Case report: The first hijacked domain name case in China broke

Domain name hijacking refers to the use of some means (illegal and possibly legal) to change the domain name owner for the domain name set by the IP address. For example, Microsoft's domain name www.microsoft.com under normal circumstances should be corresponding 207.46.20.30 this IP address, 207.46.20.30 this IP address is Microsoft to domain name www.microsoft.com set IP address. However, if Microsoft is hijacked by domain name hijacking attack, then www.microsoft.com this domain name will no longer point to 207.46.20.30 this IP address, then the natural browser through www.microsoft.com This domain name also can not access to Microsoft's website. So if you enter www.microsoft.com this domain name in the browser, if you visit the Google site, it is likely that Microsoft's domain name is hijacked, unless Microsoft was bought by Google.

There are 13 groups of root (root)-level DNS servers in the world, and there are already multiple DNS mirrors in mainland China. But none of the groups are directly controlled by China, so the mainland has failed to control the site's domain name fundamentally.

2002 years or so, Chinese mainland began to use domain name hijacking means, they use a router to provide IDs monitoring system for domain name hijacking, to prevent people access to filtered sites. At the same time, in order to prevent the senior users themselves directly using a domain name server with normal functions, mainland China has also begun to block overseas DNS servers, has blocked hundreds of North American DNS servers.

Temporarily does not affect overseas as well as Hong Kong and Macao users (but to the mainland netizens bring great trouble).

Domain name servers (DNS) can return to normal IP addresses because domain name hijacking can only take place within a specific network scope. This is what attackers use to block the IP addresses of normal DNS in a range of locations, the use of domain name hijacking technology, by posing as the original domain name by e-mail to modify the company's registered domain name records, or transfer the domain name to other organizations, by modifying the registration information specified after the DNS server added to the domain name record, Let the original domain name point to another IP server, so that most of the network name can not be properly accessed, so that some users directly access to the malicious user designated domain name address, the implementation of the steps are as follows:

First, the acquisition of hijacked domain name registration information: firstly, the attacker will visit the Domain name query site, through make changes function, enter the domain name to query to obtain the domain name registration information.

Second, the control of the domain name e-mail account: At this time the attackers will use social engineering or brute force to decipher the e-mail password to crack, the ability of an attacker will be directly to the e-mail intrusion behavior to obtain the required information.

Third, modify the registration information: When the attacker cracked the e-mail, the relevant make changes function to modify the domain name registration information, including owner information, DNS server information.

Iv. use e-mail to send and receive the confirmation letter: At this time the attacker will be in the letter account of the real owner before the network company to intercept the network to confirm registration information changes, and back to confirm, then the network company will again burst into attack modified letters, at this time the attackers successfully hijacked domain names.

September 11, Wuxi Binghu District Court sentenced the domestic public security organs cracked the first use of hijacked domain name server method to destroy computer information system case.

The Domain name server (also called DNS) is an important device of the Internet. When people go to the Internet to visit a website, they usually enter the English-alphabet Web site. In fact, the real web site is made up of 0-9 of these 10 figures. The computer is unable to recognize the English alphabet, it can only recognize the number, it will send English letters to the Network service provider's server sent resolution requests. The "server" will be the English letters to resolve the number returned to the Netizen's computer, netizens successfully landed on a website. In the information age, online banking, online transactions, electronic files and other related to the interests of millions of netizens. Because of this, the domain name server also becomes the object which the cyber criminals covet. In the second half of 2007, Ma Zhisong A group of network thieves implemented the hijacking of Domain name server crime, involving the national 31 of millions of Internet users computer poisoning. This mega-cyber crime alerted the Ministry of Public Security.