dns hijacking

What is DNS hijacking and How It Works?

6 Mins Read

Online SecurityWhat is DNS hijacking and How It Works?

The internet is no longer a safe place. There is always a reason to get concerned when we go online to either browse a website, make transactions or shop online. But why, you may wonder? Because our sensitive information is at risk!

When we connect to the internet without precautions or protection, our personal information gets exposed to data-hungry hackers. And, when the hackers see an open opportunity to steal your information, be it your online bank or social media account details, they use every mean necessary to obtain it. DNS hijacking is one such method hackers use to carry out such clandestine acts.

DNS based attack isn’t something an average user would know about. Therefore, to learn more about what DNS hijacking is, you first need to understand what a DNS is and what it does.

Let’s Take a Quick Overview of DNS

In layman terms, you may call it a phone book for domain names such as example.com. If we go for a precise definition, DNS is the keeper of all domain names that are registered on the internet. Its job is to translate those names into IP addresses and hence show the relevant website to the user.

Why was such a roundabout process necessary? Well, computers don’t work like humans, and therefore they don’t understand our language. Instead, they translate our language into codes and operate accordingly. Likewise, people don’t read codes and as a result, they can’t remember the actual name of every website they visit such as (example.com).

And so, we have the DNS system today to remember the real IP addresses for us. Whenever we want to visit a website, it simply matches the name with the IP address and shows the result.

Now that we know about DNS and its role on the internet let’s move on to, “What is DNS hijacking?

DNS hijacking

It is one of the many types of DNS attacks. The attack involves compromising your system’s DNS settings through malicious means. Once your settings are compromised, your request is then redirected to a ‘Rogue DNS’ server, which then takes you to an unintended website. As a result, you would become a victim of either pharming or phishing.

How DNS hijacking Works

Your computer’s DNS settings are usually assigned by your ISP (Internet Service Provider). On the other hand, some users use the public DNS server such as the one provided by Google. When you try to access a website, your computer refers your request to those settings which redirects it to a DNS server. The server matches the name with the IP address and then sends you to the desired website.

If your computer settings are compromised, your request will be redirected to a rogue DNS server. Consequently, the rogue server will translate your request into a fake IP address that leads to a fake or malicious website.

How Your DNS is hijacked?

Malware attack is one of the most common ways used by hackers to hijack your DNS. The hackers can use any DNS-changing Trojan to modify the DNS settings of your system. They can successfully carry out the attack by luring users into downloading something or clicking malicious links.

Likewise, a hacker can also carry out the hijacking attack by finding a security vulnerability in your router and compromising the settings. However, a security weakness in the router isn’t the only thing that makes you vulnerable to attack. Your router can also be compromised through a simple password hack.

There are Many DNS hijacking Cases

DNS hijacking attacks are carried out all around the world. Some are performed on a limited scale which go unreported, while others leave a mark in internet history or at least appear as a case study on some cyber security magazine. Take, for instance, the case of WikiLeaks.org.

Earlier this year (2017), WikiLeaks users were redirected to a fake website. Instead of seeing the vast collection of controversial documents, the users were shown a teasing message. The hackers, the notorious OurMine group, didn’t compromise the WikiLeaks server to redirect the users to their website, but simply hijacked the name server, as explained by WikiLeaks founder, Julian Assange.

Similarly, in 2008, ICANN.com domain name was hijacked by a Turkish group of hackers, NetDevilz. The Internet Corporation for Assigned Names and Numbers (ICANN) is a renowned name on the internet. After all, it is responsible for maintaining the security of namespace databases.

Is DNS hijacking and DNS Spoofing/Poisoning the Same Thing?

When we talk about DNS attacks, questions like “What is DNS Spoofing?” or “What is DNS Poisoning?” or “What is DNS Redirect?” come to mind.

First of all, DNS spoofing and DNS poisoning (or DNS cache poisoning) are the same thing, but slightly different than DNS hijacking. In the latter, the hacker would either plant a malware or hack the router DNS settings. However, in DNS poisoning or spoofing, the hackers compromise (poison) the cache of a DNS server.

DNS redirect, on the other hand, is an unethical way of redirecting users to unintended pages such as advertisements pages, etc. ISPs are the ones that usually practice DNS redirect to drive users, say from a 404 page to their desired pages which are usually ad pages. It wouldn’t be unfair to name it ISP DNS hijacking.

DNS hijacking Is More Harmful than It Sounds

A hijacked DNS can put you or your online information at risk in ways you can never imagine.

For instance, most attacks are conducted to steal sensitive details like accounts’ passwords, etc. You may also call it phishing. In such attacks, users are presented with a fake version of a website they want to visit. When users type their account details on such bogus sites, all those details are sent to hackers.

Your ISP or government can also use the same principle of DNS hijacking to modify the DNS settings of your computer to limit your access to the internet. When you try to access a restricted website, you are either redirected to a different website or presented with an ‘apology’ message.

A Few Suggestions on How to Prevent DNS hijacking

‘Prevention is better than cure,’ there is no truer maxim than this.

  • DNS hijacking attack prevention starts with you. The first thing you need to do is change your habit of visiting every website that attracts your curiosity. Remember, while the internet is brimming with wonderful things, there is just as much as bad on the internet. Therefore, don’t open every email that sounds tempting, or visit every website you come across.
  • Secondly, reset your router’s password and create a new one. Make the new password as hard as possible, and note it down on a piece of paper rather than on the same device. After all, if you have malware on your system, the hacker can always see the new password.
  • It is also important to use an antimalware to keep your system clean from any malware coming from the internet. With a security system in place, you won’t have to worry about precautions as the software or application would automatically detect and delete any malware.

DNS Hijacking FAQs

The following are answers to some of the most frequently asked questions about DNS hijacking:

Can a DNS server be hacked?

If your ISP’s DNS server isn’t adequately protected, it can be exploited by hackers which means you’ll end up on rogue sites where your sensitive information is at risk.

What is domain name hijacking?

Domain hijacking, or domain theft as it’s often called, is when a hacker gains access to a domain name without the authorization of its rightful owner.

How many types of DNS hijacking attacks are there?

There are four types of DNS hijacking attacks, which are:

  1. Local DNS Hijack
  2. Router DNS Hijack
  3. Man-in-the-middle DNS Hijack
  4. Rogue DNS Hijack

What is a DNS redirect?

DNS redirect is a method commonly used to perform man-in-the-middle attacks, where your Internet traffic is redirected to a rogue server that captures your personal information like credit card details, passwords, etc.

What is a DNS spoof?

DNS spoofing, also known as DNS poisoning, is the act of altering or spoofing a particular DNS server’s records maliciously in order to redirect your Internet traffic to the attacker.

How to detect DNS hijacking?

Well, one of the easiest way is to determine DNS hijacking is using the ping utility. If you ping a domain that doesn’t exist, and it resolves, there’s a good chance that your DNS traffic is being hijacked.

Is there a DNS hijacking test?

There are a few sites that let you check for signs of DNS hijacking online like Who is My DNS?, etc.

What is ISP DNS hijacking?

As mentioned earlier, ISPs can also use DNS hijacking to alter the DNS settings of your device to limit your Internet access.

A Word of Advice

DNS hijacking attacks are common, but they can be as deadly as a weapon when it comes to your online privacy and security. Being proactive is the only way you can stay away from such cyber threats and roam the internet with complete peace of mind.

Mohsin Qadir An information security analyst in the making, a father of an adorable kid and a technology writer (Contributor). He can be found lurking around top network security blogs, looking for scoops on information security and privacy trends.

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.