Source: securityboulevard.com – Author: Richi Jennings
Government ministry denies hackers hacked its network infrastructure.
The Russian internet was down for hours yesterday: Everything under the .ru and .рф domains was inaccessible. It’s being blamed on a DNSSEC fat-finger error.
And definitely not on Ukrainian hackers. Нет. In today’s SB Blogwatch, we deny everything.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: BatT—then and now.
It Was DNS. It’s Always DNS.
What’s the craic? Daryna Antoniuk reports—“Russian top-level internet domain suffers massive outage”:
“Nearly four-hour outage”
Russian citizens couldn’t access the majority of websites on the country’s .ru domain for several hours on Tuesday, including the Yandex search engine, the VKontakte social media platform, the major state-owned bank Sberbank and news outlets. The outage was reportedly caused by a technical problem with the .ru domain’s global Domain Name System Security Extensions, or DNSSEC.
…
The problem was caused by an incorrect DNSSEC zone signature. This cryptographic signature is applied to the DNS zone data of a specific domain to ensure the integrity and authenticity of the information. … After the nearly four-hour outage, Russia’s Digital Ministry said that the problem had been resolved.
What do Ukrainians think about that? Ivan Borysenko shows no emotion—“Major internet outage in Russia”:
“Cyberattacks and traffic hijacking”
Several mobile operators and internet service providers in central Russia reported service disruptions on Jan. 30. Many websites and applications were inaccessible in the .ru and .рф domains.
…
Most of the outages were recorded in Moscow, St. Petersburg, the Krasnodar region, Bashkortostan, and Kostroma. [A] Russian outlet, Sirena, suggested that this indicates ongoing experiments in Russia with the creation of a national DNS service.
…
DNSSEC is a tool for ensuring the authenticity of responses from a DNS (domain name system) server, aimed at protecting against IP address spoofing. It helps safeguard users from fraud and protects websites from various types of cyberattacks and traffic hijacking.
Are they hinting what I think they’re hinting? Nick Farrell keeps a straight face—“Russia in chaos”:
“Ukrainian hackers”
The problem was caused by a fault with the .ru domain’s global security system, which is meant to protect data from hackers. … But the system failed to do its job.
…
Some users joked that the outage was a sign of the government’s crackdown on the internet, or a glorious rehearsal for a cyberwar. About the only thing no one joked about was that it was caused by Ukrainian hackers, as that would not be funny. The Russian Digital Ministry … did not say how long the outage would last, or what caused the fault in the first place, but it was not Ukrainian hackers.
Could it have been another “state controlled” test outage? u/deadname11 has a theory:
Honestly would not be surprised if the outages were “state controlled” in order to make it look like Putin didn’t accidentally send a bunch of infrastructure workers to the front lines, and now doesn’t have the people needed to get everything working right.
O RLY? TomK32 thinks a similar thought:
Either someone failing to update the cert or the person who did it until now has been sent to the meat grinder. I really do wonder what effect war will have on the Russian IT industry. From what I read most IT professionals are protected from mobilisation, but on the other hand they might have a more open view of the world then Putin’s regime.
But mobilization isn’t the only way talent gets lost. Opportunist reminds us that many left Russia while they could:
Far from impossible. Most of Russia’s talent, in pretty much all areas, is gone now: Either fled or gone to the meat grinder. What’s left is the duds that suck up to the geezer.
DNSSEC is kind of a hack, though. As tryauuum explains:
DNSSEC is such a nightmare [with] all this, “How do we make this old protocol secure … without changing it much?”
A missed opportunity? MIPSPro thinks so:
I’m still wondering if [DNSSEC] was an actual good idea. … DNSSEC offers its users authentication to prevent DNS cache poisoning. It appears to work for that purpose, but the question is if using the same IANA structure for DNS is a good idea for DNSSEC since it places all the power in the hands of a few elites and governments.
We need a more free and less centralized system. DNSSEC [is] a ****ty idea.
Meanwhile, u/GenXWaster reminds us of the old joke:
This is where network engineers tap the sign that says, “It was DNS.”
And Finally:
Underrated channel is underrated
CW: Smoking, Payphones, Fred Flintstone.
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: DonkeyHotey (cc:by; leveled and cropped)
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2024/01/russian-internet-dnssec-richixbw/
Category & Tags: Analytics & Intelligence,API Security,Application Security,AppSec,Cloud Security,Cyberlaw,Cybersecurity,Data Privacy,Data Security,Editorial Calendar,Featured,Governance, Risk & Compliance,Humor,Incident Response,Industry Spotlight,Insider Threats,Most Read This Week,Network Security,News,Popular Post,Regulatory Compliance,Securing the Cloud,Security Boulevard (Original),Security Challenges and Opportunities of Remote Work,Social – Facebook,Social – LinkedIn,Social – X,Software Supply Chain Security,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,dns,DNS Attacks,DNS hijack,DNS hijacking,DNSSEC,Russia,Russia Exodus,Russia-Ukraine,russia-ukraine conflict,Russia’s War on Ukraine,russian,Russian Cyber War,SB Blogwatch – Analytics & Intelligence,API Security,Application Security,AppSec,Cloud Security,Cyberlaw,Cybersecurity,Data Privacy,Data Security,Editorial Calendar,Featured,Governance, Risk & Compliance,Humor,Incident Response,Industry Spotlight,Insider Threats,Most Read This Week,Network Security,News,Popular Post,Regulatory Compliance,Securing the Cloud,Security Boulevard (Original),Security Challenges and Opportunities of Remote Work,Social – Facebook,Social – LinkedIn,Social – X,Software Supply Chain Security,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Zero-Trust,dns,DNS Attacks,DNS hijack,DNS hijacking,DNSSEC,Russia,Russia Exodus,Russia-Ukraine,russia-ukraine conflict,Russia’s War on Ukraine,russian,Russian Cyber War,SB Blogwatch
