All you need to know about DNS hijacking

DNS hijacking
If you ever wondered what is DNS hijacking, how it works and how to avoid it, you’re in luck. Our experts put together this great guide with all the useful information about DNS hijacking and the best ways to avoid phishing.

What is DNS hijacking?

DNS hijacking is a type of malicious attack in which an individual redirects queries to a domain name server (DNS), by overriding a computer’s TCP/IP settings. This can be achieved through the use of malicious software or by modifying a server’s settings. Once the individual or individuals performing the DNS hijacking have control of the DNS, they can use it to direct traffic to different websites.

There is actually two main types of DNS hijacking:

  1. The DNS hijacking that involves infecting computers with malware or DNS trojan attack softwares, which determines computers to no longer translate the user friendly domain names to the correct corresponding IP addresses.
  2. The DNS hijacking that involves hacking certain websites and literally having their DNS addresses changed so that visitors from these websites end up visiting completely different destinations online.

How does DNS hijacking work?

Now that you understand what is DNS hijacking, it’s time to learn a little about how it works.

The DNS maps the user friendly domain name (such as to its corresponding IP address. DNS servers are usually owned by ISPs and other private business organizations. In normal conditions, your computer is set up in such a manner that it will know to use the DNS from your ISP or other reputable organizations.

If your computer has been infected by hackers or malware programs that managed to change your PCs DNS settings, it will no longer have the ability to correctly make the connection between a user friendly domain name and its original IP address. This means that you will be directed to a fake versions of certain websites you are trying to visit.

Want to surf securely online?

Get a VPN to protect online privacy, secure your connection and access blocked websites

Try CactusVPN For Free

Why is DNS hijacking used?

If you are interested in cyber security and more importantly, in your own online security, it is important to know the reasons behind DNS hijacking so you know what you should expect and how to avoid it.

ISP DNS hijacking

This technique is used by several ISPs, claiming it is a way to improve user experience. That means that when connected to the internet through certain ISPs, if you type the URL of a website that doesn’t exist or is no longer available, instead of seeing an error page in your browser, you will be redirected to a different website. This translates into more revenue for the ISP, since it is very likely that they control the pages you are being redirected to and earn quite a lot of money from advertising on that site.

DNS hijacking for Pharming

This is done by redirecting a website’s traffic to a fake one. As an example, we can take a scenario in which the user is trying to connect to a social networking platform by typing the URL in the browser and instead of accessing the platform, another website appears. One that is filled with pop-ups and ads and through which the hacker generates revenue from ads impressions or clicks.

DNS redirect for Phishing

This is a DNS hijack in which the user is directed to a malicious copy of a famous website, which looks exactly the same as the original one. As an example, if a bank’s website would be hacked and had its DNS redirected, it would mean that users would end up introducing their log in information on a fake website, owned by somebody who will use their bank information to steal their funds.

How does a DNS redirect affect me?

There are many ways in which you could be affected by this hacking technique and while some of them seem pretty harmless, others are quite scary.

First off, in case you are a victim of ISP DNS redirecting, there is a chance you will not even notice it. There are some inconveniences that could appear: if the ISP DNS server is temporarily overloaded or simply has a downtime, you will not be able to use the internet. On top of this, through DNS redirecting, your ISP can track every single move you make on the Internet, logging everything you are doing on the Internet. Also, if the ISP does not protect its DNS server accordingly, it can end up being exploited by hackers, which in the end would mean that you will end up on rogue websites where your personal information is at risk.

DNS redirects for Pharming are a lot less risky for the end user, but they can be very annoying. If you constantly end up on different websites than the ones you are trying to visit, you will see a lot of annoying ads and there is a chance you will pick up some kind of malware or virus from one of the malicious websites you keep getting redirected to.

By far the most dangerous are the DNS redirects for Phishing. Getting all your personal information or bank information in the wrong hands can turn out to be complete nightmare. Identity theft is a serious crime, and one that you really don’t want to be at the receiving end of. Unsuspectingly entering your sensitive data into a website that is not what it seems is a dangerous and scary thing.

Even though it doesn’t really affect you directly in any way, you could become a small wheel in the cybercrime system. Since hackers or even ISPs could redirect your traffic to websites loaded with ads, for which they charge the advertising networks for the impressions, one could argue that your are aiding and abetting a fraud against ad networks.

You could be affected by DNS hijacking if your country’s government uses DNS redirecting as a way to mask censorship. In certain countries, the access is not permitted on several websites and some of the governments instructed ISPs to redirect users to “approved websites” when they try to access forbidden ones.

How to protect against DNS hijacking?

It’s important to stay protected. Your online privacy and personal details are extremely valuable and you should take all the necessary measures to keep them secure. If you want to protect yourself against cyber threats like DNS hijacking, follow these simple rules:

1. Be aware of the issue

Like with most things, the first step would be to become aware of the issue and to try and find out if you’ve already been affected by a DNS changer. The easiest way to detect a DNS hijack is to use the ping utility. Try pinging a domain you know for sure doesn’t exist and if it resolves, there is a very high chance that you are a victim of DNS hijacking.

2. Stay away from shady websites

Considering that in many cases, the attacks are carried out through trojan horse or similar malware programs, it is highly recommended to stay away from shady websites in the first place. The viruses are usually served through video or audio codecs, through Youtube downloaders or other similar free online utilities. A great example is the DNS Changer Trojan which was used to hijack over 4 million computers, generating a total profit of 14 million dollars through advertising.

3. Change your router password

Changing your router password constantly also decreases your chances of being hijacked. If a hacker targeted your router and is trying to access it to change the settings, it would be best not to find that it is only protected by the default factory password. On top of this, using a good and constantly updated antivirus program could help as well.

4. Use a VPN service

Using a VPN service is also one of the most common and effective ways of protecting yourself against DNS hijacking. A VPN would encrypt all your internet traffic and send it through a virtual tunnel. Since this includes all your DNS/Web traffic, your hijacker will be unable to decipher your traffic, which in the end means that you will not have to deal with any annoying or dangerous redirects. On top of this, you can use a VPN regardless of your location, which means that you can stay protected while you travel or while using less secured Wi-Fi networks.

Bottom Line

Make sure to always keep an eye open for cyber threats! Stay up to date with all the most important news, change your passwords frequently, use a good antivirus and a trustworthy VPN so you can surf the web safely. There’s dangerous waters out there, but with the help of amazing tools you can still be protected.

Want to stay safe online?

Protect online privacy, secure your connection and access blocked websites

Try CactusVPN For Free
Posted on