DNS hacking

The infrastructure at the core of the internet is vulnerable to attack from state-sponsored hackers, its governing body warned

The Internet Corporation for Assigned Names and Numbers (ICANN), charged with overseeing Domain Name Systems (DNS), published an announcement that companies have moved too slowly to adopt security standards that would have mitigated several recent large-scale cyberattacks.

DNS is the system through which online servers are routed to more user-friendly domain names. Each time someone enters in a domain name (e.g. “Google.com”), they are directed via DNS to the appropriate online server assigned to the domain name (in Google’s case 172.217.164.174). While this has the benefit of not needing to remember long numerical network addresses, it also creates an avenue of attack for hackers to redirect and / or intercept a target’s internet traffic, often by creating a phony version of a site. This practice is called “DNS hijacking.”

A widespread example of DNS hijacking was detected earlier this year and linked to Iranian state-sponsored hackers. The hackers harvested usernames, passwords, and domain name information between 2017 and 2019. According to the US Department of Homeland Security and ICANN, this method of attack is on the rise.

DNS hijacking can be mitigated by a security protocol called Domain Name System Security Extensions (DNSSEC). Despite having existed for close to 10 years, implementation of DNSSEC is minimal.

“ICANN has long recognized the importance of DNSSEC and is calling for full deployment of the technology across all domains. Although this will not solve the security problems of the Internet, it aims to assure that Internet users reach their desired online destination by helping to prevent so-called “man in the middle” attacks where a user is unknowingly re-directed to a potentially malicious site,” stated the ICANN alert.