golan Telecom, Hapoalim Bank, Clinique, Estee Lauder, McDonalds, Subaru, Fiverr and Coca-Cola. For a period of time greater than 1 hour, hackers were able to poison Nagich‘s Domain Name Servers (DNS) and intercept/re-route all traffic flowing through them. In doing so, every visitor to a website hosted by Nagich, of which there are literally over 1 million, were re-directed to blank websites reading “Palestine is the Capital of Jerusalem.

Analyzing the attack a little further, it appears as though it wasn’t the hackers primary intent just to hijack, deface and re-route internet traffic in the region. Rather, it appears to be a failed attempt to deliver ransomware to every person unfortunate enough to have visited a site hosted by Nagich during the time of the attack. Once again, considering that the Nagich hosts over 1 million domains, the ransomware attacks could have theoretically compromised untold millions of people in just 1-2 hours time, which would have made it one of the single largest ransomware attacks in history.

For example, for a period of 1-2 hours, every visitor of a website hosted by Nagich was exposed to an auto-loading piece of malware crafted via JavaScript, attempting to deliver the following payload…

Malware Payload: hxxp://185.163.47.134/flashplayer_install.exe
Analysis of Ransomware: https://www.hybrid-analysis.com/sample/d7e118a3753a132fbedd262fdf4809a76ce121f758eb6c829d9c5de1ffab5a3b?environmentId=100

In statements to Noticia de Israel, according to Nagich, “the hackers entered the company’s DNS [Domain Name System] records and changed the number indicating Nagich’s domain name to redirect Nagich’s traffic to its own malicious server. And since all the companies that use Nagich used the same Javascript access code, all the pages of the clients’ websites that were not sufficiently protected were exposed.” However, at this moment in time there are no reports that anyone successfully downloaded the ransomware file, and despite the defacement of greater than 1 million websites via a singular attack, Israeli authorities are doing their best to spin the hack as a “failed attack.

Don’t get it twisted however, a defacement of +1 million websites in a single night is certainly world class. Moreover, given the US’s DNS hijacking during January and this most recent DNS attack of Israel in March, I’m going to go out on a limb and state that DNS poisoning attacks are only going to become more and more prevalent as we move forward throughout 2019 and beyond. You have been warned.