DNS Hacking: All You Need to Know | TECHWANO

Wednesday, April 24, 2019

DNS Hacking: All You Need to Know

The recent piracy of ICANN (Internet Corporation for Assigned Names and Numbers) has confirmed: hackers are able to take control of the most powerful organizations to disrupt Internet browsing. At the heart of their strategy, DNS hacking is to divert the real address of a website to point to a malicious site.

The various machines and various devices connected to the internet (PCs, servers, connected objects, etc.) use IP addresses to communicate with each other. This is the only way to find them and access them on the network. To make life easier for Internet users and to enable them to access sites by entering an understandable address, domain names have been created. There are databases that memorize which IP address corresponds to which domain name. For example, entering techwano.com in its browser, the computer contacts the server at These databases are the DNS servers. Each service provider offers its own servers with Internet subscriptions, used by default by all the computers that connect to them.

Some hackers exploit flaws to modify this match, a technique called DNS hacking. A legitimate domain name then returns to a fake site and, often, there is no technical way to spot the deception. They can collect all the identifiers and passwords entered by users trying to connect. Even a password manager, like LastPass or 1Password, will only see the fire.

But, how do they manage to change this correspondence? Initially, it must be remembered that a person or a company, who buys a domain name, do so at a registrar or registrar. It is a recognized organization, authorized to make changes to DNS servers. Hackers exploit security vulnerabilities to break into their system and take control of certain domain names. They then redirect them to their own servers where they have created copies of the targeted sites. This change is transmitted to the whole world and all the Internet users visiting this site are found on the fake site.

DNS hacking can also come from a virus or Wi-Fi network

There is also another DNS attack, very similar. This time, instead of attacking the registrar, the hackers infect the computer of the victims. All operating systems, including mobile, include a "hosts" file. This is a local database that contains some matches between IP addresses and domain names. It allows developers to test tools locally (or sites) before putting them online, or to block access to certain sites. A virus can add matches that will be used to redirect victims to fake sites. Thus, by seizing paypal.fr on an infected machine, the navigator will be directed towards a copy of the site, without the real site having undergone any piracy. For the victim, the result will be the same, whether it is his machine that is infected or the domain name that has been hacked.

The DNS servers used by default are those provided with the internet connection. Some pirates, therefore, opt for a very easy technique to implement. They offer free Wi-Fi access that eliminates the need for security breaches or viruses. All they have to do is create their own DNS servers for this connection that return to their fake sites. This time, there is a parry, changing its DNS servers to use those of third-party service, such as OpenDNS.

If you can not do without public Wi-Fi, it is strongly recommended to get a VPN. What is a VPN, by the way? This is a virtual private network (VPN) where the term "virtual" refers to the connection method used to protect private web traffic and data while connecting to the Internet. This little utility hides your IP address and prevents hackers from spying on you.

Caution remains

Security specialists regularly advise checking the site's domain name and the presence of the "little green padlock" to ensure that the connection is secure, before entering its identifiers. It works against phishing but is useless against DNS hacking. The site address is fine because it has been hijacked, and criminals who have taken control of the domain name can recreate security certificates.

In summary, using an alternative DNS server avoids hacking over a Wi-Fi connection. Using good, up-to-date antivirus software should prevent hacking with a virus. For the third method, only a wary eye can identify the deception. If the presentation of a website seems suspicious, check on social networks if other users have problems. A search on Twitter often shows the problem even before site owners realize it.

Post a Comment

favourite category

test section describtion

Whatsapp Button works on Mobile Device only