DNS Hijacking
An attack where criminals redirect users to undesired/malicious websites, usually by compromising devices or servers and changing settings.
The Domain Name System (DNS) is essentially an internet phonebook, which allows domains (groups of devices) to locate and talk to each other so they can access resources such as web pages. Locating domains correctly is quite a convoluted process involving a lot of entities.
In a stripped down scenario, when you type in a domain name/URL (e.g. 'www.google.com' for the website hosted by Google), your browser will ask your internet service provider where that domain is located. Your service provider doesn't have this information, so it asks other organisations who are responsible for domain records such as registrars/registries. These organisations will eventually locate the desired domain, and that domain will verify that it is in fact the correct one (i.e. "Yes that website is hosted here and belongs to us, here it is!").
[Note: In this process, domain names are translated to numeric labels called 'IP addresses' - because computers prefer working with numbers!]
If there's a compromise anywhere in this chain then that can be a real problem. Modified DNS settings can redirect a visitor to a malicious website belonging to an attacker. The visitor likely won't be aware that this has happened as they type the same URL in as usual, it just gets redirected in the background. The fake website could be designed to steal sensitive information or get someone to download malware.
|