Crypto Security: What is DNS hijacking?

in #crypto7 years ago (edited)

maxresdefault.jpg

Hello,

One of the more common attacks on exchanges/online wallets today is done through DNS hijacking. As seen lately in:
https://www.bleepingcomputer.com/news/security/hackers-hijack-dns-server-of-blackwallet-to-steal-400-000/
https://www.bleepingcomputer.com/news/security/hackers-hijack-dns-server-of-crypto-to-crypto-exchange-etherdelta/

So let's start from the beginning.

What is a DNS?
DNS stands for Domain Name System. An often-used analogy to explain the Domain Name System is that it serves as the phone book for the Internet by translating human-friendly computer hostnames into IP addresses. For example, the domain name www.example.com translates to the addresses 93.184.216.119 (IPv4).

What is DNS hijacking?
So basically, without access to the homepage or web server itself, the attacker could redirect the traffic to a malicious webpage using the hijacked DNS. If we look at what happend with EtherDelta:

"The exchange said hackers managed to take over control over its DNS server and redirected the etherdelta.com domain to a malicious server hosting a copy of their website."

The DNS redirect you to malicious look-alike webpage and when you use your credentials they get stored and saved. In some cases, if we look at what happend with BlackWallet. They had a bot/script that logged in on the real webpage just seconds after your credentials got saved. That would for example keep your G2A still valid, because they login instantly.

The DNS hijacking could also involve infecting computers with malware or DNS trojan attack softwares, which determines computers to no longer translate the user friendly domain names to the correct corresponding IP addresses.

Coin Marketplace

STEEM 0.20
TRX 0.26
JST 0.040
BTC 101672.76
ETH 3666.48
USDT 1.00
SBD 3.15