For those of you following the recent fbi.gov news release saying that users could lose their Internet:
I thought I’d give you some details of how DNS works and why you would/could potentially lose your Internet access. Let’s start by explaining what DNS is … Domain Name Services (DNS for short) is basically a telephone book for computers. In simplest terms, it takes IP Addresses (220.127.116.11) which are numbers that are easy for computers to work with and matches them up with URL’s (www.google.com) which are website names easy for people to work with. This is done so that when you want to go to a website you don’t have to know what IP address the website is hosted at but just the name itself. DNS does that work for you.
Now let’s say that a bad guy was running what we call a rogue DNS server (or one that isn’t a part of the normal Internet cluster). They could say that www.google.com was located at a different IP Address than 18.104.22.168. You’re computer (Infected with Malware) could be changed to lookup addresses with this “bad guy” DNS Server.
That would mean you would go to a server that might look and feel just like the real google, but it would really be controlled by the bad guys. They would start collecting information (Credit Cards, Logins to the Real Site, etc) and then begin using that information on the Internet to make themselves money or gain access to places they shouldn’t have access (your bank account, etc). This isn’t so bad when it is google but if they pretend to be PayPal, your bank, or your credit card site they can get a lot of info you do not want them to have.
Is this a real threat? Yes, of course. Is it going to be a disaster come July? …. I’m inclined to think not.
The FBI has already put a stop to a large ring of these rogue DNS servers, but they have so many people that are infected (they know this because they see how many queries are coming to the servers), that they don’t want to just turn them off. So they issued a court order to have the rogue (bad guy) servers replaced with good servers to deliver good content to infected machines. At least until July to give people enough time to make sure they are fixed. Once the July deadline is reached they’ll start taking these clean DNS servers off line and people will appear to be without Internet. The simple fact of the matter is if you knew the IP of the place you wanted to go you could still do so, but no one does that because we all rely on DNS.
If in fact you were infected and you were pointing to one of these rogue servers the worst case scenario is that you’d have to get your computer cleaned for malware and viruses. At the least you’d have to change your DNS Servers back to legitimate DNS servers. DNS Servers can be changed easily with only a few clicks of the mouse. Most people won’t know the difference in good settings and bad though. http://www.dns-ok.us is a website you can visit to see if you are infected or not. I find it funny however that the bad guys could simply point dns-ok.us to a different server that showed that your computer was fine, so there really isn’t a surefire check of this.
Again the worst that could happen is your Internet won’t work on your personal or work computer. If you are still worried I might recommend that you install a proper antivirus solution on your systems (https://www.csdurant.com/sales/antivirus), and scan your computer with Malware Bytes (available on www.csdurant.com on the right side of the page).
In closing these type of attacks have been going on for years, and I find it funny that someone decided that it should get this much news coverage all of the sudden. Also to note, if the FBI has shut down a ring of bad guys that are using this kind of technique to attack computers, be assured that they’ll come up with a new, even better mouse trap for collecting your money off of the Internet. As always I encourage you to be careful, buy only from sites you know and trust, and run routine scans on your computer to make sure you don’t become a victim. I think it would be a much better plan for the FBI to use the same technique and just redirect infected computers using DNS to a page that says “Hey you are infected here are steps to fix this”, but they are government and government sometimes chooses the harder of two paths.