Beware, the Website May Be `Poisoned’
By Elizabeth John; Aniza Damis
YOU do it every day with complete trust with just the click of the mouse – send emails, transfer money, buy airline tickets.
But how do you know the page you’re looking at is really your bank’s, email provider’s or airline’s website? Could some bad guy have an exact copy of those websites and re-directed you to them and steal information about you?
It’s possible and it’s called DNS poisoning.
It’s also one of many security problems on the Internet that businesses and institutions are beginning to worry about and guard against.
DNS is Domain Name System and what it does is translate an address like www.nst.com.my into the numerical kind computers recognise – in this case, 202.190.174.55.
This makes the Internet easy for users because they don’t have to remember and type in a string of numbers every time they want to go a certain website.
But what makes for easy browsing is also open to manipulation.
A 2005 article on The Internet Patrol website explains: when you type an address in your browser, for example, http:// www.theinternetpatrol. com, your computer asks the DNS server “where does www.theinternetpatrol.com live?”.
The DNS server answers by giving an IP address, for example, 69.12.213.233.
Your computer then rings up 69.12.213.233 and you are at the site.
DNS servers have a cache of hundreds of thousands of domain names cross-referenced with their corresponding numerical addresses, which are also called IP addresses.
But what if someone is able to access one of the DNS servers, and change some of the entries in the DNS cache so that when your computer asks where www.theinternetpatrol. com lives, instead of 69.12.213.233, the DNS server tells your computer 216.109.117.205?
And what if a bad person changed the DNS cache information – poisoned it – so that instead of The Internet Patrol site, your computer leads you to an exact replica, The internet Patrol Site, that is controlled by the attacker?
If the exact replica was of your bank’s website, the attacker could steal your banking information.
If it mirrored your airline ticket sales site, the attacker could steal your credit card information.
This is what DNS poisoning is and what IT experts like Azli Paat are advising users to be cautious about.
Scams like these are a step up from the “phishing” problem several years ago in which cyber criminals used to trick people into giving out bank account details and passwords to their Internet bank accounts, he says.
It usually took the form of emails from banks that asked users to click on a link. They would then be directed to a website that looked very similar to the bank’s page and there, they would be asked to enter their personal details.
Once users caught on and stopped clicking on these emailed links, the scammers moved on to the far more dangerous DNS poisoning.
Dangerous because the bank customers or email users may never know that they are on a replica site and that their information is being siphoned away.
Azli, executive vice-president of Dapat Vista Sdn Bhd, has some advice for Internet users.
Most information is transferred in clear text over the Internet so that anyone can read it. The generally agreed method of transferring web pages between a browser like Internet Explorer and a web server is Hypertext Transfer Protocol, or http.
So, opt for the server software that provides for “secure” transactions to take place on the Internet or https, says Azli.
This means the information is encrypted and can only be read by the recipient.
When carrying out online banking transactions or when giving out personal information, try to do it from a secure location, like home, he says.
Use the office computer only if you trust the administrator.
He cautions regular users of WiFi – the system by which people connect their laptops and computers to the Internet wirelessly – to be particularly careful.
“If the WiFi system you use is not locked with a password, it gives scammers access to your Internet connection.
“If you are not using a website with https, scammers can sniff out your transactions on the Internet.”
It is called IP packet sniffing and they can just park outside a place with WiFi and from their laptops, latch onto your system and find out what you are sending and receiving.
A burglar could, for instance, find out that you have made reservations for a holiday and for how long you will be away.
Azli says when people discover there is free WiFi access at a particular location, they would throw caution to the wind and surf without a worry. “You are your own best safeguard. Think before your click.”
He also cautions Net users to be careful when downloading as that could open the doors to Trojan horses – programs that could hijack your computer and steal personal information.
It is also time to spend money on an anti-virus suite that covers phishing and highlights unsecured networks.
“I am not saying don’t trusting anyone. I am saying educate yourself and be careful.”
(c) 2008 New Straits Times. Provided by ProQuest LLC. All rights Reserved.