Organizer: Stefanie Kettler, CROSSING
Internet resources form the basic fabric of the digital society. They provide the fundamental platform for digital services and assets, e.g., for critical infrastructures, financial services, government. Whoever controls that fabric effectively controls the digital society.
In this work we demonstrate that the current practices of Internet resources management, of IP addresses, domains, certificates and virtual platforms are insecure. Over long periods of time adversaries can maintain control over Internet resources which they do not own and perform stealthy manipulations, leading to devastating attacks. We show that network adversaries can take over and manipulate at least 68% of the assigned IPv4 address space as well as 31% of the top Alexa domains.
We demonstrate such attacks by hijacking the accounts associated with the digital resources.
For hijacking the accounts we launch off-path DNS cache poisoning attacks, to redirect the password recovery link to the adversarial hosts. We then demonstrate that the adversaries can manipulate the resources associated with these accounts. We find all the tested providers vulnerable to our attacks.
We recommend mitigations for blocking the attacks that we present in this work. Nevertheless, the countermeasures cannot solve the fundamental problem – the management of the Internet resources should be revised to ensure that applying transactions cannot be done so easily and stealthily as is currently possible.
Tian is a PhD student in the Security in Information Technology (SIT) group at TU Darmstadt as well as Cybersecurity Analytics and Defences (CAD) group at Fraunhofer SIT. Prior to this he finished his Master's degree in Web Security at EURECOM/Telecom Paris. He mainly works on practical cybersecurity research focusing on DNS and IPv4.