know their phone number, you can use a phone book to find their number. DNS services use the same
logic. When you request data for a web location you type in its name and then the DNS servers find their
IP address. Such internet phone books greatly influence the accessibility of Web locations which is
exactly why DNS is crucial for any organisation that relies on the Internet to connect to customers,
partners, suppliers and employees.
The Internet maintains two principal namespaces - the domain name hierarchy and the Internet Protocol
(IP) address spaces. The Domain Name System maintains the domain name hierarchy and provides
translation services between it and the address spaces. Internet name servers and a communication
protocol implement the Domain Name System. A DNS name server is a server that stores the DNS
records for a domain name; a DNS name server responds with answers to queries against its database.
What is DNS Hijacking?
DNS Hijacking, also called Domain Hijacking, is when bad actors redirect or “hijack” DNS addresses and
reroute traffic to bogus DNS servers. Once a DNS address is successfully hijacked to a bogus DNS
server, it translates the legitimate IP address or DNS name into the IP address of the hacker’s malicious
website of choice.DNS hijacking can be used for pharming (in this context, attackers typically display
unwanted ads to generate revenue) or for phishing (displaying fake versions of sites that users access
whereby data or credentials are stolen from them).
Many Internet Service Providers (ISPs) also use a type of DNS hijacking to take over a user’s DNS
requests, collect statistics and return ads when users access an unknown domain. Some governments
use DNS hijacking for censorship, redirecting users to government-authorized sites. DNS hijacking can
occur with any size website, directing folk to malicious websites without their knowledge. Since the
website owners depend upon legitimate DNS servers that are issued by their Internet Service Providers
(ISP), DNS hijackers use malware in the form of a Trojan to exchange the legitimate DNS server
assignment by the ISP with a manual DNS server assignment from a bogus DNS server.
When users visit legitimate websites, they’re automatically hijacked to a malicious website disguised as
the legitimate one. The switch from the legitimate DNS server to the bogus DNS server goes unnoticed
by both the user and the legitimate website owner. At this point the malicious website gets to do pretty
much anything it wants, for as long as the person using it believes it’s where they’re meant to be.
As a cyber-attack, DNS Hijacking has a host of uses, including injecting malware into your machine,
promoting phishing scams and advertising on high-volume websites. Ultimately, it’s possible to suffer a
data breach following a DNS Hijack, as credentials can easily be mined while the victim is active on the
attacker’s bogus site.