The Democratic Republic of Congo’s Near Miss Teaches an Important Security Lesson
To preserve your cybersecurity, you need to have a comprehensive view of everything involved with your technology—and we do mean everything. Let’s consider a recent close call, involving the Democratic Republic of Congo that exemplifies this perfectly that could have potentially exposed millions of Internet users to serious threats.
First, it will be helpful to go over how websites work (giving you a hint as to the nature of the close call we’ll be discussing).
How Web Browsing Works
When navigating to a website, you type that website’s URL into your address bar and you’re brought to the website, right? While this is how it appears on the surface, there’s actually a lot more going on underneath.
The domain name we know, as users, to go to a website is different than the actual functioning name that your Internet browser recognizes. Instead, your browser recognizes a series of numbers known as an Internet Protocol (IP) Address. IP addresses are too in-depth of a topic for us to go into much detail here, but to sum up: they tell the browser which web server it needs to direct towards to find the desired website.
Obviously, a series of numbers is more difficult to remember than a name, so this discrepancy would make the Internet much harder to use if it weren’t for nameservers.
Nameservers are the component of the Internet that helps bridge the URL to the IP address. When you type a website into the address bar, the browser references a nameserver to find out where the correct web server is before requesting content from it. In essence, the nameserver helps your browser translate your request into a language it understands—in many ways acting like your browser’s GPS.
In other words, the nameserver is a crucially important part of how the Internet functions, which means that these servers are particularly important to keep secure… particularly if the nameserver in question controls a top-level domain (the “.com”,”.net”,or “.edu” part). If an attacker were to gain control of a top-level nameserver, man-in-the-middle attacks could be used to redirect web traffic to malicious websites.
What Happened in the Democratic Republic of Congo
Therefore, when security researcher Fredrik Almroth noticed that one of the nameservers for the .cd country code top-level domain (belonging to the Democratic Republic of Congo) was set to expire, he took notice. When these domains expire, as did the nameserver domain scpt-network.com did in October, the governments that own them have a set amount of time to renew it before someone else could claim it.
Almroth was monitoring this domain to ensure that it was renewed, just to be safe. Once the end of December rolled around, the security researcher was quick to snap it up to protect it from ne’er-do-wells who would otherwise abuse it. Because the other nameserver to the domain was still operational, Almroth simply had any requests timeout of his nameserver and be passed to the working one.
What Was at Risk?
In short, quite a bit. With possession of such a nameserver, an attacker could potentially intercept any traffic—encrypted or not—directed to a .cd domain. This could give an attacker a frightening amount of power and control over thousands of websites.
The Congolese government ultimately opted to set up a new domain, ensuring that security was never in question.
What Your Business Can Learn From This
In short, technology can be complicated, which means that threats can potentially come from every angle.
Cybercriminals are irritatingly resourceful and will absolutely resort to cheap tricks to get their way. The size of their target is also irrelevant to them, so whether they’re targeting a government infrastructure or the website a local store keeps up doesn’t particularly concern them. As such, businesses of all shapes and sizes need to have a trusted resource they can rely on to keep their IT in order, especially in terms of its security.
As such a resource to many businesses, ISC prioritizes keeping an eye on all aspects of our clients’ technology solutions to help avoid issues like these that could otherwise have gone unnoticed. To find out more about what we can do for your operations, give us a call at 502.292.5097 today.