Mysterious snafu hijacks UK nukes maker’s traffic through Ukraine

Internet traffic for 167 important British Telecom customers—including a UK defense contractor that helps deliver the country's nuclear warhead program—were mysteriously diverted to servers in Ukraine before being passed along to their final destination.

The snafu may have allowed adversaries to eavesdrop on or tamper with communications sent and received by the UK's Atomic Weapons Establishment, one of affected BT customers. Other organizations with hijacked traffic included defense contractor Lockheed Martin, Toronto Dominion Bank, Anglo-Italian helicopter company AgustaWestland, and the UK Department for Environment, according to a blog post published Friday by researchers from Dyn, a firm that helps companies monitor and control their online infrastructure.

The diverted traffic appeared to be used to send e-mail, route virtual private networks, and for other purposes. As the picture above illustrates, the roundabout path caused the data to travel thousands of miles to Ukrainian capitol of Kiev, before turning around, retracing that route, and being delivered to its normal hub in London. Unnecessarily sending the data to Kiev may have made it possible for employees with privileged network access to Ukrainian telecom provider Vega to monitor or tamper with data that wasn't encrypted end-to-end using strong cryptography. The hijacking of the Atomic Weapons Establishment, Lockheed, and the other 165 routes occurred over a 90-minute span on Thursday, while a handful of British Telecom customers experienced diverted traffic for five days beginning Saturday.

Read 6 remaining paragraphs | Comments

Epic Google snafu leaks hidden whois data for 280,000 domains

Google leaked the complete hidden whois data attached to more than 282,000 domains registered through the company's Google Apps for Work service, a breach that could bite good and bad guys alike.

The 282,867 domains counted by Cisco Systems' researchers account for 94 percent of the addresses Google Apps has registered through a partnership with registrar eNom. Among the services is one to shield from public view all personal information included in domain name whois records. Starting in mid 2013, a software defect in Google Apps started leaking the data, including names, phone numbers, physical addresses, e-mail addresses, and more. The bug caused the data to become public once a domain registration was renewed. Cisco's Talos Security Intelligence and Research Group discovered it on February 19 and five days later the leak was plugged, slightly shy of two years after it first sprung.

Whois data is notoriously unreliable, as is clear from all the obviously fake names, addresses and other data that's contained in public whois records. Still, it's reasonable to assume that some people might be more forthcoming when using a supposedly privacy-enhancing service Google claimed hid such data. Even in cases where people falsified records, the records still might provide important clues about the identities of the people who made them. Often when data isn't pseudo-randomized, it follows patterns that can link the creator to a particular group or other Internet record. As Cisco researchers Nick Biasini, Alex Chiu, Jaeson Schultz, Craig Williams, and William McVey wrote:

Read 4 remaining paragraphs | Comments