Craig discusses how your DNS is being hijacked by new browser protocols known as DNS over HTTPS (DoH.)
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine Generated Transcript:
Far too many ISP are watching where we’re going and even changing our location, that URL you type in might not take you where you think you should be going.
[00:00:17] Hi everybody. Craig Peterson here. Thanks for joining me. We’re here every week with all kinds of great information, keeping up to date on the latest in technology. And of course. Because I’m a security guy, a lot about security, and that’s kinda what we’re going to talk about right now. We all have internet service providers, whoever they are.
[00:00:40]In fact, the internet service providers even have internet service providers because they have to connect with other networks in order to get you where you want to go online. It’s a strange world out there. And one of the things that the internet does and frankly has to do in order to get you to that location you want to go, is it uses something called the domain name system.
[00:01:07] Oh, you might call it the domain name service as well. But the idea behind this is to allow you to type in a URL or click on a link and that link then takes you to the correct site. Now you might be wondering what’s this all about, I’m not going to get into the guts of the internet. That’s not what I do.
[00:01:29] That’s not my job. That’s not going to affect me. Oh, my, it does because the domain name service was designed many years ago to solve a problem, but it did not consider another problem that was being created in his stead. What we’ve ended up with is. You guessed it, another problem, the DNS system allows you to type in that I address.
[00:01:58] And then it goes to your internet service provider and says, Hey, I want to go to google.com. Give me the address. And then. The internet service provider goes and talks upstream, finally finds out what the address for Google is. It’s just like if you sent a piece of email and you addressed it to Craig Peterson in the Northeast United States, now it might get to me because some of these postal workers are very driven and they really want to help out.
[00:02:27] Right. But what are the odds that mail would actually end up in my mailbox? You know, not very good. Is it, so you have. To have a street address or maybe appeal, box number to send that true that to, maybe a rural route number as well. Who knows? Right? Depends on where you’re at. If you’re overseas, a military duty it’s even different, but on the internet, Everything has to come down to these numbers.
[00:02:53] It’s called the internet protocol, IPV four, and IPV six. Now you don’t have to know all of that because all you have to do is type in google.com. Right. We already established that as an easy way to get to Google. However, Behind the scenes what’s happening is that some of these internet service providers are actually intercepting your computer’s requests to get to Google.
[00:03:21] And then what they’re doing with that intercept is changing it sometimes. So they’ll look and see, is there a site called google.com? Oh no, there’s not. All right. Great. Yes. So then they send you to yet another site that’s not Google. And they try and upsell you there’ll be Ads all over it. There may be their own little search engine thing.
[00:03:44] That’s come up on the screen that allows you to hopefully find the real google.com. On top of it all, not only are these internet service providers who were paying by the way, not only are they intercepting our DNS requests, but frequently they are also being intercepted by the bad guys. Here’s what’s happening there.
[00:04:09] You have a router in your home, a router in your small business. Now that router is where all of your data goes to. And from the internet now, obviously in bigger businesses, we’ll set up multiple routers, multiple sites. We’ll probably run a protocol called BGP that lets me route everything in between.
[00:04:30] Right? So if we have a failure, we can failover and everything just continues on. It’s just wonderful. But in all of these cases, that router is a central point for all of your data going out to the internet. So what happens when a bad guy gains control of that router? And we’re seeing this happen more and more now, because when was the last time you went ahead and made a change to the firmware on your router on that firewall box?
[00:05:06] Right? It probably never, most of us never touch it. We buy it, we set it and we forget it. Right. We, Ron Popeil the thing. But that’s not what we need to be doing in this day and age this day and age, we’re looking at the internet of things. We’re looking at hundreds, maybe thousands, ultimately, of pieces of hardware in our homes.
[00:05:29] It’s going to be embedded in our clothing. It’s already in some of the shoes we have purses. We have. All of those devices need updates. Now that’s one of the reasons we advise people to get rid of those big-box retail devices that they have like a link SIS box or who knows what, and that they’re using at the network edge.
[00:05:54] We advise them to get something that’s way more professional that has longterm support for it. And, you know, for my clients, we always use it. The Cisco gear. There’s a whole new line that we’ve had great success with called them. Rocky go, you can look it up online. I’d be glad to help you with that. And then the next sec pop from that is Rocky.
[00:06:16] And then you get into the Cisco, but here’s what’s happening. You have not updated the firmware in your router slash firewall. Now, many times you cannot update the firmware because it is out of revision. So you bought this hardware three, four or five, six years ago as we were working just fine. Has given you the wifi.
[00:06:41] Everything is just hunky Dory. It’s wonderful. And you’ve never thought twice about changing that firmware. And in fact, the manufacturer hasn’t bothered to release updates to fix the latest, major bug security problem in their firmware. So do you see where I’m going here now? Here’s what happens if you put all of this into a pot, let’s stir it up.
[00:07:04] I know it’s a little confusing, but here’s what comes out in the end. When we take it out of the oven, the bad guys, they update the firmware. On your rudder slash firewall. That’s a worst-case scenario. They actually updated and they set it up to send all of their data to Russia. All of your data, I should say to Russia or China, but what we’re seeing right now is a DNS attack where they are routing all of your intranet DNS requests to them and their server. So here’s what happened. Imagine you’re sitting in front of your computer and you type in your bank, maybe it’s TD bank.com, bank of america.com. Whatever it is. Remember your browser does not know how to get to TD bank. It doesn’t know how to get to the Bank of America.
[00:07:58] So what does it do? It then sends a request out to the internet saying, Hey, what’s the internet address for TD bank what’s happened now? Is it sends a packet out to the internet? Hopefully to your internet service provider, but it gets intercepted. And now that packet goes to the bad guys and the bad guys say, Oh, TD bank.
[00:08:26] Yeah. Yeah. There, you know that part of town you never wanted to go into, you know, on the other side of the tracks where it’s kind of dark and greasy and yeah. There’s a lot of muggings and stuff. That’s where TD bank is. Oh yeah. Go over there. So they will return the wrong address for TD bank. And now your browser ends up on their website, could even be a dark web website and all of your data, everything you’re typing in is now being captured by them.
[00:08:58] So we have now both Firefox and Chrome who are doing something called HTTPS. DNS over HTTPS is, of course, is encryption. So it is now sending the requests for DNS encrypted end to end. That is great for consumers, usually. However, It does break security systems. So both Google and Mozilla have jumped on board here a little prematurely, but that’s what’s happening right now with your DNS.
[00:09:37] And what you should do is going to be based on your environment and what you’re doing. Check people tell you, Hey, stick around. We’re going to talk about insider threats. I bet you didn’t know how prevalent they are and how they’re occurring. You’re listening to Craig Peterson.com. Stick around. We’ll be right back.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: