Ananth Prabhu G, PhD and Post Doctoral Fellow is a Professor in Sahyadri College of Engineering and Management. He is also the Cyber Law Trainer at the Karnataka Judicial Academy and Cyber Security Trainer at the Karnataka Police Academy. www.facebook.com/educatorananth
Here, take a look at Donald Trump’s twitter account, and make sure you have visited both the links below:
If you’ve taken a closer look at both URL’s which are pretty much the same, you would have spotted an account that is official and that the other one isn’t. Didn’t think these URLs would even have any difference between them because they’re both the same, right? Well it doesn’t seem like it, because Trump just got his domain name homographically attacked!
IDN, an abbreviation for Internationalized Domain Name, are website names that are first translated from their origin or native script from which it is written into a globally recognizable language (or network addresses) so as to make it compatible enough for the Domain Name System.
But what are Domain Name Systems?
The Domain Name System (DNS) is the phonebook of the Internet. Each device connected to the Internet has a unique IP address which other machines use to find the device. An IP address is necessary to find the appropriate Internet device - like a street address is used to find a particular home.
DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).
When a user wants to load a webpage, a translation must occur between what a user types into their web browser (example.com) and the machine-friendly address necessary to locate the example.com webpage. This task is carried out by the DNS.
The Domain names are stored into ASCII strings in the system which can be easily manipulated. ASCII(American Standard Code for Information Interchange) are 7-bit binary codes in which each alphabet, both in lower as well as uppercase, and all standard symbols are assigned specific values in 0's and 1's format. Just like how living creatures are categorized from Homo Sapiens to Reptiles to various other domains based on their originality, so do our URL’s on the internet have their own domain names and systems. Ideally, these domain names (or in simpler words, URL or website) are uniquely crafted for specific software or applications. Although there is a plus point because it gives uniqueness to the domain name, it could also be deadly as there could be a possibility of ‘hijacking’ or registering fake domains just by switching characters in the domain name, and you wouldn’t even spot the deceit due to the similarity.
We call this exploitation of URLs as IDN Homograph Attack, commonly called as script spoofing or homoglyphs.
By replacing characters with those that are similar to the originals on the website, such as replacing a Latin character with Cyrillic or vice versa, the job could be easily done, because our computers understand multilinguistic inputs. Translating scripts to exploit real domains and technically fooling the navigators or audience into visiting these deceptive yet believable websites for fraudulent intentions isn’t a mountain climbing task for phishers worldwide. This threatening homoglyph could even obtain your personal info and exploit its users too, and this has been going on around for quite some time now. We could call it the perfect crime, because that is exactly what these attackers do; subtle yet highly successful in their phishing. It isn’t complex now to identify or keep track of these glyphs around the internet, but it is indeed so hard for real time users because we focus on what a website so plausible can contain.
In today’s browsers, it is possible to discretely have a software built to detect or redirect you to original untampered websites. Punycode Alert and Querdo Toolbar could be used to aid the user for any sort of potential homographic attacks. One could also look out for these fraud sites by simply updating the browser regularly, checking if the site has an EVC (Extended Validated Certificate), and avoiding navigation of links via emails and text messages, especially social media.
P.S: For those of you who are still wondering how the two links which are identical but got redirected to different pages? Well, the letter 'L' in lower case used was not Latin in the second link. How did we find out?
Click on the link below
and copy paste the domain. You will get to know the authenticity.Remember: Stay vigilant always and stay safe.
Dr Ananth Prabhu G - Archives: