Posted on Nov 2, 2016
Pagliano Emails Detail Attempts to Hack Clinton Unsecure Email Server 10 Times in Two Days in...
5.5K
15
12
3
3
0
Posted 8 y ago
Responses: 5
Note the line from Pagliano:
"That may explain the DNS issue we had earlier. Might have been an injection attack [NOTE: most common and successful attacks on the internet due to their numerous types, large attack surface, and the complexity required to protect against them]. We use their servers to resolve external websites for both the sbs and blackberry server so we’d be susceptible to such an attack."
This points out the fact they knew their use of a private server was insecure, and that they had little power to fix it. Why they took this to the Secret Service instead of the FBI is very suspect too. The Secret Service has nothing to do with cyber defense or cyber crimes (unless they have something to do with finance.
"That may explain the DNS issue we had earlier. Might have been an injection attack [NOTE: most common and successful attacks on the internet due to their numerous types, large attack surface, and the complexity required to protect against them]. We use their servers to resolve external websites for both the sbs and blackberry server so we’d be susceptible to such an attack."
This points out the fact they knew their use of a private server was insecure, and that they had little power to fix it. Why they took this to the Secret Service instead of the FBI is very suspect too. The Secret Service has nothing to do with cyber defense or cyber crimes (unless they have something to do with finance.
(5)
(0)
SFC James Asbill
Absolutely .... of course .. they were trying to obscure the fact of her private server ..
(0)
(0)
Sgt Wayne Wood
injection attacks are usually brought against database servers or database-based applications. no reason to believe that on a DNS server. to the best of my knowledge the only OS that get's DNS from anything resembling a database is Windows Servers. and that's integrated into the registry. you can flood a DNS server with requests, or even spoof a secondary (slave) server to force repeated zone transfers. most modern DNS servers maintain a "safe list" of ipaddresses that are allowed zone transfers. unless DYNs DNS was misconfigured, this would not seem feasible.
(0)
(0)
Maj Kevin "Mac" McLaughlin
There are a few types of injection attacks which can go against other types of servers. They include web injection, code injection, and even cross-site scripting. Many are very easy to detect and even prevent. What's telling is Pagliano apparently doesn't know how and passes it off as "we’d be susceptible to such an attack".
In the case of a DNS server, you need to understand that some org use their server for multiple services. This of course is not recommended but it certainly does happen. At the same time, trying to infer what Pagliano was saying in the email, it appears what he was saying is the DNS server might have been compromised and directed to attack Clinton's server with a brute force attack on accounts. Without the information of the type of server, and other services running on it, it's hard to make a complete assessment of the problem.
Another scenario, as you alluded to, could include a zone transfer attack on the DNS server which compromised it's records (thus giving up the fact Clinton's servers used it as a primary DNS provider), and then used it to launch attacks against the known users in the records while spoofing the DNS server. The question leads to, why would you use a DNS server which is not under your control to provide services to your network when it has some pretty sensitive and critical information? Even if it was just DNC command and control related, security is still important.
This just goes to show that Pagliano should have known better and should have advised Clinton not to use an infrastructure which lacks defense in depth capabilities (Firewall, IDS/IPS, ACLs, DMZz, etc...). The State Department had all these capabilities and in using them, Clinton would have been absolved of any wrong doing (at least from an IT perspective).
In the case of a DNS server, you need to understand that some org use their server for multiple services. This of course is not recommended but it certainly does happen. At the same time, trying to infer what Pagliano was saying in the email, it appears what he was saying is the DNS server might have been compromised and directed to attack Clinton's server with a brute force attack on accounts. Without the information of the type of server, and other services running on it, it's hard to make a complete assessment of the problem.
Another scenario, as you alluded to, could include a zone transfer attack on the DNS server which compromised it's records (thus giving up the fact Clinton's servers used it as a primary DNS provider), and then used it to launch attacks against the known users in the records while spoofing the DNS server. The question leads to, why would you use a DNS server which is not under your control to provide services to your network when it has some pretty sensitive and critical information? Even if it was just DNC command and control related, security is still important.
This just goes to show that Pagliano should have known better and should have advised Clinton not to use an infrastructure which lacks defense in depth capabilities (Firewall, IDS/IPS, ACLs, DMZz, etc...). The State Department had all these capabilities and in using them, Clinton would have been absolved of any wrong doing (at least from an IT perspective).
(0)
(0)
If anyone wants to see a list of the most damaging Wikileaks items, here they are. (Remove the asterisks and change the word dot with a period).
***http://www.mostdamagingwikileaks.com/***
***http://www.mostdamagingwikileaks.com/***
The Top 100 Most Damaging WikiLeaks
The top 100 most damaging WikiLeaks released that expose Hillary Clinton's corruption, secrets, and scandals. Check back every day for new leaks.
(2)
(0)
LTC (Join to see)
MCPO Roger Collins Unfortunately many of the faithful followers will argue that this is all made up, lies perpetrated by the Republicans.
(0)
(0)
I use my email...both personal and professional as if it has already been hacked! It is simply a sign of the times, only a fool or novice user would think otherwise!! I guess her coms guys may have been both!
(1)
(0)
MCPO Roger Collins
For such intelligent people (read devious) with law degrees, this is telling as to their Chutzpah.
(0)
(0)
LTC (Join to see)
COL Lee Flemming Sir, we have had this beat into us for so long. OPSEC etc should be second nature to most military personnel.
(1)
(0)
Read This Next