Friday, December 12, 2008

Attacking Integrity

We will spend a great deal of time this semester discussing the three principles of Information Security - CIA. C stands for confidentiality, I stands for integrity, and A stands for availability.

A recent example of an integrity attack can be found in a variant of the DNSChanger Trojan. This variant is now in the wild and has been well described by a number of security vendors including McAfee. As described by McAffe to date DNSChanger Trojans have relied on the following tactics:
  1. Modify Windows Hosts file to map specific domain names to specific IP addresses
  2. Modify Windows registry settings to reference specific (rogue) DNS servers
  3. Create a scheduled task under Mac OS X to reference specific (rogue) DNS servers
  4. Exploit cross-site request forgery vulnerabilities in routers to overwrite the DNS server configuration offered to local area network clients
According to McAfee, this new variant "involves serving the rogue DNS server configuration over DHCP, the protocol responsible for distributing dynamic IP addresses, as well as other information, including DNS settings." McAfee outlines a possible attack scenario here.

As we will discuss throughout class, integrity attacks are particularly nasty because even a minor attack will compromise a users trust in an entire system. For example, if a user discovered that his hosts file had been hacked and his web browsing and other internet activities were being re-routed outside of their control than they can no longer trust the integrity of their entire system nor any of their online personas. The user must assume that all their personal data has been compromised.

No comments: