DNS hijacking is no joke. A couple of years ago, hackers hijacked high-profile domains such as nytimes.com, huffingtonpost.co.uk, and twitter.co.uk after phishing the credentials for a reseller account at an Australian domain registrar. In 2016, hackers used DNS hijacking to redirect traffic to all 36 of a Brazilian bank’s domains. In 2017, a group of hackers hijacked WikiLeaks via its DNS, rerouting its visitors to their own websites.
Domain hijacking, though not as not common as threats posed by viruses and malware, can be harmful to individuals and business alike. Despite all the risks domain hijacking can unleash, many domain owners fail to apply the basic precautions that can protect them. This post will help you understand what to do to safeguard your domain.
What is DNS Hijacking?
DNS hijacking is when a bad actor gains access to your domain registrar account details, thereby having full control of all your domain-based functions. This includes changing DNS name servers, setting a new domain status, transferring the domain name, as well as altering the personal, technical and administrative details of all domains located under that account. People have different motivations to attack a website. It might be:
- For financial gain
- To take a competitor’s site offline
- To access customers and their data
- For political motives
How Does DNS Hijacking Work?
There are many ways for cybercriminals to gain control of your domain name. They include:
Domain registrar data breach, which may be due to the security failures of your domain provider, thereby exposing your personal login and passwords to the attacker.
Tricking you with a fake phishing page to get your domain registry login details.
Socially engineering you, by calling you claiming to be your domain registrar, and asking for login details to verify your account details.
Installing keyloggers on your computer, which log all pressed keys and send information to attackers.
What DNS Attackers do with the Hijacked Domains
- Almost every business whether local, national or international is susceptible to DNS hijacking. DNS hijacking offers many opportunities for hackers, but what they eventually do depends on the domain name they managed to compromise.
- If your domain is an e-commerce site, they might decide to steal account credentials by redirecting victims to a fake login form. This method can be used to bypass two-factor authentication by tracking web visitors to disclose their data.
- If it’s a news website, they might choose to redirect visitors to a page with a politically-motivated message.
- Websites from external resources or content delivery networks can also be indirectly affected by DNS hijacking. If the site URLs of such third-party services are hijacked, attackers could corrupt them with malicious code and breach thousands of websites.
- Everything from the hijacked domain can be intercepted, leading to sensitive data leaks.
How to Prevent DNS Hijacking Attacks
Your online security is extremely valuable, and it is crucial you guard your domain against cyber threats like DNS hijacking. There are certain steps you should be taking.
When picking a domain name registrar, be sure they offer advanced security features. Make sure they offer extra features such as two-factor authentication, DNS management, and technical support. If you are in New Zealand, some good web hosting companies are Go Daddy, Host Gator and Openhost domain names.
Ensure your hosting provider is secure. If the web host has poor security mechanism, there is a hijacking possibility.
Closely watch email inbox for messages requesting registrar login details. They may be scam and phishing emails.
Never share your domain registrar login details with strangers. Sometimes, your web designers, developers, and other IT services may ask for your domain registrar login details to alter some DNS configurations. Do not agree. If you must, create a sub-account with restricted privileges to limit the scope of what can be modified.
Use a strong password and remember to change it periodically. Most security companies recommend changing your password after 72 to 90 days.
Keep your domain contact details updated. Make sure your contact information includes a new, up to date, domain-based email address. Your contact, administrative, tech and abuse details must always reflect accurate contact details. This will enable your domain registrar to contact you as soon as possible, in case of an emergency.
Always enable domain locking.
Enable WHOIS protection.
What Mechanisms and Software can Domain Owners Use to Protect their Domain?
Enable HTTPS for all web apps and services hosted on a domain name. This will protect users from man-in-the-middle attacks, where someone steals the information being sent to a website such as passwords, bank transactions, credit card information or logins. To reduce the negative impacts of DNS hijacking, HTTPS needs to be combined with a security mechanism called HSTS. The HTTP Strict Transport Security (HSTS) ensures data between both parties are safeguarded, preventing criminals from reading and modifying any information transferred. It can be used to instruct browsers to always access websites over encrypted connections.
Another way to eliminate or minimize the risks of DNS hijacking is the use of Domain Name System Security Extensions (DNSSEC), which is a suite of extensions for the DNS protocol that lets you verify the source of DNS responses through cryptographic signatures. Due to the recent rash of DNS hijacking attacks, ICANN has urged for a more rapid DNSSEC adoption. They believe DNSSEC would have prevented the DNS hijacking attacks that have made headlines recently.
To reduce the risk of malicious code injection through third-party scripts, websites can use a mechanism called Subresource Integrity. It calculates and specifies a cryptographic hash for every internal script loaded into the website. Browsers will then compare the script’s hash with the website’s one and if they don’t match, the download of the external source will not commence.
How to Recover a Stolen Domain Name
Contact your domain registrar and explain the situation. Provide them with relevant details, such as the account name used to purchase the domain, any recent correspondence, and complete any required paperwork.
If the registrar cannot provide a solution the domain has already been transferred to another registrar, seek legal help. Documentation is key to proving your right to ownership. Keep track of any financial transactions associating you or your organization with the hijacked domain, as well as any marketing material associating the hijacked domain with your organization.
Contact ICANN for domain dispute resolution. The documentation and steps provided may help recover your hijacked website.
When it comes to DNS hijacking, you may not be as safe as you think, especially if your domain registrar or web host is not secure. Recovering a stolen domain isn’t easy. The process of recovering a hijacked domain is quite costly and time-consuming. There are cases where website owners are left with no other option but to move on, and change their domain names.
Avoid such a situation by making domain security a priority. Take adequate protection against all forms of website hacking, and ensure your domain registrar and web hosting provider do so too.