DNS Breach Shows We're Less Safe

This one is really scary.

In early September, criminals successfully hijacked the domain name server (DNS) records for some major Internet players, including Microsoft. This allowed them to redirect Web traffic to their own sites, and do so without having to first infect either the user's computer or the website the user was trying to get to. This has the potential of making the Internet less safe and useful for all of us.

Domain name servers play a vital role in keeping the Internet working. When you enter a URL into a browser, one of these servers looks up the domain name in its database and figures out where in the world (the real world, not the virtual one) the actual Web pages are stored. It does this by turning a human-friendly URL like pcworld.com into a computer-friendly IP address like 70.42.185.10.

If hackers can change the addresses in a server, they can send people to fake sites where their information can be stolen and their computers infected.

According to an Information Age article, the altered servers sent people to a page where a Turkish group claimed responsibility and announced that "h4ck1n9 is not a cr1m3." (Just to be clear, this sort of hacking is most definitely a crime.) That's a relatively benign form of attack. But this technique could also send you to a fake version of your bank's Web site, where they could grab your logon name and password.

All of the breached servers were quickly corrected. But the attacks point to a new and very scary threat.

There's not much you can do to protect yourself. This is a security job for the folks running the Internet. But if a hacked DNS server sends you to the wrong page, the right protection can still help. All three versions of Trend Micro's Titanium security suite will block access to and stop downloads from malicious websites.

Subscribe to the Security Watch Newsletter