Most people don’t realize that the Internet isn’t as safe as we would like it to be. It’s easy to forget that using the Internet without adequate protection leaves us vulnerable to all sorts of cybersecurity threats. As the Internet becomes an integral part of our lives, unscrupulous individuals and organizations are always coming up with cunning and underhanded methods to steal sensitive information from unwary individuals. One such method that is prevalent among hackers today is a technique called DNS hijacking.
DNS hijacking is the technical term for a class of cybersecurity attacks that most people don’t know about. Nevertheless, the threat that the latter poses in today’s interconnected digital age is a serious matter and very real. Of course, to truly understand the danger of DNS hijacking, one must first learn about DNS (Domain Name Service) and its purpose.
A DNS is a system for storing and maintaining all the domain names (website addresses) that are on the Internet. You can think of it as a directory book for websites like Amazon.com and Wikipedia.org. The purpose of such a system is to convert those domain names into a language that computer servers can understand (IP addresses) and return the correct website to users who are searching for it. Any time we want to go to a particular website, the DNS matches our query with the IP address it has on record for that site and directs use there.
As you may have already realized, DNS hijacking is a cybersecurity attack aimed at compromising the functions of a DNS through ill-disposed means. Once done, the compromised DNS can then be used to reroute visitors to a different site designed to steal sensitive information such as banking account numbers, passwords, and social security numbers. In many cases, the fake site is a mirror image of the real one with limited functions. As a result, victims of DNS hijacking often don’t realize that they were targeted until the problem starts to pile up (unauthorized banking charges, identity theft, and the like).
While a DNS is a powerful system that makes it easy for users to find a particular website on the Internet (as long as you know the domain name), it inherently lacks security. This is because DNS was initially designed with usability in mind. Security is merely an afterthought after people started to exploit many of its core functions for ill-gotten gains. DNS hijacking is but one of a myriad of DNS attacks that poses a significant cybersecurity concern for internet users around the world.
Other well-known types of DNS-based cybersecurity attacks include the following:
While DNS hijacking might seem like an overly complicated matter, the gist of how it works is relatively simple to understand. The attacker “hijacks” the DNS server and disrupts its ability to route users to the correct destination. A fake DNS server is then used to redirect users to a fake website that is usually a copy of the legitimate site that the user wants to visit. Any information the user sends while on the phony site is then forwarded to the attacker.
The state of the compromised server is unknown to both the user and the owner of the legitimate site. As a result, the user is fooled into providing sensitive information without ever noticing that they are being redirected to a fake website. Perhaps the scariest thing about DNS hijacking is that users have no idea that their data has been compromised until the problem becomes apparent. In most cases, most of the damage has already been done, and it’s far too late for users to do anything about it.
Of course, the specific circumstances in which a DNS server can get hijacked is a bit more complicated and can occur at various stages of a DNS query. Consider the following scenarios which make the latter possible:
In most cases, DNS hacking is caused by a malware infection that alters the DNS configuration on the user’s computer or network device. As a result, the user’s device communicates directly with a fake DNS server instead of the real one and is then rerouted to a set of pre-programmed malicious IP addresses.
One such malware is a malicious script known as “DNSChanger” which caused much grief over the Internet before it was shut down in 2012. The malware infected millions of computers around the world and corrupted their DNS. The latter was then used to redirect users to advertisements without their consent, netting millions of dollars in profit.
Of course, DNS hijacking does have the potential to do more damage by covertly routing users to a proxy server and mining all of their information. That said, the typical MO is to use the malware to lure unsuspecting users to a fake login form to steal their username and passwords.
A more cunning approach to DNS hijacking is for hackers to attack a legitimate DNS server directly. The compromised DNS server is then used to redirect users to a fake IP address. While such cases are rare due to the high technical skill required to hack even the most basic of DNS servers, it also yields the most reward for the hacker as it has the potential to affect millions of users within a short period.
While it does not cause any real harm to users, ISP (Internet Service Providers) themselves can be guilty of doing their share of DNS hijacking by manipulating the NXDOMAIN response. The latter refers to the result you get if you were to query a domain name that does not exist (“This site can’t be reached” or something along that line). In this case, the ISP replaces this default error message with an ad or form for gathering data.
On the 30th of August 2017, WikiLeaks was targeted by one of the most notable cases of DNS hijacking seen on the Internet. A hacker organization that goes by the name “OurMine” claimed responsibility for the attack after WikiLeaks allegedly dared everyone to try and hack them.
From the perspective of users who were affected by the attack, it would seem that OurMine succeeded although their claims were ultimately proven false. As you may have surmised, there was nothing wrong with the WikiLeaks server that day. Instead, the hacker group went after a DNS server which redirected users searching for “wikileaks.org” to a fake website they’ve set up to appear as though WikiLeak’s servers were under their control.
On the 22nd of October 2016, millions of account holders lost access to their banking accounts after hackers launched a DNS hijacking attack on Registro.br — a top-level domain registrar which also happens to manage the DNS for a major Brazilian bank. Hackers used the compromised Registro DNS server to funnel visitors to a copy of the bank’s homepage designed to collect login information.
To this day, the specific name of the Brazilian bank whom many believe was the primary target for the DNS hijacking remains unknown. The same goes for the number of people affected by the attack and the losses they’ve incurred as a result. It is believed that Kaspersky — the cybersecurity firm that first reported the attack, was prohibited by the Brazilian banks from providing further details on the matter.
A hacker group that goes by the name of “Syrian Electronic Army” hijacked the DNS server of Melbourne IT Domain Registrar in 2013. It so happens that the latter also manages the domain of the New York Times. During that time, millions of people visiting “nytimes.com” were redirected to a page touting the hacker group’s logo.
Now that you have an idea of how DNS hijacking works and just how dangerous it could be, you might be wondering — what can you do to protect yourself? Well, the first step is to test for DNS hijacking to see if you are in any immediate danger. The only way to do that is to conduct what is known as a DNS hijacking test.
Don't worry, a DNS hijacking test is not as complicated as it sounds and it’s something that anybody can do because there are many online tools that you can use to accomplish the latter. The simplest method is to go to a website called “WHOISMYDNS.com.” Doing so greatly simplifies the process of determining whether your DNS is being hijacked or not by performing the following three tests:
So let’s say that the test described above came back with some alarming results, what can you do about it? What measures should you take to mitigate the risks of falling victim to DNS hijacking? These are good questions and well worth considering if only as a preventive measure to common cybersecurity threats that we all face today.
If you are that concerned about DNS hijacking, then you would be glad to know that there are plenty of things that you can do to mitigate the latter. For one thing, making sure that you are using a good antivirus and antimalware software is the most straightforward DNS hijacking fix that you can implement right away. Make it a habit to always keep your internet devices updated as soon as security patches are released. This is because malware accounts for the vast majority of cases for DNS hijackings.
Other measures that you can readily implement to thwart DNS hijacking includes the following:
So there you have it — an overview of the threat of DNS hijacking and what people can do to protect themselves from it. As you may have already realized, DNS hijacking is a grave cybersecurity threat with real-world implications when it comes to privacy and security. In today’s increasingly interconnected digital age, it is crucial for people to stay vigilant and acknowledge the risks that DNS hijacking presents to the average user. Only then can you expect to steer clear of these cybersecurity threats and enjoy what the Internet has to offer with any degree of confidence and safety.
Most people use the internet today without batting an eye at what actually transpires each…
The VPN industry is due for a revolutionary newcomer and ClearVPN may just fit the…
Being labeled as the Best VPN is no mean feat, especially in this highly-competitive industry.…