Home & Office

Security firm RSA falls foul to DNS hack

Another Web attack, this time on encryption security firm RSA
Written by Will Knight, Contributor on

Computer security firm RSA has had one of its Web sites effectively defaced by computer criminals apparently keen to make a point about the insecurity of DNS (Domain Name System) authentication. The affected site is an older RSA site, not its primary home page.

According to security and encryption expert Brian Galdman, the culprits appear to have gained access to a high-level DNS server, rather than broken into the server that hold the page itself.

This latest high profile attack adds to the argument that, as illustrated by the recent spate of distributed DoS (distributed denial of service) attacks, there remain major security issues -- even for the best-equipped Web sites.

By noon on Monday, http://www.rsa.com led to a defaced page with a virtually incoherent message. However, the server on which the Web site exists hasn't been hacked: the domain name simply points to another IP address. A spokesman for RSA says that http://www.rsa.com is RSA Security's old Web site, which is maintained as "a pointer" to the official Web site at http://www.rsasecurity.com.

Although hacks on DNS servers aren't unknown, Gladman claims the problem points to more serious issues with the Internet's infrastructure. He believes that if these malicious computer hackers have access to enough DNS servers, they could, in theory at least, "take down the whole Internet".

The target is probably no coincidence, says Gladman. He explains that attacking a firm specialising in encryption may illustrate dissatisfaction with the US government for restricting access to strong encryption. "This shows the extreme folly of the US government, in particular, in preventing technology that would prevent this sort of attack being deployed. They're making the point that they're not secure. Hopefully, someone will start asking why they're not."

The RSA site has now been pulled down. A spokesman from the company reckons it will be around 24 hours before it goes live again.

Several groups have proposed a more secure form of DNS, but none have yet been implemented. For example, RFC 2137, first proposed in April 1997, outlines a method to use digital signatures to ensure that only authorised persons can update a DNS record.

What do you think? Tell the Mailroom.

For full coverage see the Denial of Service Roundup.

Editorial standards