Why DNSSEC Should Matter to Activists
… And why the internet’s structural issues is putting your activist network at risk
More and more, activists are victims of online attacks where DNS spoofing is used, which has real life implications. This is because the internet has serious structural issues that results in the most vulnerable being at risk, while providing those with the most power and privilege with some strong surveillance (and nefarious) opportunities. (DNS spoofing is a type of cyber-attack that results in users being tricked and deceived into visiting a malicious site, that is usually a clone of the site they were attempting to visit).
In addition, the majority of the pressure to protect activists is placed on the activists themselves (and their allies), instead of those that have the power to push change so that the Internet’s infrastructure allows for an an environment that is more equitable and safe for everybody.
You don’t have to understand the intricate details of how digital attacks occur or how the internet works, but as an activist you should know what the Internet-of-the-future should look like so you can advocate for it.
Case Study: Venezuela
If you have friends in the digital rights space, they may have told you about the recent phishing campaign in Venezuela targeting tens of thousands of citizens interested in distributing humanitarian aid. These individuals are now in danger of facing punitive measures or retaliation by the government because they were tricked by malicious actors, via DNS spoofing, to submit their personal information to them, and in the process mark themselves as political dissidents.
Essentially, citizens thought they were signing up to volunteer on a specific website owned by the opposition. By taking advantage of the internet’s infrastructure vulnerabilities, the malicious actors were able to redirect people without their knowledge or consent, using DNS spoofing, to a clone of the site owned by them. At no point did users get any indication, like an error message, that this was happening to them. Thus, users thinking they were on the authentic site, they submitted all the personal information that was asked of them.
How Did They Trick Users? How does DNS spoofing work?
Each website essentially has two addresses. One that humans understand that serves very much like a first and last name of an individual. For example, http://www.aljazeera.com; A second that serves very much like the physical address you put on a package to send, lets say to your sister, via the post office — this is called an IP address and it looks like a series of numbers, such as: 22.214.171.124
Lets use this analogy below, to help better illustrate.
When you type the name of a website address into your browser, for example Maria Fernandez (www.aljazeera.com), your browser connects to the phone book operator (DNS server) asking for Maria’s physical address.
The phone book operator (DNS Server) responds with Maria’s home address of 43 Fern St, Bronx, NY (http://126.96.36.199.). Your browser then visits 43 Fern St, Bronx, NY http://188.8.131.52.), and you are able to see the site. .
DNS spoofing is essentially hackers intercepting this conversation, pretending to be the phone book operator or DNS server. However, there are many different ways this can be done.
But Isn’t the Internet Supposed to be Secure?
No one said the Internet is secure. In fact, many of the security and privacy standards we have today are thanks to demands and pressure from citizens. For example, there was a time where it wasn’t standard practice to encrypt credit card information on online stores. This is why its so important for activists to become familiar with the changes we want to see, and push for them collectively. We are living in a historical time, and the battles we win (or lose) have the potential to affect activists for many generations after us.
Even ICANN considered internet’s address book keeper, recently warned about “ongoing and significant risk to DNS, following months of increased attacks. It should be noted that many of these attacks are reportedly coming from nation state hackers.
What can we do about DNS Spoofing?
As you can imagine, this is a fairly simple explanation, meant to serve as a type of primer. However, this doesn’t mean you can’t start advocating for the following solutions:
Call on domain owners, or website owners, to deploy DNSSEC, which makes it harder for malicious actors to interfere or spoof DNS. Currently, only 3% of the Fortune 1,000 are using DNSSEC according to statistics released by Cloudflare in September. Note: If you are a small website, companies like Cloudflare and Google have pushed for greater adoption by rolling out a one-click enabling of DNSSEC for domain name owners.
Help push the messaging. As activists, we are constantly talking to the public on a variety of issues. Make sure to include the message that law makers, companies and others should make securing the infrastructure of the internet a main priority because it affects us all, especially at-risk activists. Remember, pushing for a more private and secure internet does not mean you have to be the expert. Don’t let anyone gaslight you about not having high technical knowledge. However, if you want to learn more, find a technologist in your network that can prime you, or follow organizations like the Electronic Frontier Foundation.
Until they fix the Internet’s infrastructure, the only thing you can do is learn how to keep you and your network safe. Here are some suggestions:
a) Avoid submitting any real personal information online. Really question why and how necessary it is. Do you really need to take that online personality test? Do you really need to register to join a demonstration?
b) Password managers can be a type of canary in the coal mine, when attempting to login to a site that is a malicious clone. Use them.
c) Read, Read, Read: Tons of digital security manuals exist in all languages, written exclusively for activists.
d) When visiting a website, make sure its 100% the correct URL. www.facebook.com looks very similar to www.faceboook.com (there is an extra o in the second).
e) If your browser gives you an error message or alert that suggests the site is not secure, immediately disconnect from it.
f) Its much better to use websites that use HTTPS versus just HTTP in the URL.
g) Consider using a trusted VPN or Tor when surfing the net.
Questions? Feel free to contact Sandra at @collaboracion on Twitter.