As ‘spoofing’ improves, you may surf into a sea of sharks
LAS VEGAS — It’s easier than ever to get waylaid on the internet, diverted to dangerous territory where scam artists await with traps for the unsuspecting user.
It’s all about devious misdirection, fumble-fingered typing and how our brains can confuse what our eyes see. Big money can await the clever scamster, and costs are rising for corporations and politicians who do not take heed.
The issues lie in the inner workings of the internet and issues such as the expansion of the combination of words, dots and symbols comprising internet addresses.
It’s no longer just .com, .net., .org and a handful of others. Now, there are 1,900 new extensions, known as top-level domains, such as .beer, .camera, and .city
“We see a ton of them being used maliciously,” said Mikko Hypponen, chief research officer at Finnish security company F-Secure, who called the new endings “a big headache.”
The problems revolve around what computer scientists refer to as “spoofing” of the Domain Name System, or DNS, which has been called the phone book of the internet. It’s been going on for a while, and touches on what users type into the address bar of a browser window or click on at a website. There are new ways to make phony addresses look real.
“Creating a spoofed domain name, or even hijacking a domain name, has become a lot easier today,” said Israel Barak, chief information security officer at Cybereason, a cyber security firm based in Boston.
Just a few years ago, spoofing an internet address, say, microsoft.com, was primitive.
“You would have to maybe change that ‘i’ to a 1. I’m going to be M1crosoft with a 1 today, or even change the ‘o’ to a zero, or change the ‘t’ to a seven. For senior citizens with fuzzy vision like I’m starting to get, you might squint at that and say, ‘Looks like Microsoft to me,’” said Paul Vixie, chief executive of Farsight Security, a San Mateo, California, company.
An internet pioneer, Vixie has been involved in its governance for three decades. He is an architect of some of the protocols used in the DNS system and advises the nonprofit Internet Corporation for Assigned Names and Numbers, the Los Angeles nonprofit that serves as the guardrails for the borderless global internet.
But Vixie said the internet is still in its Wild West phase. He compared the online world today to the era of highways before seatbelts and airbags.
“It just takes us some time to catch up. First, you innovate, you kill a lot of people or steal a lot of money, whatever it is, and then somebody comes along and says we got to secure this somehow. We’re still in that first phase here,” Vixie said.
To bridge the gap between English-speaking and nonEnglish-speaking worlds, internet organizers have incorporated domain names utilizing characters covering 139 modern and historic scripts. It’s not just major scripts such as the Cyrillic alphabet and Chinese characters. It’s also Runic, Buhid, Rejang and dozens of other obscure language scripts.
Scamsters have had a field day with parts of those scripts. They’ve inserted look-alike characters into internet addresses, sending users to bogus malicious, websites.
Vixie said numerous distinct characters look like the Roman letter “i.”
“They are completely visually the same down to the last pixel on your screen to the real lower-case ‘i.’ So there is no way that you’re going to tell the difference,” he said.
Inserting such exotic characters into a link is one technique criminals employ to send users to look-alike sites that may appear to be a bank website, a Gmail troubleshooting page or some other page that asks for a username and password. Other techniques also are used.
In some cases, adversaries target employees of a corporation, nuclear plant, military unit or other high-value facility where they seek a digital foothold. The hackers send the targets tailored emails with the malicious links.