Avoiding DNS Hijacking

Question

What exactly is DNS hijacking and how do I avoid it?

Answer

This question was answered on May 10, 2018.

Malicious actors on the Internet have spent countless hours testing various ways to compromise users and the use of DNS hijacking is among the favored exploits.

DNS stands for Domain Name Service and it’s like an online traffic cop that we use every day to get to websites. 

All websites are assigned an Internet Protocol (IP) address, which is a series of numbers.  For example, one of Amazon’s IP addresses is 72.21.211.176, which you can manually type into your browser to get to when it’s active.

To make things much easier for humans, names are assigned to those IP addresses so we don’t have to remember a bunch of random strings of numbers. We can simply type ‘Amazon.com’ into our browsers and a DNS server will translate that to the proper IP address in the background.

In most cases, your DNS server is connected to your Internet Service Provider, but you can change it and, unfortunately, so can the bad guys.

DNS Hijacking
Hackers know that if they can modify or ‘hijack’ your DNS settings, they can ultimately control where you actually get to go on the Internet.

In the Amazon example, they can create elaborate fake versions of the website that hijacked victims are sent to when they type ‘Amazon.com’.  They know that this exploit dramatically increases their chances of compromising unwitting victims.

What Gets Hijacked?
The most likely way you could become a victim of DNS hijacking is through malware designed to modify the DNS settings on your computer or router, which then silently points you to a rogue DNS server as your traffic cop.

It’s also possible that a hacked website can have its DNS addresses changed so that legitimate visitors are sent to malicious websites instead of the real thing.

Another ploy is to connect to public Wi-Fi networks and pose as a free connection so they can intercept requests and send users to rogue websites.

Protection Tips
Since malware infections are the most common way you’ll become a victim, all of the usual advice applies: use updated security software, install security patches and updates as they’re made available and avoid clicking on links in email, social media or even on websites that you’re not familiar with.

To protect your router from being compromised, make sure you change the default admin username and password for the device - every hacker on the planet knows the factory defaults.

You can’t do anything about a website you’re trying to visit that’s been hijacked, so be very cautious and suspicious when strange items pop-up at a site you visit regularly.

Avoid using public Wi-Fi to access anything online that requires usernames and passwords and if a public Wi-Fi connection allows you to connect without a ‘terms of service’ page, be very suspicious.

Alternative DNS Services
Changing your DNS settings yourself to an alternative service has many potential benefits, including speed and security.  I’m a big fan of the free controls offered by OpenDNS (https://goo.gl/d6cdw8) especially if you want global parental controls in your house.

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on May 10, 2018