The Internet’s Phone Book Is Broken

And hackers are having a field day

Tyler Elliot Bettilyon
OneZero

--

Illustration: Yoshi Sodeoka

BBack in January, the Cybersecurity and Infrastructure Security Agency, a division of Homeland Security, issued its first emergency directive requiring federal civilian agencies to secure themselves against a global hacking campaign targeting the Domain Name System (DNS) that security firm FireEye claims with “moderate confidence” was sponsored by the Iranian government.

Security firm Farsight has alleged that DNS vulnerabilities played a role in the infamous Democratic National Committee email hack. Motherboard reports that Venezuelan President Nicolás Maduro’s administration appears to have abused DNS vulnerabilities using what’s known as a homograph attack to collect names, email addresses, passwords, and other personal information from anti-Maduro activists.

For five hours on October 22, 2016, anyone who logged into an unnamed Brazilian bank’s website actually gave their login credentials to hackers who utilized weak points in the bank’s DNS infrastructure. Last April, the same thing happened to users of a cryptocurrency exchange, resulting in more than $150,000 being stolen from users of the exchange.

Most of us assume core internet infrastructure like DNS will always work as advertised. Simply type the URL for your bank’s website into your…

--

--