Pro-regime hacktivists apparently redirected visitors to a letter urging troops not to strike.
The Pentagon was in the process of hiring help to bolster the security of military website domains, just as Syrian hackers allegedly assaulted the Marine Corps’ recruitment site on Labor Day.
The Syrian Electronic Army, a pro-regime hacktivist group, on Monday apparently redirected visitors to a webpage with a message urging service members not to strike Syria.
This domain name system hack and a similar one that brought down the New York Times website Aug. 27 are not new types of threats, according to security researchers. Nor is the Pentagon’s effort to strengthen the system that points visitors to valid military sites new. But concerns are growing amid high-profile DNS hijackings by the group and new FBI warnings about cyberattacks ahead of a possible military strike against Syria.
"Potential risks to the Department of Defense DNS infrastructure such as hackers, phishing scams or distributed denial of service attacks meant to covertly extract data require [Defense] to develop plans to improve monitoring and management of the DoD DNS, and protect it from any external vulnerabilities," states an Aug. 22 notice to contractors issued by the Defense Information Systems Agency seeking engineering support to harden the domain name system.
The DNS essentially translates alphanumeric web addresses into network location codes.
Military officials want assistance to counter raids that flood networks with paralyzing traffic -- the denial of service episodes and incursions that corrupt databases.
DISA has reached out to contractors holding Secret clearances that might be interested in reinforcing the DNS for all combatant commands, services and military agencies. Companies have until Friday to inform agency officials of their qualifications for the potential contract.
In a statement on Monday, Marine Corps officials confirmed that visitors had been directed away from the authentic website and said the real one now functions properly, according to the Wall Street Journal. No data from the site was compromised, officials said.
The fake site displayed a letter signed by the “SEA” that read, in part, “Obama is a traitor who wants to put your lives in danger to rescue al- Qaida insurgents . . . Refuse your orders and concentrate on the real reason every soldier joins their military, to defend their homeland. You're more than welcome to fight alongside our army rather than against it.”
The New York Times incident reportedly occurred after the Syrian Electronic Army tricked a reseller of domain name services into divulging the password and username that allowed access to NYTimes.com DNS records. Using the stolen credentials, the perpetrators corrupted the data that normally would direct people who type “NYTimes.com” to the newspaper's web content.
Earlier DNS attacks on organizations include a 2009 takeover of Twitter's domain, allegedly by the self-dubbed Iranian Cyber Army.
The prospective Pentagon DNS security provider would install commercially available technologies onto Defense's “existing and expanding” network grid, according to the solicitation. Military officials requested information on contractors' experience with DNSSEC, or Domain Name System Security Extension -- additional Web domain coding aimed at thwarting man-in-the-middle attacks that route visitors to fraudulent sites.
Maryland-based Quotient has been providing DISA with DNS engineering support since 2010, according to the company's website and last month’s notice.