Understanding the DNS and Government Cyberattacks
By Space Coast Daily // January 1, 2021
In recent times, there has been much talk about governments hacking other countries. Specifically, America has worried about Russian and Chinese hacking.
Both of these countries have shown covert or even overt US hostility in various ways, and one of the methods they can use to potentially weaken America is through web-based hacker attacks.
The American government also has a hacker division that tries to destabilize other countries that we deem threatening. This is part of what modern warfare looks like: rows of hackers behind computer screens, busily typing away, trying to steal state secrets and plant misinformation.
In this article, we’ll explain a little more about why government-sponsored cyberattacks are such a serious threat. We’ll also talk about the DNS, one of the ways foreign governments commonly try to infiltrate secure databases.
What is the DNS?
The DNS stands for domain name system. If you need to know more about government cyberattacks, learning about it is a great place to start. The DNS:
■ Is a decentralized, hierarchical naming system
■ Associates information with domain names
Some people have called the DNS the internet’s phone book. If you want to find out about a particular internet region, like a website, for example, you first need its domain name, such as Amazon.com, nytimes.com, etc.
Why Might a DNS Be Vulnerable?
If you’re a hacker, and you want to get into a website because of all the sensitive data that might be there, you can try to do so in various ways.
The DNS is one of the popular methods, though. That is because:
■ It’s a place that many entities fail to shore up with adequate security measures
■ A site admin might have configured a DNS incorrectly
Someone in charge of a website DNS might also run out-of-date software on it. For instance, a hacker might go after the DNS through cache poisoning. They will hack into a DNS server and replace legitimate websites with malicious ones.
There are several other ways a hacker might attack a website’s DNS. Techies who know anything about cyberattacks can usually rattle off a long list of potential DNS vulnerabilities.
Why Is It So Bad When a Foreign Government Tries a DNS Attack?
Imagine this scenario for a moment. You have a hostile foreign government, and it wants to cause chaos on US soil. They have hackers working round the clock, probing different websites to find vulnerabilities. They successfully hack the Social Security Administration website using DNS vulnerabilities they found.
Now, they have access to millions of US citizen social security numbers, not to mention names, addresses, and other sensitive data. If they crash that website, they can stop millions of older Americans from getting their social security checks. They can also sell that information on the black market, so mass identity fraud is the result.
You can think of many other examples besides this one. Many government sites have all kinds of sensitive citizen information stored there. Any foreign government would be more than happy to gain access so they can destabilize a country they want to weaken.
How Realistic Is It to Expect These Attacks to Happen?
Some people might feel like it’s paranoia to fear that foreign governments are trying to hack into our secure federal websites, but that is not the case at all. Watchdog groups report more of these attacks every year.
Many citizens worry about cyberattacks compromising their personal data. The US government does understand this threat, which is why it has digitized administrative processes as carefully as possible.
They continue to move many of their functions to the cloud. As they do so, they try to develop new cybersecurity measures to protect not just the DNS but any other potentially vulnerable areas.
The Zero Trust Strategy
Many government institutions are utilizing what techies call the Zero Trust strategy. This is a methodology where a site admin implements strict access control measures. They require anyone wanting network access to verify their identity in multiple ways before they can log on.
Not all governments take these threats as seriously, but if they fail to do so, they are risking destabilization and chaos. It’s the same in the private sector.
Even the smallest of companies should realize that hackers are a serious threat, and they should hire a business entity that does penetration testing to see whether they are vulnerable. They should also tell such a company to focus on their DNS, so hackers can’t get in that way.