Hijacked!
 | Author: Victor Sample Vic Sample: MT43 News Treasurer |
The law tends to lag behind technology. Unscrupulous people can find ways to do things that seem like they should be illegal – but it is not.
A couple of years ago friends of mine were having malware problems with their PC. While using their browser they would suddenly get a full window warning about their PC being severely damaged and that they needed to call a “Tech Support” number to get it fixed. The warning came with a loud, very annoying screeching sound. It didn’t make any difference which browser they used–they would get this awful sounding, dire message.
After working on the PC for a couple of hours, I found they were a victim of “DNS Hijacking.”
There are literally billions of websites in the world. When you want to visit a website, the request for that site goes to a Domain Name Server (DNS) to determine where the website is located and how to your request to that website.
All Internet Service Providers (Montana Internet, Century Link, Spectrum, etc.) have Domain Name Servers and, by default, your request is routed via the ISP’s Domain Name Server. However, if you have enough technical knowledge you can choose which Domain Name Server to use; on my PC I use the Google Domain Name Servers rather than my ISP’s Domain Name Server. If you choose specify which DNS to use rather than just default your Internet Service Provider DNS, Windows stores the information and will use that DNS.
That opens the door for malware to update that information on your PC with a Domain Name Server of their own. When you want to go to a website with your browser the malware Domain Name Server routes your request to their own malware website and can deliver you bogus warnings like the one my friends were receiving. It doesn’t make any difference what Browser you use, all the requests will route to the malware DNS.
Once I found that they were victims of a DNS Hijacking, I changed the DNS back to use the default DNS – in their case, the Montana Internet DNS. Everything worked fine again – for a while. Suddenly the problem was back – the malware performing the hijacking was well-hidden on their PC. What was astounding to me was that while I couldn’t find a way to remove the malware without special software, I was able to determine who was doing it – it was a “marketing company.”
So, I did some research on DNS hijacking and found that it is perfectly legal. In the UK the “Information Commissioner’s Office” did find it “contravened” directives on data security but declined to pursue any actions on DNS Hijacking. I could find no mention of DNS hijacking being illegal in the United States.
Technically it is a FEDERAL CRIME for you to drop off an invitation to your child’s birthday party by just putting it in a friends mailbox but DNS hijacking seems to be totally legal. Somehow that seems wrong to me. Senior