Anonymous Sri Lanka Attacks Apple & Others, Reveals Name Server Records

| News

[WARNING: This article includes quoted profanity. - Editor]

 

The Bad Guys

A hacker group calling itself Anonymous Sri Lanka announced this week that it had successfully launched a DNS Cache Snoop Poisoning attack against Apple, Facebook, and other high-profile tech companies. In a post to hacker hangout and repository Pastebin, the group released the primary DNS name server records associated with those companies, listing hundreds of entries, some of which these companies may not have intended to make public.

Anonymous Sri Lanka (ignoring the irony of the lack of anonymity such specifics impart) posted lists of all of the name server records with names like, “APPLE.COM - World’s Largest Consumer Electronics Leader DNSi,” and “FACEBOOK.COM - The World’s Social Media Giant - DNS R00T3D, Fuck3D and Leaked.”

To that effect, the group offered a (vaguely literate) mini-manifesto to explain its attack against Facebook, writing:

Yo Facebook Assholes - If you want to run a Social Network - do it as it is as a real guys. Don’t try be smart asses. You are the most stupid and notorious fuckheads ever. The way you control and treat to your members are not acceptable under any circumstances.

But we don’t care who you are and what you do. Do not BLOCK the people and do not CONTROL them. Where is your fucking FREEDOM or the SOCIALISM. Censorship = Freedom (Don’t try to change the meaning of the wordings). Let the people have their own freedom on the social networks. This is hack against your fuckhead censorship.

The group offered no such commentary on Apple.

In the headers of their post, they claimed that, “Primary DNS Server Hacked with DNS Cache Snoop Poisoning.” They offered no proof of the cache poisoning, but did provide proof of the snooping in the form of listing Apple’s DNS name servers.

For most of us mortals, there’s not a whole lot in the information in that list. The group found the company’s DNS name servers, showed that it tried to perform a zone transfer on those servers (it failed), and then listed hundreds of individual servers such as:

  • 17.254.3.16 gidget16.apple.com
  • 17.254.3.65 customer.apple.com
  • 17.254.2.108 testswupdate.apple.com

As we said, that doesn’t seem all that interesting. What it does, however, is provide a starting point for others to probe these individual servers for vulnerabilities. Even that may not seem like a big deal, especially for a domain like customer.apple.com, which was already known to exist.

For the rest, servers like jobsws2.apple.com, the starting point could be seen as valuable to the bad guys and a nuisance to Apple and its cyber security team. Plus, it’s fun to conclude that that stands for “Jobs Work Station #2.”

Then there are listings such as icloudstatus.apple.com, which could suggest that Apple is working on a monitoring tool for iCloud status. The company provided such tools for .Mac and MobileMe, and doing so for the much larger iCloud is logical.

Similarly, webcast.apple.com does resolve to a page with the image below. ZOMG! Is that an unannounced product? Our guess is that it’s an internal tool for meetings, but it’s another example of the bad guys having a new starting point.

Webcast Studio Off Air

Webcast Studio Off Air

Dave Hamilton contributed (greatly) to this article.

Comments

computerbandgeek

I just want to point out that the title of this article is a little misleading.

The “anonymous” group that did these attacks is not the same “anonymous” group that most people think of (the ones that did the BART hackings, etc.). It is an unrelated group trying to tag along on the bigger group’s media attention.

Please correct me if I’m completely wrong, but that’s what my research seems to indicate.

Bryan Chaffin

The affiliations and specifics of these “organizations” are rather loose, to my understanding. Their PR folks can let me know if they have a problem. smile

GhostMan

I agree with Computerbandgeek this is not the same group that has been in the news lately

Bryan Chaffin

As I noted, affiliations in such groups are always loose, and we are frankly not responsible for their public relations.

However, specificity never hurt, so I edited the piece to make it clear that it was “Anonymous Sri Lanka” that performed these actions.

Bosco (Brad Hutchings)

They’re probably like AQI (Al Queda in Iraq). They pay their affiliate fees, deploy the branding kit, and get worldwide attention even if they’re not quite so bad-ass as the franchisers.

Bryan Chaffin

That’s funny, Brad. :D

Bosco (Brad Hutchings)
computerbandgeek

Thanks for clarifying the article. I know what you mean about it being hard to tell all the groups apart, considering the fact that some of the members of the groups can’t even tell each other apart. wink

But in this particular case equating these guys to the big boys is somewhat analogous to equating Al Gore to someone sitting in a tree scheduled for removal while smoking pot and shouting slogans into a bullhorn.

I just started a sentence with “but”. I guess it’s time for bed :O

Dave Hamilton

But in this particular case equating these guys to the big boys is somewhat analogous to equating…

That all depends on one’s personal opinions of the groups—and people—mentioned. wink

Log-in to comment