What is DNS Hijacking?
Is the Internet safe? What do you think? And the answer is the Internet is no longer a safe place. There is always a reason to get concerned when we go online to either browse a website, make transactions, shop online or use social media.
There are numerous ways of getting hacked. It is a vast topic. But today we are interested in DNS Hijacking. As we all know, the “Domain Name System (DNS)” is for translating a domain name such as “google.com” to its corresponding IP address “188.8.131.52” and vice versa. DNS is the keeper of all domain names that are registered on the internet. You can simply compare it with your phonebook for domain names. It may be accomplished through the use of malicious software or unauthorized modification of a server. Once the individual has control of the DNS, they can direct a user request to a web page that looks the same but contains extra content such as advertisements. They may also direct users to pages containing malware.
DNS server is owned and maintained by your Internet service provider (ISP) and many other private third-party organizations. By default, your computer is configured to use the DNS server from the ISP. In some cases, your computer may even be using the DNS services of Google. In this case, you are said to be safe and everything seems to work normally. But the problem arises when DNS server of the third party is used for the translation of domain name to IP and vice versa. A user never knows the architecture of DNS server of a third party organization. In technical terms, you can say that DNS hijacking is a type of malicious attack in which an individual redirect queries to a domain name server (DNS), by overriding a computer’s TCP/IP settings.
Dangers of DNS Hijacking
Suppose a hacker or a malware program gains unauthorized access to your computer and changes the DNS settings so that your computer now uses one of the DNS servers that is owned and maintained by the hacker. When this happens, the DNS server may translate domain names of desirable websites (such as banks, search engines, social networking sites etc.) to IP addresses of malicious websites. As a result, when you type the URL of a website in the address bar, you may be taken to a fake website instead. This can put you and your computer in deep trouble.
Website’s traffic can be very easily redirected to another website and this is called PHARMING. This is often done by hackers in order to generate advertising revenue by getting the traffic of the genuine website. It can result in the entire loss of control over your website.
Another kind of attack called PHISHING where users are redirected to a malicious website whose design matches exactly with that of the original one. When a user tries to log in to his bank account, he may be redirected to a malicious website. Which is a clone copy of the original site but it steals his login credentials, and the user is unaware of it.
How do I know if my ISP is hijacking me?
If you visit any fake or non-existent site, e.g., http://www.abcd123z.com and it pulls up a search engine or a collection of links, your DNS is redirecting you. If you browse a fake or nonexisting URL you should never be redirected. It sold show the message “This site can’t be reached”. Something like the picture shown below.
Prevent DNS Hijacking
-The best way is to prevent DNS hijacking is to stop visiting unknown/malicious links and websites. In one line stay away from the untrusted website.
-Also, it is necessary to change the default password of your router. So that it would not be possible for the attacker/hackers to modify your router settings using the default password.
-Install a good antivirus program and keeping it up-to-date.
-Always use genuine OS (OPERATING SYSTEM) let it be Windows/ Linux and go for regular updates.
-Go through my article Surfing the Internet Safely.
-Using a VPN(virtual private network) service is also an effective ways of protecting yourself against DNS hijacking. A VPN encrypts all your internet traffic, and send it through a virtual tunnel thus your actual IP address is not visible.