DNS hijacking is a serious online threat you may have never heard of. Even worse, it’s conducted by exploiting a fundamental layer of the internet that is essential for its functionality and convenience.
What is DNS? DNS, short for Domain Name System, makes your internet browsing effortless. DNS functions as an interpreter between humans, who talk words, and computers, who talk numbers. When you type in a website domain, your device needs the IP to actually go there. It gets it by sending a query to a DNS server, a server that has a database of IP addresses and their associated hostnames.
How does DNS hijacking work? DNS hijacking is the practice of redirecting DNS queries. You send out a query, but a third party steers the query the wrong way. As a result, you get a false IP address, and the wrong page loads on your screen. Say you’re trying to access your online bank. Your DNS is hijacked and a different website is loaded that looks exactly like your bank’s homepage and you enter your login details. This is a known phishing scam when hackers create fake copies of a website to extract their victims’ usernames and passwords. The next thing you know, your bank account has been emptied. In other cases, DNS hijacking can be more annoying than harmless. When you type the URL of a website that does not exist, you should get an error message. However, some internet service providers redirect you to their website to show you ads instead. The bad news is, anyone can be susceptible to DNS hijacking.
How does your DNS get hijacked? A DNS hack could happen at any link in the chain of DNS queries. Here’s some examples how:
- Malware: Your computer or router can be infected with malware that rewrites the configuration of DNS settings. As a result, your device queries a rogue DNS server that serves you fake IP addresses.
- Compromised DNS server: In a DNS server hack, your query is redirected in the wrong destination by a DNS server under a hacker’s control. This attack is even more cunning because once the query leaves your device, you have no control whatsoever over the direction your traffic takes.
- Internet service provider interference: Some internet service providers use DNS hijacking on their own users to display ads or collect statistics. They do this by hijacking the NXDOMAIN response (the response you get if you type a domain that does not exist).
How do you prevent DNS hijacking? Here’s some examples to help prevent DNS hijacking:
- Use reliable antivirus software: Update your system whenever security patches come out. Malware that modifies DNS settings are the most common form of DNS hijacking.
- Avoid suspicious links: Cybersecurity 101, do not click on links from sources (people, websites) you are not familiar with. Even if you trust the source, check the URL carefully.
- Use a VPN, which encrypts your traffic and DNS settings: This prevents hackers from intercepting and snooping your sensitive information. A VPN is especially useful if you frequently use public Wi-Fi, which is often unsafe due to poor router configuration and weak passwords.
- Change your router password: It’s very easy to crack the default factory login, so a hacker is just a step away from changing your DNS settings.
- Be alert: You should always be alert, especially if a website you are familiar with gives you weird pop-ups, screens, shows landing pages you’ve never seen before. Alertness is key since there is no foolproof protection against these types of hijacking attacks.
Contact BrickHost today to help prevent or recover from DNS hijacking.
