DNS hijack used to steal cryptocurrency

Next story

DNS hijacking may not be the most difficult attack to implement, but it can be costly.

Cryptocurrency is big business and unless you’ve been living under a rock you are no doubt aware of Bitcoin’s meteoric rise in value (shortly followed by its steady decline).

Bitcoin isn’t the only cryptocurrency on the market however, a great many have cropped up in the last few years and they are all ripe targets for attack.

On January 13th one such cryptocurrency was targeted with a DNS hijack in order to steal over $400,000 worth of Stellar Lumen (XLM), a cryptocurrency which was being stored and traded on BlackWallet.co.

Mark James, ESET IT Security Specialist, explains how a DNS hijack works and why it is so effective.

“As far as “hacking” goes things like DNS hijacking are deemed to be fairly low on the ladder, but that does not mean it’s any less brutal.

“When we log on to websites we rely on certain pointers as to its authenticity: dodgy looking links, sporadic characters, grammar and spelling for example.  

“So let’s look at what happens when your DNS is hijacked.

“A third party redirects all traffic for one location (the clean side) to an identical looking location owned by the malicious party (the dirty side).

“DNS is a form of computer translation, when we type a name of a website, say www.eset.co.uk, into our browser we end up on the site we are looking for, but computer and server do not actually understand the www address.

“They require numbers: IP addresses, similar to postcodes. We are unable to remember many website numbers, especially as there is no correlation between the site and the number used, so DNS servers do that for us.

“The problem is that if this is compromised, or hijacked, you will technically never know: you type your required www address and the website, or what seems like the website, appears.

“It all looks exactly as it should. You enter your details and voila everything is good and ready to proceed, sadly all the information you enter may be compromised and sent elsewhere for baddies to plunder as they see fit.”

Have you ever noticed a familiar website suddenly looking dodgy? Let us know on Twitter @ESETUK.