27680393230
What_is_DNS_Hijacking-Hero

Written by Melissa Lawhorn
Published on February 27, 2017
This article contains
This article contains

    To understand how it works, it’s important to first understand what DNS is, and how your computer uses it to normally access the web.

    How DNS works

    Familiar with the process of visiting web pages? It’s a bit more complex than simply typing a domain name like example.org in your browser.

    It’s easy to forget that everything we access online all lives on some form of computing hardware somewhere, whether it's your phone, your PC, your router, or the army of servers that help run giant sites like YouTube or Amazon.

    Every single one of those devices connected to the internet has what is called an Internet Protocol (IP) address. Traditionally, this is represented by a series of numbers separated by decimal points. This is the real address that the machines that connect to the internet use to reach out to each other.

    Obviously, it wouldn’t be practical to type in 123.24.23.1 (not a real IP address) every time we wanted to visit a website. It’s to make the web truly useable by humans – not just machines – that the Domain Name System (DNS) was invented. This system matches the web addresses we are used to with the IP addresses of the servers that host the website.

    So when you type in an address such as facebook.com, for example, your computer gets in contact with a DNS server to collect the website’s IP address. This server’s only job is to match URLs to IP addresses. Once it has found the corresponding, numerical address, it sends this information back to your PC, and connects you to the website you’ve requested.

    Now, it’s crucial that your computer reach out to a legitimate DNS server.

    Why? Because this is where the hijacking comes into play.

    How DNS Hijacking works

    A well functioning computer will have DNS settings that are usually allocated by your Internet Service Provider, or is setup to use one by Google or ICANN. Those settings tell it which servers to connect to to get the IP addresses it is looking for.

    Your computer could be asking directions from a server set up to send you to phony phishing websites.

    If those settings have been compromised, then your computer could be asking directions from a server that has been set up to provide it with a different set of IP addresses than the ones you intended – IP addresses that can, and often do, play host to phony websites.

    Why DNS Hijacking is dangerous

    Compromised DNS settings leave you open to different kinds of dangers.

    Phishing sites that can steal your passwords

    Consider this scenario: you type in your bank’s domain name and hit “enter.” Your computer sends off the domain name. Except now that your DNS settings have been hijacked, you get sent to fake version of your bank. You log in like normal, without noticing any red flags, only to share your account details with a thief.

    The same could happen for any website you have credentials for.

    Funding cybercrime

    Some online criminals will hijack your connection to send you to pages that are loaded with advertisements so they can charge the ad networks for the impressions. They can target the redirection to affect just the ads that get loaded on legitimate websites.

    You could be conscripted in aiding and abetting fraud against ad networks.

    In either case, you’re essentially being conscripted into aiding and abetting a fraud against ad networks.

    Unfortunately, this isn’t just done by criminals. Some ISPs will run modified DNS servers that can modify your traffic to support their own business objectives.

    Censorship

    Some countries also use their own modified DNS servers to limit the websites available in their borders. When residents of the said country attempt to access a government-blocked site, they’re automatically redirected elsewhere (to an “approved” site of course).

    How can hackers “jack” your DNS settings?

    The two most common tools used by hackers to override your DNS settings are:

    Vulnerabilities in your router

    Routers are computers too. Routers with out-of-date firmware and default passwords are at risk of getting hacked. And if your router is hackable, your DNS settings are too.

    Trojan malware

    This form of malware is notorious for hiding inside other files, especially ones people like me and you may consider downloading. You can learn more about Trojans here.

    How to protect yourself from DNS hijacking

    1. Change your router’s password

      And by this we don’t mean your WiFi access password, but the administrative password that gives you access to your router’s settings. You can usually find that password written on the router itself or accessible online, and then access the login screen by going typing one of the usual default I.P. addresses like 192.168.0.1 or 192.168.1.1.

      If you’re still using a default password, remember to swap it out for a strong one. Check out our tips for creating strong passwords.

    2. Update your router’s firmware

      Routers are often the forgotten weak link in the online security chain. If your router’s firmware is out of date, it’s not patched for the latest security vulnerabilities. Your router’s manufacturer page should provide update info specific to your router model.

    3. Make sure you’ve got malware protection

      Stop hackers from altering the DNS settings on your computer by running a trusted antivirus software.

    Bonus: 2 simpler ways to stay protected

    AVG Internet Security with SecureDNS

    You can simply bypass all of the above steps and protect your home network with an advanced antivirus that includes DNS protection.

    Our AVG Internet Security not only features advanced malware protection, it also includes our new SecureDNS. This feature encrypts your DNS requests and makes sure they go through our secured DNS servers so the right IP addresses get delivered.

    Don't have it? Download your free trial now.

    Use a VPN

    You can also take it up a notch and run a VPN. While using the internet over a Virtual Private Network, all of your communications get encrypted – not just your DNS requests – so you’ll be sure to stay clear of DNS hijacking attacks.

    And a VPN will hide your IP address to boot. 

    Give our Secure VPN a try today: you can get started in just a few steps!

    Latest security articles

    EternalBlue Exploit: What Is It and Is It Still a Threat?

    How to Tell If Your Phone Is Tapped: 10 Warning Signs

    What Is a Sniffer and How Can You Prevent Sniffing?

    Reporting Identity Theft — What to Do If Your Identity Is Stolen

    Sextortion and Blackmail — What You Need to Know

    Keyloggers: What They Are, Where They Come From, and How to Remove Them

    What Is SQL Injection?

    What Is a Browser Hijacker and How to Remove One

    Zero-Day Attacks: What You Need to Know

    What Is an Exploit in Computer Security?

    How Secure Is My Phone?

    Identity Theft: What It Is & How It Works

    Protect your Android against threats with AVG AntiVirus

    Free install

    Protect your iPhone against threats with AVG Mobile Security

    Free install
    Threats
    Security
    Melissa Lawhorn
    27-02-2017