Security researchers recently revealed that a previously unknown hacker group carried out a series of attacks on government agencies in 13 countries by redirecting agency computers to hacker-controlled servers. This happened through the manipulation of domain name system (DNS) infrastructure. And it followed a US Department of Homeland Security alert disclosing a global campaign, subsequently linked to Iran, to redirect internet traffic and steal sensitive information also by compromising DNS infrastructure.
The DNS is an attractive target because it serves as a global address book, translating internet names we know into IP addresses that computers can recognise. The infrastructure supporting DNS is maintained by a number of core companies that administer internet domains, register new domain names, and host DNS “lookup” services which convert those domain names into IP addresses.
For years, hackers have abused the registration process to obtain new domain names which they then use to orchestrate cyber intrusions. Today, if attackers can hijack an existing customer domain at any of these companies, they can also reroute email and web-based communications, obtain confidential information and disrupt communications. And if they are able to compromise administrative infrastructure for DNS service providers themselves, they can cause potentially massive chaos, including for entire government and military domains.
Likewise, distributed denial of service (DDoS) attacks, which flood the system with traffic, can degrade large volumes of internet activity. Ecuador experienced a wave of DDoS attacks after the arrest of WikiLeaks founder Julian Assange that reportedly took a number of government, banking, and related sites offline.
These recent alerts and attacks highlight an under-appreciated cyber security vulnerability in the global domain name system. Two years ago, the Global Commission on the Stability of Cyberspace, which I co-chair, called on both state and non-state actors not to threaten the integrity of the public core of the internet. We now need concerted international action to address the risk to essential DNS infrastructure and reduce the opportunity for bad actors to disrupt services critical to the way we communicate and trade today. How do we move towards a more resilient DNS ecosystem? An effective model must contain three elements. First, a risk-based cyber security approach that successfully defends core DNS infrastructure despite attempted attacks. Second, a proactive strategy to mitigate unauthorised DNS account takeovers and new illicit domain registrations. And third, a trusted relationship between DNS providers and law enforcement agencies, which would allow police to carry out investigations and curb misuse of the system.
Source: Financial Times