Noted by the Oracle/Dyn team at: https://blogs.oracle.com/internetintelligence/bgp-dns-hijacks-target-payment-systems
July 2018 saw multiple attacks on authoritative DNS infrastructure of both dedicated DNS service providers and of certain high value internally administered DNS services which answer authoritatively for multiple of the major (primarily US based) credit card processing networks. While the scope of the advertisements was somewhat contained, they still managed to get 30% of peers of some of the BGP listening points at which Dyn has visibility to accept these more specific routes. In the case of First Data, the specific networks which answer authoritatively for First Data's Datawire network were among the particular (and obviously intentionally) selected targets. While the Dyn article does not mention this, the casual outsider might recognize First Data as a major player in the credit card payments space, but Datawire and the datawire.net domain (which are First Data services for transmission of payment batch settlement data and secure file exchange for things like the BIN Master File, etc.) is not well know. This suggests that one or more parties quite familiar with the payment networks and the crucial infrastructure of the payment networks (and so, in turn, would be well familiar with the fact that these mostly rely upon TLS encryption) is attempting to subvert the authoritative DNS for some cause. I believe it's not a great leap to suggest that they may likely seek certificate issuance. Just thought I'd ping the list for thoughts... Matt Hardeman _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
