The Department of Homeland Security (DHS) has issued an urgent call for government agencies to secure their web infrastructure in the midst of a partial government shutdown, as first reported by Cyberscoop. The department sent out an emergency directive on Tuesday afternoon, alerting government agencies to the threat and recommending agencies immediately secure their DNS records with two-factor authentication. But with much of the government still subject to the ongoing shutdown, it’s unclear how quickly agencies can respond to the directive.
DNS records are a central feature of the web, a kind of online phone book that connects URLs (like dhs.gov) to IP addresses (like 220.127.116.11). If an attacker can compromise those records, they can redirect the URL to an address they control, effectively hijacking the site without compromising any of the underlying infrastructure beyond the DNS entry. From there, attackers can use the hijacked site to seed malware or simply spread chaos, depending on their goals.
Because of the relative ease of the attack, DNS hijacking has been a popular tactic for politically motivated hackers. A group called the Syrian Electronic Army carried out a particularly successful campaign in 2013, hijacking The New York Times, The Guardian, and other sites. According to Cyberscoop, at least six government sites have been affected by recent DNS attacks, making the move particularly urgent.
The security problem is made worse by the ongoing government shutdown, which has hit the Department of Homeland Security particularly hard. Paychecks are still on hold for 800,000 federal workers in total, including workers from the Federal Emergency Management Agency and Citizenship and Immigration Services.