ARPANET. If you know your internet history, ARPANET was the forerunner of the internet. Dating back to 1969, it gave birth to the World Wide Web decades later. Far from being an obscure crumb of history, it lives on in ways that fly under the radar day to day.
But the .arpa domain still underpins our modern-day internet. Think of .arpa as the shadows off the sides of the stage. Here, all the crucial functions take place largely out of sight of those who use the internet. Rather than being used for website URLs, the kind you punch into a URL bar, .arpa websites are normally used for essential functions.
So it’s a worrying problem that hackers have figured out how to hijack .arpa domains to run phishing scams on unsuspecting people, all while making them functionally invisible to those searching for them.
a shadowy space
Why do hackers want to host their phishing scams from websites located on .arpa domains? These websites allow them to avoid the standard security checks. Not being subject to the same scrutiny as if they were hosted on regular means, they’re less likely to be detected and taken down
Infoblox reported the find on February 26. “(A notable) tactic we have observed in the phishing email hyperlinks is the abuse of subdomains of high-profile, legitimate domains,” the report noted.
“We found over 100 instances where the threat actor used hijacked CNAMEs of well-known government agencies, universities, telecommunication companies, media organizations, and retailers.”
“The phishing emails in these campaigns are simple, usually consisting of a hyperlinked lure image,” explains the report. “The lure itself frequently promises a ‘free gift’ for completing a survey… Other lures include claims that an online subscription or service has been interrupted or that the user has exceeded their cloud storage quota.”
In any case, they end up asking for a credit card, ostensibly for a reasonable purpose, such as paying for shipping. All that is to say, be skeptical when anybody, no matter how official or legit-looking, reaches out to you with an unprompted offer of a deal too good to be true, especially if they ask for any personal information or payment details.
The post Hackers Have Hijacked Part of the Ancient Internet to Invisibly Deliver Scams appeared first on VICE.
