Dangers of DNS Interception
DNS interception can also lead to blackmail. It becomes the equivalent of a phone wiretap where someone listens into conversations of a couple having an affair and gets information on every restaurant or hotel the couple meet. The couple are allowed on their way but the information is saved for later by the intercepting party. DNS interception can also lead to the interceptors getting other bits of information from the intercepted addresses. The best example is when the interceptor intercepts someone’s daily physical mail, or in today’s world, packages. Interceptors can get plenty of information from intercepted packages. Imagine of someone were to get your mailed-in credit card coupled with last week’s Hallmark birthday card from your mother, coupons, or membership cards and takes advantage of those. The scenario is equal to someone getting all your credit card numbers, passwords and other credentials from your PC through installed malware after the interception has taken place. The scenarios stated mean that DNS interception is a huge threat to the security and privacy of potential victims. Less than one percent of the world’s DNS queries can be intercepted by malicious parties, according to researchers from the University of Texas and Tsinghua University in China. That still amounts to millions of internet users in danger from the above scenarios especially if they don’t employ any substantial internet security. And they say that this is the result of the poor implementation of already established DNS safeguards. These include Domain Name System Security Extensions (DNSSEC) that prevents the tampering of DNS queries and DNS-over-HTTPS that includes query encryption which prevents people from spying and identifying the sites you visit. Basically, most DNS queries are neither encrypted or authenticated as in terms of security, everyone is more focused on entry points of attack rather than interception.
…This is a problem that must be dealt with immediately. It may be the case that companies are not thinking about DNS queries as a potential attack vector. If this is true, how many other data-related processes are unprotected? Businesses need to be thinking about encrypting data at any point on the network, wherever it be in the cloud, data center or on an endpoint, –Luke Brown, VP EMEA, WinmagicEven public DNS resolvers like Google’s (18.104.22.168) and Cloudflare’s (22.214.171.124) aren’t safe from malicious parties. In fact, these are very much on their watch list. Both companies are not obligated (perhaps they should be) to implement additional security but there should be additional awareness on this threat on all points, the users, the paths and the websites.