andr s e azp rua imv2020 internet censorship dns
play

Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and - PowerPoint PPT Presentation

Oct 28, 2023 •271 likes •833 views

Andrs E. Azprua #imv2020 Internet Censorship, DNS poisoning and Phishing in Venezuela Measuring from censorship to state-sponsored attacks Andrs E. Azprua #imv2020 @VEsinFiltro VEsinFiltro.com VENEZUELAN CONTEXT Critical failure

  1. Andrés E. Azpúrua #imv2020

  2. Internet Censorship, DNS poisoning and Phishing in Venezuela Measuring from censorship to state-sponsored attacks Andrés E. Azpúrua #imv2020

  3. @VEsinFiltro VEsinFiltro.com

  4. VENEZUELAN CONTEXT

  5. Critical failure of public services https://rpp.pe/ mundo/actualidad/venezuela-venezolanos-recogen-agua-del-contaminado-rio-guaire-debido-a-la-escasez-por-apagon-caracas- noticia-1185399

  6. The state of the internet in Venezuela Average download speeds: • 2.8 Mbps – SpeedTest State ISP dominant share of • residential internet access 1.5 Mbps – M_Lab Decreasing residential ~46% have residential • • internet access (OVSP) internet penetration Three mobile operators Fragile infrastructure and • • frequent blackouts

  7. Persecution of online speech

  8. INTERNET CENSORSHIP

  9. Clari fi cations Case One or more related sites or service being blocked for a speci fi c reason Event Continuous block of a target by an ISP

  10. Inde fi nite Blocks Long lasting, some 6+ years Telecom regulator orders On all/most mayor ISPs Big and small sites No clear end

  11. Tactical Inde fi nite Blocks Blocks Long lasting, some 6+ years As short as possible Telecom regulator orders Just in time to silence an event On all/most mayor ISPs Tries to balance the political cost Big and small sites of blocking high-tra ffi c sites and services No clear end Seen only at state ISP CANTV,

  12. How we measure A mixture of: • O ff the shell probes with custom settings • OONI (legacy CLI) • Custom scripts • OONI-run links with custom links • Occasionally RIPE ATLAS

  13. run.ooni.io links Fundamental to quickly get • multiple measurements fast Critical for unexpected incidents • Key to bridge any gaps • Faster turnaround of • measurements

  14. Measuring probes Guaranteed more data points of whole list • Increased test frequency based on URL importance • Alternative tests: • High intensity dns, tcp, fi ltering by http host and SNI • Block rate when needed • Currently migrating versions, to be released •

  15. ATLAS probes Alternative way to get di ff erent • kinds of measurements Record changes •

  16. 1.2.3.4 1.1.1.10 ¿ dominio.com ? dominio.com dominio.com: 1.2.3.4 Servidor DNS ISP

  17. DNS Blocks 1.2.3.4 1.1.1.10 ¿ dominio.com ? dominio.com dominio.com: … Servidor DNS ISP

  18. DNS Blocks On all mainstream ISPs CANTV, supercable, Domain Typical awnser Inter Digitel, Movistar no answer 104.28.8.75, (server 127.0.0.1 ntn24.com 104.28.9.75 failure)

  19. TCP blocks 1.2.3.4 Hello 1.1.1.10 1.1.1.10 dominio.com Address 1.1.1.10

  20. TCP blocks Was largely deprecated until • 2019 Mostly used to block Youtube • Evidence of miscon fi guration •

  21. HTTP blocks 1.2.3.4 Hello 1.1.1.10 : 1.1.1.10 I want dominio.com dominio.com Asking for domonio.com

  22. HTTP blocks (http host and SNI fi ltering) Higher value sites with inde fi nite • blocks Social media and streaming • platforms except YouTube most of the time Mostly used by CANTV •

  23. Evolution 2013 - 2018 Censorship moving depending on the priorities of the moment Focused on sites publishing black market exchange rates And News media around speci fi c events, specially protests Few large scale network shudowns

  24. Evolution 2018 Start of DPI blocking Mayor mainstream news targeted Block of Tor

  25. Evolution 2018 2019 Start of signi fi cant Dramatic increase of censorship to DPI blocking news Mayor mainstream Widespread use of SNI-Filtering news targeted Mayor internet platforms blocked Block of Tor Start of Tactical blocks

  26. Evolution 2018 2019 2020 Blocking of opposition Dramatic increase of Start of signi fi cant COVID-19 initiatives censorship to news DPI blocking Seemingly degraded DPI Widespread use of SNI-Filtering Mayor mainstream blocking capacity news targeted Mayor internet platforms Continuation of Tactical blocked Block of Tor blocks of mayor social media Start of Tactical blocks New blocks to news media

  27. Censorship of news media 12 news media sites just in the fi rst 3 • months of 2019 Over 25 news media sites blocked • International during 2019 36% National 64% 4 News sites newly blocked in 2020 • Severely limits access to • information

  28. Tactical blocks in 2019 Al least 64 Tactical blocks events • facebook 31 for YouTube 9% • instagram 13% Some times more than one in a • youtube 48% day twitter 13% AVG: 3h 08 min • periscope 17% MIN: 20min MAX: 24h

  29. ¿Damaged capacity? On 2020-04-06 a fi re disrupted a CANTV facility in Caracas • Multiple blocked sites became unblocked • Later Tactical blocks used DNS https://www.elnacional.com/venezuela/bomberos-controlaron-incendio-en-la-sede-de-cantv-del-municipio-chacao/

  30. Covid-19 blocks Dominio CANTV Movistar Digitel Supercable Inter Site Coronavirus Venezuela coronavirusvenezuela.info ACCESIBLE BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS ACCESIBLE Heroes de la Salud apoyosaludve.com BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Heroes de la Salud heroesdesaludve.org * BLOQUEO DNS * BLOQUEO DNS * BLOQUEO DNS * BLOQUEO DNS BLOQUEO DNS Heroes de la Salud heroesdesaludve.info * BLOQUEO DNS * BLOQUEO DNS * BLOQUEO DNS * BLOQUEO DNS BLOQUEO DNS Heroes de la Salud porlasaludve.com BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Heroes de la Salud saludvzla.com * BLOQUEO DNS * BLOQUEO DNS * BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Heroes de la Salud apoyoheroesaludve.com BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Teleconsulta COVID-19 teleconsulta.presidenciave.org ACCESIBLE BLOQUEO DNS BLOQUEO DNS ACCESIBLE ACCESIBLE Teleconsulta COVID-19 medicos.presidenciave.or ACCESIBLE BLOQUEO DNS ACCESIBLE ACCESIBLE ACCESIBLE Presidencia VE (J. Guaidó) presidenciave.com BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS ACCESIBLE Presidencia VE (J. Guaidó) presidenciave.org ACCESIBLE BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Presidencia VE (J. Guaidó) pvenezuela.com BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Presidencia VE (J. Guaidó) vepresidencia.com BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS BLOQUEO DNS Not current snapshot

  31. DNS MANIPULATION AND STATE-SPONSORED PHISHING

  32. Case: Voluntarios x Venezuela.com

  34. Vectors Malicious links to • voluntariovenezuela.com Visits to • voluntariosxvenezuela.com With poisoned / manipulated DNS responses

  35. First iteration Original: voluntarios x venezuela .com AWS Dominio en PublicDomainRegistry Malicioso: voluntariovenezuela .com 159.65.65.194 Digital Ocean Dominio registrado en GoDaddy

  36. Malicious links Twitter: Links to fake domain • being shared since 2019-02-11 Fake twitter accounts Twitter : • @voluntariosvene, vs @voluntariosxve Other channels •

  37. Malicious links Twitter: Promoción de links al • dominio falso desde la tarde del 11 de febrero Gente compartiendo el link falso • por distintos medios. Advertencias del navegador • reenforzaron el uso de links maliciosos

  38. DNS manipulation 1.2.3.4 1.1.1.10 ¿ dominio.com ? dominio.com dominio.com: 1.2.3.4 Middleboxes Servidor DNS

  39. DNS manipulation 1.1.1.10 1.2.3.4 Hello domino.com dominio.com dominio.com: 1.2.3.4 ISP Middleboxes Servidor DNS

  40. DNS manipulation 1.1.1.10 1.2.3.4 ¿ dominio.com ? dominio.com Middleboxes 8.8.8.8 Google’s Public DNS Servidor DNS

  41. DNS manipulation 1.1.1.10 1.2.3.4 ¿ dominio.com ? dominio.com dominio.com: 1.2.3.4 Middleboxes 8.8.8.8 Google’s Public DNS Servidor DNS

  42. DNS manipulation 1.1.1.10 1.2.3.4 ¿ dominio.com ? dominio.com dominio.com: dominio.com: 1.2.3.4 1.1.1.10 Middleboxes 8.8.8.8 Google’s Public DNS Servidor DNS

  43. DNS manipulation 1.1.1.10 1.2.3.4 ¿ dominio.com ? dominio.com dominio.com: dominio.com: 1.1.1.10 1.2.3.4 Middleboxes 8.8.8.8 Google’s Public DNS Servidor DNS

  44. DNS manipulation 1.1.1.10 1.2.3.4 Hello domino.com dominio.com dominio.com: 1.2.3.4 Middleboxes 8.8.8.8 Google’s Public DNS Servidor DNS

  45. Fuel for fake news

  46. Personal information published

  47. Exposure for 5 thousand victims

  48. More domains • m.facebook.co.ve • outlook.live.web.ve • www.facebook.co.ve • live.web.ve • static.facebook.co.ve • www.live.web.ve • facebook.co.ve • login.live.web.ve • ssl.gmail.web.ve • twitter.info.ve • gmail.web.ve • mobile.twitter.info.ve • www.gmail.web.ve • api.twitter.info.ve • accounts.gmail.web.ve • abs.twitter.info.ve • linkedin.co.ve • www.voluntariovenezuela.com • www.linkedin.co.ve • voluntariovenezuela.com • account.live.web.ve

  49. Example: accounts.gmail.com source: checkphish.ai

  50. Inconsistent DNS responses documented OONI mobile app • run.ooni.io Package capture of manual • experiments

  51. Case: Héroes de la salud

  52. Case: Héroes de la salud

  53. Selectively (not) blocking 2020-04-30

  54. Similar M.O.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely Internet Measurement Village 2020 Ram Sundara Raman June 26, 2020 Measuring Censorship is a Complex Problem! Internet censorship practices are

644 views • 52 slides
Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang , Yue

Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang , Yue

Your State is Not Mine: A Closer Look at Evading Stateful Internet Censorship Zhongjie Wang , Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V Krishnamurthy University of California, Riverside 1 Internet Censorship Key technology: Deep Packet

528 views • 33 slides
Measuring Internet Censorship Maria Xynou, 10th June 2020 Internet Measurement Village 2020

Measuring Internet Censorship Maria Xynou, 10th June 2020 Internet Measurement Village 2020

Measuring Internet Censorship Maria Xynou, 10th June 2020 Internet Measurement Village 2020 Its harder to notice the blocking of less popular sites & services Internet censorship often differs from network to network within a

602 views • 34 slides
Security and Internet Security Censorship Hacker Viruses Computer Literacy 1 Lecture

Security and Internet Security Censorship Hacker Viruses Computer Literacy 1 Lecture

Topics Security and Internet Security Censorship Hacker Viruses Computer Literacy 1 Lecture 24 Phishing 13/11/2008 Firewall Censorship of the Internet 2 Examples Hacking or Cracking Virus Cracking = Subverting

462 views • 6 slides
Internet censorship is everywhere Source:

Internet censorship is everywhere Source:

Internet censorship is everywhere Source: https://freedomhouse.org/report/freedom-net/freedom-net-2016 Commonly censored content Unapproved news (Fake News!!111) Wikipedia (usually partially) Facebook Google (all services), YouTube

539 views • 37 slides
Pushback vs Censorship Fighting Internet Shutdowns in Africa BEFORE WE DIVE INTO THE SUBJECT,

Pushback vs Censorship Fighting Internet Shutdowns in Africa BEFORE WE DIVE INTO THE SUBJECT,

JULIE OWONO - JUNE 25, 2020 Pushback vs Censorship Fighting Internet Shutdowns in Africa BEFORE WE DIVE INTO THE SUBJECT, What is Internet Sans Frontires ? Its a French non-pro f it organization, and a network of local organizations in

125 views • 8 slides
Censored Planet: Measuring Internet Censorship Globally and Continuously Roya Ensafi AIMS 2018

Censored Planet: Measuring Internet Censorship Globally and Continuously Roya Ensafi AIMS 2018

Censored Planet: Measuring Internet Censorship Globally and Continuously Roya Ensafi AIMS 2018 1 Measuring Internet Censorship Globally PROBLEM: - How can we detect whether pairs of hosts around the world can talk to each other? user ?

780 views • 49 slides
The Collateral Damage of Internet Censorship by DNS Injection Anonymous

The Collateral Damage of Internet Censorship by DNS Injection Anonymous

The Collateral Damage of Internet Censorship by DNS Injection Anonymous <zion.vlab@gmail.com> presented by Philip Levis 1 Basic Summary Great Firewall of China injects DNS responses to restrict access to domain names This

574 views • 43 slides
Incentivizing Censorship Measurements via Circumvention Ihsan Ayyub Qazi Aqib Nisar* Zartash A.

Incentivizing Censorship Measurements via Circumvention Ihsan Ayyub Qazi Aqib Nisar* Zartash A.

Incentivizing Censorship Measurements via Circumvention Ihsan Ayyub Qazi Aqib Nisar* Zartash A. Uzmi Aqsa Kashaf** * Now at USC ** Now at CMU Internet censorship is pervasive! - Over 70 countries restrict Internet access Often due to

745 views • 39 slides
Chipping Away at Censorship with User-Generated Content Sam Burnett, Nick Feamster and Santosh

Chipping Away at Censorship with User-Generated Content Sam Burnett, Nick Feamster and Santosh

Chipping Away at Censorship with User-Generated Content Sam Burnett, Nick Feamster and Santosh Vempala Internet Censorship is a Problem 12 censors 11 monitors More on the way Some censors have fastest growth in Internet usage

626 views • 43 slides
How we tried to establish a nationwide internet censorship measurement system in Ukraine

How we tried to establish a nationwide internet censorship measurement system in Ukraine

How we tried to establish a nationwide internet censorship measurement system in Ukraine Methodology Measurements are conducted by monitors using their personal mobile devices (except for Donbas and Crimea) on public WiFi access points

280 views • 12 slides
Uncovering Internet Censorship International Journalism Festival, 6 th April 2017 Arturo Filast

Uncovering Internet Censorship International Journalism Festival, 6 th April 2017 Arturo Filast

Uncovering Internet Censorship International Journalism Festival, 6 th April 2017 Arturo Filast & Maria Xynou Free software project (under the Tor Project) aimed at empowering decentralized efforts in increasing transparency of Internet

452 views • 32 slides
Your state is not mine: a closer look at evading stateful internet censorship Zhongjie Wang, Yue

Your state is not mine: a closer look at evading stateful internet censorship Zhongjie Wang, Yue

Your state is not mine: a closer look at evading stateful internet censorship Zhongjie Wang, Yue Cao, Zhiyun Qian, Chengyu Song, Srikanth V Krishnamurthy University of California, Riverside Background The Great Fire Wall (GFW) A

322 views • 28 slides
Fighting Censorship with TunnelBear Internet Measurement Village - July 2, 2020 Mission driven

Fighting Censorship with TunnelBear Internet Measurement Village - July 2, 2020 Mission driven

Fighting Censorship with TunnelBear Internet Measurement Village - July 2, 2020 Mission driven development We think the Internet is a much better place when everyone can browse privately, and browse the same Internet as everyone else.

234 views • 19 slides
Measuring and Circumventing Internet Censorship and Control Nick Feamster Georgia Tech

Measuring and Circumventing Internet Censorship and Control Nick Feamster Georgia Tech

Measuring and Circumventing Internet Censorship and Control Nick Feamster Georgia Tech http://www.cc.gatech.edu/~feamster/ Joint work with Sam Burnett, Santosh Vempala, Sathya Gunasekaran, Crisitan Lumezanu, Hans Klein, Wenke Lee, Phillipa

570 views • 38 slides
Censorship-Resistant Architectures Henry Tan Micah Sherr Georgetown University Georgetown

Censorship-Resistant Architectures Henry Tan Micah Sherr Georgetown University Georgetown

Censorship-Resistant Architectures Henry Tan Micah Sherr Georgetown University Georgetown University Censorship-Resistant Architectures 1 The Censorship Problem Internet censorship is a problem in certain areas of the world. In some cases,

260 views • 15 slides
DNS-BASED THREAT HUNTING: learn, share and improve. repeat. Joo Collier de Mendona @sec_joao

DNS-BASED THREAT HUNTING: learn, share and improve. repeat. Joo Collier de Mendona @sec_joao

TLP WHITE DNS-BASED THREAT HUNTING: learn, share and improve. repeat. Joo Collier de Mendona @sec_joao Zurich, September 2016. $ whoami Brazilian living in Germany for a long time Since 2010 at Deutsche Telekom CERT / CDC

643 views • 27 slides
DNS Performance and the Effectiveness of Caching Jaeyeon Jung, Emil Sit, Hari Balakrishnan,

DNS Performance and the Effectiveness of Caching Jaeyeon Jung, Emil Sit, Hari Balakrishnan,

DNS Performance and the Effectiveness of Caching Jaeyeon Jung, Emil Sit, Hari Balakrishnan, Robert Morris Presenter: Gigis Petros Introduction Two factors contribute to the scalability of DNS hierarchical design around delegated name

583 views • 29 slides
CS615 - Aspects of System Administration DNS; HTTP Department of Computer Science Stevens

CS615 - Aspects of System Administration DNS; HTTP Department of Computer Science Stevens

CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration DNS; HTTP Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens-tech.edu

867 views • 86 slides
A novel zone walking protection for secure DNS Server Arnob Paul, Md. Hasanul Islam, Md. Shohrab

A novel zone walking protection for secure DNS Server Arnob Paul, Md. Hasanul Islam, Md. Shohrab

A novel zone walking protection for secure DNS Server Arnob Paul, Md. Hasanul Islam, Md. Shohrab Hossain Bangladesh University of Engineering and Technology, Bangladesh & Husnu S. Narman, Marshall University, Huntington, WV, USA

769 views • 27 slides
DNS and BGP CS642: Computer Security Professor Ristenpart

DNS and BGP CS642: Computer Security Professor Ristenpart

DNS and BGP CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

798 views • 35 slides
On Robust Covert Channels Inside DNS Lucas Nussbaum , Pierre Neyron and Olivier Richard

On Robust Covert Channels Inside DNS Lucas Nussbaum , Pierre Neyron and Olivier Richard

On Robust Covert Channels Inside DNS Lucas Nussbaum , Pierre Neyron and Olivier Richard Laboratoire dInformatique de Grenoble / INRIA Lucas Nussbaum, Pierre Neyron and Olivier Richard On Robust Covert Channels Inside DNS 1 / 18 Introduction

784 views • 18 slides
DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to 131.179.192.144 DNS also provides other similar services It wasnt designed with security in

431 views • 26 slides
Large-scale Analysis of Infrastructure-leaking DNS Servers Dennis Tatang , Carl Schneider,

Large-scale Analysis of Infrastructure-leaking DNS Servers Dennis Tatang , Carl Schneider,

Large-scale Analysis of Infrastructure-leaking DNS Servers Dennis Tatang , Carl Schneider, Thorsten Holz Ruhr-University Bochum, Germany Motivation DNS: www.rub.de 134.147.64.10 Daily use on the Internet by every user Various

422 views • 27 slides

More recommend