The Internet is becoming a dangerous place day-by-day and especially for those innocent web users who rely on 3rd party services. The latest bad news is that the World’s largest and most widely used Google’s free public DNS (Domain name system) resolvers raised security red flags yesterday.
DNS is the master address list for the Internet, which translates IP addresses into human readable form and vice versa. According to Internet monitoring firm BGPmon
, Google’s DNS server 18.104.22.168/32 was hijacked yesterday for 22 minutes.
The Google’s DNS server handles around 150 billion queries a day and during the 22 minutes of hijacking, millions of Internet users, including Financial institutions
, Governments were redirected to BT’s (British multinational telecommunications services company) Latin America division in Venezuela and Brazil.
It is suspected that Hackers exploited a well-known vulnerability in the so-called Border Gateway Protocol (BGP), which is used to exchange data between large service providers, and hijacking could allow the attackers to simply re-route the traffic to a router they controlled.
BGP attack is the man-in-the-middle attack
at large scale and harder to detect, as the traffic still reaches its legitimate destination and which was first demonstrated
in 2008 by two security researchers – Tony Kapela and Alex Pilosov
It’s not the first time when Google Public DNS service has been hijacked. In 2010, DNS server traffic was hijacked and redirected to Romania and Austria.