DNS hijacking redirects internet users to a different website than the one they intended to visit. DNS servers translate web addresses into IP addresses, but hijacking changes this process to direct users to a different IP address. Hackers can use this technique for phishing attacks, while some ISPs use it for advertising purposes, which has been criticized as dishonest.
DNS hijacking is a process by which Internet users can be redirected to a different website than the one they are trying to reach. The Domain Name System (DNS) is a set of protocols used to allow users to connect to various websites on the Internet. When a user types in a particular web address, a DNS server translates that address into an Internet Protocol (IP) address and directs the user to the correct site. DNS hijacking modifies this process, however, so that the user is directed to a different IP address than the correct one.
How DNS hijacking occurs is based on how users on the Internet connect to websites. Most users access a website by typing an address into a browser or through a search engine that displays website addresses based on search results. When a user types in an address, such as www.wisegeek.com, a DNS server receives this request, but Internet websites aren’t actually hosted on servers that use these types of address names. IP addresses, which are unique and consist of a series of numbers, are used to organize and assign locations on the Internet for each website.
A DNS server translates the address a user types into the correct IP address, then connects that user to the appropriate server for that website. DNS hijacking, however, occurs when a DNS server directs a user to a different website than the one that should be reached based on the address they typed. This can be a particularly dangerous type of attack when used by hackers, as the user may be completely unaware that they are not looking at the correct website. DNS hijacking actually occurs “behind the scenes” of browsing the Internet and it is likely that the user’s browser window will display the correct name for the website.
When hackers use DNS hijacking to redirect users to a malicious version of a website, this is called “pharming.” For example, a compromised DNS server can receive a user request for www.pretendbank.com. Instead of sending the user to the real bank’s website, however, it sends the user to a fake version of the site, often created to look just like the real version. When the user attempts to enter their security information, the website logs that information and then indicates to the user that the system is currently unavailable. This information can then be used to access the user’s actual bank account and perform fraudulent activities.
Some Internet Service Providers (ISPs) have also started using DNS hijacking for less malicious purposes. These ISPs use “DNS redirect” to send users to a particular page when an invalid web address is entered. Instead of displaying the standard screen for bad sites, the ISP displays a page that often includes advertisements for other services. While this isn’t necessarily harmful, many users have condemned this practice as inherently dishonest and in violation of established Internet standards against DNS hijacking.
Protect your devices with Threat Protection by NordVPN
