DNS hijacking, also known as silent server swaps, is a malicious attack vector that can be used to forcibly redirect web traffic to websites that are either fake or different from the ones you’ve requested.
This type of attack becomes possible when the computer’s TCP/IP settings are overridden through the use of malicious software.
Hackers can also gain control of a DNS server by modifying its settings, either manually or via malware. These are the two main types of DNS hijacking.
How Does It Work?
In order to understand what DNS hijacking is and the risk it poses to your own online security and privacy, there are a few processes you need to know about.
The Domain Name System (DNS) was created to make the web more usable by humans. Every website on the internet lives on a physical location, which is commonly a server. These servers and everything else that is connected to the internet has an Internet Protocol (IP) address that corresponds to its location.
Since it is not possible for us humans to memorize the IP addresses of all our favorite services, DNS was invented. This system streamlines the process by matching the web addresses we provide with the IP addresses of the server or servers that host the website.
A DNS server has one job: to match domain names with their corresponding numerical addresses. Once a DNS server matches a domain name to a specific server, it relays back the information to your device, making it possible to connect with the website you’ve requested.
Now that you have a good understanding of the role a DNS server plays, here is how it can be used against you for malicious gain.
DNS Hijacking: A Major Security Threat
Right now, the reason you’re on this website and not on some advertisement-ridden page is because your computer has the right DNS settings. These have either been provided by Google, the Internet Corporation for Assigned Names and Numbers (ICANN), or your Internet Service Provider (ISP).
If these settings are compromised in any way, be it via your unprotected router or through the use of Trojan malware, your computer could be communicating with the wrong DNS server, one with a different set of addresses and a malicious agenda.
Of course, DNS servers don’t turn rogue all by themselves. Malicious actors can “hijack” the server and create alternate IP addresses for the domain names, leaving you and your computer at the mercy of illegitimate services and fake websites that can compromise your online privacy.
The Applications of DNS Hijacking
So, how can this affect your online security?
The answer to that question is: in a number of ways. For instance:
DNS Hijacking Can Be Used For Phishing Attacks
Picture this: you’ve just opened your bank’s online webpage and filled in your login credentials in order to access your online account, but something’s not right. For some reason, no matter how many times you repeat the process, you can’t get in.
If the DNS that your computer is using has been hijacked, then you have just given your bank account’s login credentials to a bunch of unknown hackers. As you probably already know, identity theft is a rampant form of cybercrime that can destroy your entire livelihood even without your knowledge.
This could be a damaging real-life scenario. Hijacked DNS servers are commonly used to orchestrate phishing attacks on unsuspecting people. By creating a replica of the webpage you intended to visit, cybercriminals can trick you into giving them important information that will ultimately compromise your privacy.
A large-scale cyber attack using this exact tactic was orchestrated a few years ago targeting The New York Times, Twitter, The Huffington Post and other major websites.
That’s not the end of it, unfortunately.
A Hijacked DNS Server Can Be Used For Pharming
If you’re unfamiliar with pharming, it is the process by which online presences use illegitimate avenues to generate clicks and ad impressions for monetary gain.
A hijacked DNS server can be used to divert traffic from its intended destination to a page filled with endless pop-ups and ads. For the unfortunate victim, this can be quite an annoyance especially since it occurs so unexpectedly. Meanwhile, the people behind the pharming scheme generate a lot of income from ad impressions and clicks.
Before you wave this off as nothing more than a mild annoyance, remember that you will be conscripted as an aider and abettor of fraud committed against ad companies. In the worst case scenario, your computer will be exposed to websites with browser-based exploits, which will then be deployed into your system to wreak havoc.
Governments Use DNS Hijacking to Enforce Web Censorship
Unfortunately, cybersecurity threats such as computer viruses and malicious ads are not all you have to worry about when you’re a victim of DNS hijacking. Some countries have been known to “modify” their own DNS servers in order to restrict access to some websites.
This censorship strategy redirects computers to “approved” sites every time they try to connect to a “blocked” website. The worst part is that it can be done without your knowledge or consent.
How to Protect Your Computer from DNS Hijacking
- Update your router’s firmware and change its password (especially if you’re still using the default password).
- Use a VPN (Virtual Private Network) to access the internet. This hides your DNS requests from third parties and encrypts all your traffic. It’s also a key safeguard to protect your online privacy and security, overall.
Install antivirus software on your computer. If your DNS settings cannot be altered by Trojan malware, you’ll be safe from attacks of such nature.
Latest posts by Richard (see all)
- Wide Range of Job Ads Available on the Dark Web - November 5, 2018
- Continuous Exploit of RDP Pushes FBI to Issue Warning to Potential Targets - October 29, 2018
- Ross Ulbricht’s Fifth Year in Jail - October 10, 2018