DNS hijacking is a serious online threat you may have never heard of.
Even worse, it’s conducted by exploiting a fundamental layer of the
internet that is essential for its functionality and convenience.
How does DNS hijacking work
As you can see, DNS is highly decentralized. No single DNS server holds
all the IP addresses and their corresponding domains. Your query will
travel along a chain of DNS servers before you get your result.
DNS hijacking is the practice of redirecting DNS queries. You send out a
query – What is the IP of youtube.com? – but a third party steers the
query the wrong way. As a result, you get a false IP address, and the
wrong page loads on your screen.
Say you’re trying to access your online bank. Your DNS is hijacked and a
different website is loaded that looks exactly like your bank’s
homepage and you enter your login details. This is a known phishing scam
when hackers create fake copies of a website to extract their victims’
usernames and passwords. The next thing you know, your bank account has
been emptied.
In other cases, DNS hijacking can be more annoying than harmless. When
you type the URL of a website that does not exist, you should get an
error message. However, some internet service providers redirect you to
their website to show you ads instead.
The bad news is, anyone can be susceptible to DNS hijacking.
How does your DNS get hijacked?
A DNS hack could happen at any link in the chain of DNS queries. Here’s how:
Malware
Your computer or router can be infected with malware that rewrites the
configuration of DNS settings. As a result, your device queries a rogue
DNS server that serves you fake IP addresses.
The most famous malware of this kind was called DNSChanger, which
wreaked havoc on the net until it was put down in 2012. It infected
computers and changed their DNS configurations, pointing them to rogue
servers operated by hackers. These servers replaced advertising on
websites with ads sold by hackers, making them $14 million in profit (to
find out more about other types of malware, click here).
In total, over four million computers were infected. Their owners had no
idea they were seeing ads placed by hackers who had corrupted their
systems.
This scenario could have gone much worse. A more malicious malware could
redirect you through hacker-controlled open web proxies and get access
to all your traffic (and any sensitive data you send). You could also be
directed to a dummy website that extracts your passwords and usernames
through fake login procedures.
The worst part of a malware attack is that you have no idea that your system is compromised until the damage is done.
Compromised DNS server
In a DNS server hack, your query is redirected in the wrong destination
by a DNS server under a hacker’s control. This attack is even more
cunning because once the query leaves your device, you have no control
whatsoever over the direction your traffic takes.
Essentially, they violate the trust your system places in DNS servers.
Hacking a DNS server will usually be relatively difficult, but it’s far
from impossible.
Internet service provider interference
Some internet service providers use DNS hijacking on their own users to
display ads or collect statistics. They do this by hijacking the
NXDOMAIN response.
NXDOMAIN is the response you get if you type in a domain that does not
exist (meaning it doesn’t have a corresponding IP address). For example,
if you entered “ssdsrfadsfdgfaaf.com” into your browser, you would get
the NXDOMAIN response: “The website cannot be found” or a similar error
message (unless someone were to buy that domain for some reason).
When an internet service provider hijacks the NXDOMAIN response, they
replace the error message with a fake website set up by the internet
service provider to show you ads or collect your data.
How to prevent DNS hijacking
Use reliable antivirus software and update your system whenever security
patches come out. Malware that modifies DNS settings is the most common
form of DNS hijacking.
Avoid suspicious links. Cybersecurity 101 – do not click on links from
sources (people, websites) you are not familiar with. Even if you trust
the source, check the URL carefully. For more tips on this and other
scam attacks, click here.
Use a VPN, which encrypts your traffic and DNS settings and prevents
hackers from intercepting and snooping your sensitive information. A
VPN
is especially useful if you frequently use public Wi-Fi, which is often
unsafe due to poor router configuration and weak passwords.
Change your router password. It’s very easy to crack the default factory
login, so a hacker is just a step away from changing your DNS settings.
We have plenty of tips on creating strong passwords here.
Be alert, especially if a website you are familiar with acts like a
stranger (gives you weird pop-ups, screens, shows landing pages you’ve
never seen before). Alertness is key since there is no foolproof
protection against the types of hijacking attacks that targeted The New
York Times or WikiLeaks. In those cases, authoritative DNS servers,
which hold actual records, were poisoned.
VPN download
http://www.fastvpnproxy.com/is-it-safe-to-use-a-hotel-wifi/
http://www.fastvpnproxy.com/tips-on-creating-a-strong-password/
http://www.fastvpnproxy.com/how-to-find-cheaper-flights-with-a-vpn/
The Wall