The hackers at Lizard Squad have been busy again. Early in March, they used DNS poisoning to redirect traffic from Google’s Vietnamese page to a page advertising their own DDoS tool, the Lizard Stresser.
Despite the outrage of many users who weren’t able to access Google during the attack, it appears that no real harm was done. No servers crashed, and no personal information was stolen. Nonetheless, this case highlights the vulnerabilities inherent in the DNS system, and the next attack might not be so harmless.
How Hackers Exploit DNS Servers
DNS servers have often been referred to as the phone book of the internet, but they’re really more of a translator. They turn the human-friendly words (called “queries”) we type into our browsers into IP addresses, those strings of numbers that computers use to find web sites. This system is what keeps the internet running smoothly. But, if a hacker can answer a DNS server’s query with a fake response sooner than it gets the legitimate response, it’ll send traffic to the wrong website. Sometimes it’s just an annoyance, like the Lizard Squad attack on Google. But, far too often, users are redirected to a spoofed site that looks just like the real one and even has the right URL. So users enter their personal information, and the hackers strike gold.
Why DNS Servers Are An Enticing Target
It’s the caching capability built into DNS servers that makes them so tempting to hackers. Every time a server looks up an IP address, it “remembers” that information for a while, saving time on future queries. If it caches a fake address, everybody who comes along after that also gets sent to the fake address. So what originally affected only one person can end up affecting many more.
DNS poisoning isn’t the only way hackers exploit the DNS system. They can also use it to launch amplified DDoS attacks. In one type of attack, hackers get open DNS servers to do their dirty work for them. Instead of being limited to the queries they can send out on their own, they have a whole team working with them, making it easy to overwhelm the target site. Other times, they flood servers with requests for non-existent web sites, so that the servers keep sending queries for sites that never answer, tying up valuable resources.
What You Can Do
The smartest thing you can do for your business is to stop thinking, “It will never happen to me,” because the facts say otherwise. Pulling off a DNS attack is both easy and cheap, and, since some hackers do it just to prove they can, there doesn’t even have to be a reason. No company is too big, no company is too small, and no company is too obscure.
Once you recognize your risk, your next job is to figure out what to do about it. Some businesses handle their security in-house, but more and more are outsourcing the task to specialists. Not only is network security a critically important job, it’s also a fight against a constantly moving target, as hackers’ strategies evolve. Regardless of who manages your security, they key is to make sure they’re the right people, have the right resources, and are totally plugged into the world of network security so that they’ll be out in front of new developments. Can your security team handle all of that?
