DNS hijacking is one of the worst scenarios that you can face on the Internet even though you may haven’t heard about it. It exploits a fundamental layer of the internet that is essential for its functionality. Read more to protect yourself.
You’ll find out
1.HOW DNS HIJACKING WORKS?
-What is DNS?
Have you ever wondered how the Internet works? Before we go in deep to DNS hijacking, let’s consider why DNS is so essential for the Internet.
On the Internet, when you type in a website domain like google.com, your device needs the IP1 to (18.104.22.168) open the site. Thus, your device sends a query to a DNS server that is a special kind of server that has a database of IP addresses and their associated hostnames.
Let’s give a specific example to explain the process. Imagine that you are at home(your device) and you want to go to a place(the website). In order to go there, you need to know the exact address(the IP address). After you know exact address, you need a map or GPS(DNS) to find the place. Otherwise, you would get lost at the first crossroads you hit. This is where DNS saves your day. DNS servers direct you until you reach your final destination.
Finally, you are led by DNS servers to the IP address you are looking for. And Google opens on your screen.
The system is based on trust, but not every DNS is trustworthy. Compromised or malicious DNS servers open the system up for exploitation.
-What is DNS hijacking?
As can be seen, DNS is decentralized. Therefore, when your query will travel along some DNS servers before you get your result.
DNS hijacking is redirecting DNS queries. When you send a query to find the IP of the website, you may have a chance to get the wrong way by a third party. In the end, you get a false IP address and the wrong page loaded on your screen.
Consider, you are willing to access your online bank. If your DNS is hijacked, a different website is loaded that looks 100% same to your bank’s page. We hope you wouldn’t say that you enter your login details. This is a known phishing scam when hackers create fake copies of a website to extract their victims’ usernames and passwords. What’s next? Your bank account has been emptied.
In other cases, DNS hijacking can be more annoying than harmless. When you type the URL of a website that does not exist, you should get an error message. However, some internet service providers redirect you to their website to show you ads instead. The problem is anyone can be susceptible to DNS hijacking.
-How your DNS gets hijacking?
Come closer and consider the facts that your DNS may get hijacking.
Your device or router might get infected with malware that rewrites the configuration of DNS settings. Therefore, your device queries a rogue DNS server that serves you fake IP addresses. And, the worst part of a malware attack is that you have no idea that your system is compromised until the damage is done.
COMPROMISED DNS SERVER
Your query is redirected in a wrong destination by a DNS server under a hacker’s or snooper’s control. You have no control whatever over the direction your traffic takes after the query leaves from your device. Essentially, they violate the trust your system places in DNS servers. Hacking a DNS server will usually be relatively difficult, but it’s far from impossible.
INTERNET SERVICE PROVIDER INTERFERENCE
Some Internet service providers use DNS hijacking on your devices in order to display ads or collect statistics. How does it work? For example, if you want to enter the site “asdfgwewqsDSADSD.com” into your browser, as the site doesn’t exist, you would get the response: “This site can’t be reached” or a similar error message. However, some Internet service providers replace the error message with a fake website set up by the internet service provider to show you ads or collect your data.
2.POPULAR DNS HIJACKING CASES
DNS hijacking is not only a nightmare for individuals but it’s for some big websites.
On October 22, 2016, hackers had total control over the domain of a major Brazilian bank with hundreds of branches, over 5 million customers, and $27 billion in assets.
The attackers launched the attack by compromising the DNS server of Registro.br, which is the registrar for the top-level domain .br and manages the DNS for the Brazilian bank.
The hackers provided a server that looked exactly like the bank’s homepage, however, fakes meant to extract user login credentials. Users, directed to the fake sites, handed their usernames and passwords to the hackers and were infected with malware.
No one knows how many people were defrauded by hackers and had their personal data compromised. This case was reported by the security firm Kaspersky, which did not disclose the name of the bank, nor did the bank itself come forward. This is the usual practice in cases like these. The idea was to protect the victims while informing cybersecurity experts about potential vulnerabilities.
WikiLeaks, famous for storing and publishing classified and secret information, had been hacked by a hacker group called OurMine on August 30, 2017. Any user who wanted to visit wikileaks.org got an unusual message claiming that “Wikileaks, remember when you challenged us to hack you?”. They taunted the website on its own homepage. Wikileaks’ servers have been compromised from a visitor’s standpoint and the site was under total hacker control. Although, this was not the truth.
WikiLeaks was running and its servers were secure. If you knew the IP address, you could reach and browse the website without any struggle. What was happening was the hackers had hijacked one of the DNS servers that directed visitors to wikileaks.org and sent users fake values.
In the end, the details of how this hacker group hacked the site are unknown. Hackers may have used malware or knew someone on the inside with administrative access or used phishing to get usernames and passwords.
3.HOW TO PROTECT YOUR DNS GETTING HIJACKING?
Avoid suspicious links: Do not click on links from sources you are not familiar with. There were a lot of messages coming to people from their friend with a link. People are curious to open them however you should be attentive even if you trust the source, check the URL carefully.
Use SoftVPN: We have already discussed why you should use SoftVPN. One of the advantages of using SoftVPN is SoftVPN prevents hackers from intercepting and snooping your sensitive information. A VPN, which encrypts your traffic and DNS settings, is especially useful if you frequently use public Wi-Fi, which is often unsafe due to poor router configuration and weak passwords.
Change your router password: It’s very easy to crack the default factory login, so a hacker is just some steps away from changing your DNS settings.
Use Anti-Virus Software Programmes: Reliable Anti-Virus programmes protect your data and information inside your device. Update your system frequently whenever security patches come out. Malware that modifies DNS settings is the most common form of DNS hijacking.
Be awake! Especially if you are on a familiar website which acts like a stranger: Alertness is the key since there is no foolproof protection against the types of hijacking attacks that targeted WikiLeaks in our example.
Sign up to our monthly blog newsletter if you want to stay up-to-date on all things about cybersecurity.