Internet Identity

Part of IID's DNS Dojo series

The Domain Name System, or DNS, was created in 1983, to serve as directory assistance between a website domain name (www.familyphotographs.com, for example) and an IP address. We can all remember the domain name of our favorite blog, but the IP address? Remembering and typing in a long string of numbers isn’t practical for Internet users wanting to visit a website. Though it was created before the influx of cell phones into our daily lives, DNS works much in the same way that your cell phone contacts list does, by storing the information you need to get in touch with a desired person (their phone number) in a more easily remembered format (their name). Sure, there was a time when we all had to memorize (or at least look up) the phone numbers of people we wanted to talk to, and theoretically, we could all memorize (or look up) the IP addresses of Internet locations we want to visit. But why bother? Doesn’t it make more sense to pick up your phone and find “John” in your list of contacts and place the call? Domain names work the same way. If you know you want to visit www.familyphotographs.com, why go to the trouble of recalling and typing a string of numbers into your browser’s address bar?

Where’s the danger?

So DNS is an address book. What could be dangerous about that? The Domain Name System was devised in a simpler and more trusting time in computing, but that is not the world in which we live and use the Internet today. Consensus among security insiders suggests that over 80% of all malware takes advantage of DNS insecurity to some degree, and 5% uses DNS exclusively for communications. Traffic diversions, political defacement pages, and Distributed Denial of Service (DDoS) attacks on DNS infrastructure continue to make up another considerable portion of the crime taking place online.

A significant risk associated with DNS is in the way that it translates IP addresses into memorable domain names. Domain names, and their corresponding IP addresses, are stored in databases on DNS name servers. When an Internet user types www.familyphotographs.com into his address bar, the Domain Name System seeks the correct IP address for it by searching its database, and it is the result of this query that tells the user’s browser where to find www.familyphotographs.com on the Internet. The danger lies in that query and response action; a cyber criminal has a few methods at his disposal for getting in the middle of that communication and redirecting traffic according to his own nefarious purposes.

Beware of social engineering ploys

Criminals can take advantage of poor security practices to hijack an organization’s DNS.  Inadequate password strength or security at an organization can result in hijacked DNS accounts, especially when those passwords belong to employees with administrative access to their DNS. Cyber criminals can also leverage social engineering ploys to trick someone into giving them their password. Once in control of the DNS for a domain, the criminal can redirect its legitimate traffic to a malicious Internet location.

DNS hijacking dangers lie deep

But the damage from hijacking the DNS isn’t just isolated to inconveniencing people trying to visit a web property. By hijacking an enterprise’s DNS, hackers can gain access to everything stored and shared within an organization: vital data like financial and customer information, passwords, emails and instant messages, proprietary documents, and more.

Furthermore, by exploiting vulnerabilities in DNS software, a criminal can cause an ISP’s name server to cache an incorrect IP for a particular domain. When customers of the ISP query the compromised name server to locate that domain, they are taken to a fraudulent site where they may be subject to a phishing scam or malware download.

This method was employed in the DNS hijacking that affected shipping company UPS in late 2011. What happened in that hijacking and how did it affect more than just website visitors? You can read more about the role DNS played in that attack in the next installment of our DNS Dojo series.