'Since the beginning of the year, the US government and private security companies have been warning of a sophisticated wave of attacks that’s hijacking domains belonging to multiple governments and private companies at an unprecedented scale. On Monday, a detailed report provided new details that helped explain how and why the widespread DNS hijackings allowed the attackers to siphon huge numbers of email and other login credentials. The article, published by KrebsOnSecurity reporter Brian Krebs, said that, over the past few months, the attackers behind the so-called DNSpionage campaign have compromised key components of DNS infrastructure for more than 50 Middle Eastern companies and government agencies. Monday’s article goes on to report that the attackers, who are believed to be based in Iran, also took control of domains belonging to two highly influential Western services—the Netnod Internet Exchange in Sweden and the Packet Clearing House in Northern California. With control of the domains, the hackers were able to generate valid TLS certificates that allowed them to launch man-in-the-middle attacks that intercepted sensitive credentials and other data.' -- source: https://arstechnica.com/information-technology/2019/02/inside-the-dnspionage... Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/