The global internet is currently targeted by a wave of computer attacks of an unprecedented scale, which consist of modifying the addresses of websites to hack them, alerted Friday the international organization that assigns Internet addresses (ICANN).
According to experts outside ICANN interviewed by AFP, hackers target governments as well as intelligence or police services, airlines or the oil industry in the Middle East or Europe.
One of them also believes that these attacks originated in Iran.
They “attack the internet infrastructure itself,” David Conrad, an ICANN official, told AFP on Friday that “a massive, unprecedented campaign” has escalated dramatically. very recently.
“There have already been targeted attacks but never like that,” he added after an emergency meeting of the organization on Friday.
Essentially, these attacks consist of “replacing server addresses” authorized “by addresses of machines controlled by attackers,” said the organization.
This allows hackers to search the data (passwords, email addresses etc …) on the way or to completely capture the traffic to their servers.
Based in California, ICANN manages the online domain name system that the general public knows in the form of site addresses. com or. fr but also. gov etc. for example.
It is precisely the system of domain names (“Domain Name System”, DNS) – which allows to connect a computer to a website – that attack the hackers, unidentified.
Spying and post office-
These names work a little like the telephone operators of yesteryear, who connected the interlocutors to each other by connecting cables to a circuit.
DNS attacks, nicknamed “DNSpionnage”, “are basically like someone who goes to the post office, places it on your address, reads your mail and then puts it in your mailbox”, Also, the US Department of Homeland Security (DHS) recently reported on the attacks, the first of which is reported to be at least 2017.
“A lot of bad things can happen to you (or the sender) depending on the content of the mail,” added the DHS.
With the recent escalation of attacks, ICANN “believes that there is a significant ongoing risk on important parts of the domain name infrastructure,” he said Friday, calling IT leaders to take adequate measures.
Precisely, it calls to deploy a protection protocol called Domain Name System Security Extensions (DNSSEC).
However, “there is no single tool to solve this,” warned David Conrad of ICANN.
“We need to improve the overall security of the DNS if we want to have any hope of preventing such attacks,” he added.
According to Ben Read, of the company specializing in cyber-espionage FireEye, the list of targets “DNSpionnage” includes organizations that register domain names (themselves validated by ICANN) or Internet access providers , especially in the Middle East.
The attacks are primarily seeking to recover email addresses and passwords, said Read, who says “there is evidence that it comes from Iran or is made to support Iran.”
According to another expert, Adam Meyers of CrowdStrike, the “hackers” sought in particular to steal passwords in Lebanon and the United Arab Emirates.
“With this access, they could stop operating parts of the internet. They chose to intercept (the data) and spy on people, “he added.
Computer attacks of all sizes and types have multiplied at an exponential rate in recent years.
According to experts, hackers most often belong to two main categories: individuals or groups of “hackers” who want to earn money (ransomware, resale of personal data on the hidden part of the internet nicknamed + darknet + .. .) or States wishing to spy on other countries and / or to sow political strife.
According to experts and authorities in many countries (especially the United States), China, Russia, Iran or North Korea are particularly active in piracy, which is denied.