DNS Hijacking, or “silent server swaps”, is an attack method that can forcibly redirect your online traffic towards fake websites or display alternate content, and can often be used to steal your private data.
To understand how it works, it’s important to first understand what DNS is, and how your computer uses it to normally access the web.
How DNS works
Familiar with the process of visiting web pages? It’s a bit more complex than simply typing a domain name like example.org in your browser.
It’s easy to forget that everything we access online all lives on some form of computing hardware somewhere, whether it's your phone, your PC, your router, or the army of servers that help run giant sites like YouTube or Amazon.
Every single one of those devices connected to the internet has what is called an Internet Protocol (IP) address. Traditionally, this is represented by a series of numbers separated by decimal points. This is the real address that the machines that connect to the internet use to reach out to each other.
Obviously, it wouldn’t be practical to type in 126.96.36.199 (not a real IP address) everytime we wanted to visit a website. It’s to make the web truly useable by humans – not just machines – that the Domain Name System (DNS) was invented. This system matches the web addresses we are used to with the IP addresses of the servers that host the website.
So when you type in an address such as facebook.com, for example, your computer gets in contact with a DNS server to collect the website’s IP address. This server’s only job is to match URLs to IP addresses. Once it has found the corresponding, numerical address, it sends this information back to your PC, and connects you to the website you’ve requested.
Now, it’s crucial that your computer reach out to a legitimate DNS server.
Why? Because this is where the hijacking comes into play.
How DNS Hijacking works
A well functioning computer will have DNS settings that are usually allocated by your Internet Service Provider, or is setup to use on by Google or ICANN. Those settings tell it which servers to connect to to get the IP addresses it is looking for.
If those settings have been compromised, then your computer could be asking directions from a server that has been set up to provide it with a different set of IP addresses than the ones you intended – IP addresses that can, and often do, play host to phony websites.
Why DNS Hijacking is dangerous
Compromised DNS settings leave you open to different kinds of dangers.
Phishing sites that can steal your passwords
Consider this scenario: you type in your bank’s domain name and hit “enter.” Your computer sends off the domain name. Except now that your DNS settings have been hijacked, you get sent to fake version of your bank. You log in like normal, without noticing any red flags, only to share your account details with a thief.
The same could happen for any website you have credentials for.
Some online criminals will hijack your connection to send you to pages that are loaded with advertisements so they can charge the ad networks for the impressions. They can target the redirection to affect just the ads that get loaded on legitimate websites.
In either case, you’re essentially being conscripted into aiding and abetting a fraud against ad networks.
Unfortunately, this isn’t just done by criminals. Some ISPs will run modified DNS servers that can modify your traffic to support their own business objectives.
Some countries also use their own modified DNS servers to limit the websites available in thier borders..When residents of the said country attempt to access a government-blocked site, they’re automatically redirected elsewhere (to an “approved” site of course).
How can hackers “jack” your DNS settings?
The two most common tools used by hackers to override your DNS settings are:
Vulnerabilities in your router
Routers are computers too. Routers with out-of-date firmware and default passwords are at risk of getting hacked. And if your router is hackable, your DNS settings are too.
This form of malware is notorious for hiding inside other files, especially ones people like me and you may consider downloading. You can learn more about Trojans here.
How to protect yourself from DNS hijacking
1. Change your router’s password
And by this we don’t mean your WiFi access password, but the administrative password that gives you access to your router’s settings. You can usually find that password written on the router itself or accessible online, and then access the login screen by going typing one of the usual default I.P. addresses like 192.168.0.1 or 192.168.1.1.
If you’re still using a default password, remember to swap it out for a strong one. Check out our tips for creating strong passwords.
2. Update your router’s firmware
Routers are often the forgotten weak link in the online security chain. If your router’s firmware is out of date, it’s not patched for the latest security vulnerabilities. Your router’s manufacturer page should provide update info specific to your router model.
3. Make sure you’ve got malware protection
Stop hackers from altering the DNS settings on your computer by running a trusted antivirus software.
Bonus: 2 simpler ways to stay protected
AVG Internet Security with SecureDNS
You can simply bypass all of the above steps and protect your home network with an advanced antivirus.
Our AVG Internet Security not only features advanced malware protection, it also includes our new SecureDNS. This feature encrypts your DNS requests and makes sure they go through our secured DNS servers so the right IP addresses get delivered.
Don't have it? Download your free trial now.
Use a VPN
You can also take it up a notch and run a VPN. This encrypts all of your communications, not just your DNS requests.
While using the internet over a Virtual Private Network, so you’ll be sure to stay clear of DNS hijacking attacks. We recommend HMA! Pro VPN. You can get started in just a few steps!