Get Started Today!  (415) 295-4898

croom new

415 IT Blog

The Democratic Republic of Congo’s Near Miss Teaches an Important Security Lesson

The Democratic Republic of Congo’s Near Miss Teaches an Important Security Lesson

To preserve your cybersecurity, you need to have a comprehensive view of everything involved with your technology—and we do mean everything. Let’s consider a recent close call, involving the Democratic Republic of Congo that exemplifies this perfectly that could have potentially exposed millions of Internet users to serious threats.

First, it will be helpful to go over how websites work (giving you a hint as to the nature of the close call we’ll be discussing).

How Web Browsing Works

When navigating to a website, you type that website’s URL into your address bar and you’re brought to the website, right? While this is how it appears on the surface, there’s actually a lot more going on underneath.

The domain name we know, as users, to go to a website is different than the actual functioning name that your Internet browser recognizes. Instead, your browser recognizes a series of numbers known as an Internet Protocol (IP) Address. IP addresses are too in-depth of a topic for us to go into much detail here, but to sum up: they tell the browser which web server it needs to direct towards to find the desired website.

Obviously, a series of numbers is more difficult to remember than a name, so this discrepancy would make the Internet much harder to use if it weren’t for nameservers.

Nameservers are the component of the Internet that helps bridge the URL to the IP address. When you type a website into the address bar, the browser references a nameserver to find out where the correct web server is before requesting content from it. In essence, the nameserver helps your browser translate your request into a language it understands—in many ways acting like your browser’s GPS.

In other words, the nameserver is a crucially important part of how the Internet functions, which means that these servers are particularly important to keep secure… particularly if the nameserver in question controls a top-level domain (the “.com”,”.net”,or “.edu” part). If an attacker were to gain control of a top-level nameserver, man-in-the-middle attacks could be used to redirect web traffic to malicious websites.

What Happened in the Democratic Republic of Congo

Therefore, when security researcher Fredrik Almroth noticed that one of the nameservers for the .cd country code top-level domain (belonging to the Democratic Republic of Congo) was set to expire, he took notice. When these domains expire, as did the nameserver domain did in October, the governments that own them have a set amount of time to renew it before someone else could claim it.

Almroth was monitoring this domain to ensure that it was renewed, just to be safe. Once the end of December rolled around, the security researcher was quick to snap it up to protect it from ne’er-do-wells who would otherwise abuse it. Because the other nameserver to the domain was still operational, Almroth simply had any requests timeout of his nameserver and be passed to the working one.

What Was at Risk?

In short, quite a bit. With possession of such a nameserver, an attacker could potentially intercept any traffic—encrypted or not—directed to a .cd domain. This could give an attacker a frightening amount of power and control over thousands of websites.

The Congolese government ultimately opted to set up a new domain, ensuring that security was never in question.

What Your Business Can Learn From This

In short, technology can be complicated, which means that threats can potentially come from every angle.

Cybercriminals are irritatingly resourceful and will absolutely resort to cheap tricks to get their way. The size of their target is also irrelevant to them, so whether they’re targeting a government infrastructure or the website a local store keeps up doesn’t particularly concern them. As such, businesses of all shapes and sizes need to have a trusted resource they can rely on to keep their IT in order, especially in terms of its security.

As such a resource to many businesses, 415 IT prioritizes keeping an eye on all aspects of our clients’ technology solutions to help avoid issues like these that could otherwise have gone unnoticed. To find out more about what we can do for your operations, give us a call at (415) 295-4898 today.

Cultivating Good Business Communication is Critica...
CES Goes Virtual: A Look at Some Noteworthy Tech


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, March 07 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Mobile? Grab this Article

QR Code

Tag Cloud

Security Tip of the Week Technology Productivity Best Practices Business Computing Data IT Support Data Backup Network Security Privacy Hosted Solutions Cloud Internet IT Services Software Email Efficiency Data Recovery Managed IT Services Business Mobile Device User Tips Google Innovation Phishing Small Business Malware Collaboration Hackers Outsourced IT Cybersecurity Hardware Workplace Tips Upgrade Business Management Cloud Computing Computer Smartphone Tech Term Microsoft Communication Mobile Devices Android Managed Service VoIp Business Continuity Backup Windows 10 Quick Tips Smartphones Covid-19 Disaster Recovery Ransomware Managed Service Provider Communications Paperless Office Remote Work Passwords Network Encryption Browser Artificial Intelligence Wi-Fi Data Management Office 365 Business Technology Server Users Saving Money Internet of Things Help Desk Remote Monitoring Managed IT BDR Social Media Save Money Holiday Healthcare Government Document Management Vulnerability Compliance Windows 7 Microsoft Office Windows Managed IT services Data Security Chrome Miscellaneous Laptops Scam Automation Applications Blockchain Facebook Remote Machine Learning Processor Tip of the week Office Analytics Project Management Vendor Management Bandwidth Gadgets Two-factor Authentication Avoiding Downtime Redundancy Antivirus Wireless Information Mobile Office Infrastructure Virtualization Health Employer-Employee Relationship Mobility Website WiFi Company Culture Employee-Employer Relationship Data Loss IT Management Information Technology Customer Relationship Management Maintenance Regulations Apps BYOD IoT VPN Training OneDrive Managed Services Networking Hard Drive RMM Router Proactive Software as a Service Net Neutrality Storage Files Access Control Meetings Virtual Private Network Remote Worker Password Tablet Unified Threat Management Dark Web Augmented Reality Remote Monitoring and Management Internet Exlporer Remote Computing Financial Word Operating System Smart Technology Patch Management Data Breach Computing Employees File Management Recycling Server Management Electronic Health Records Instant Messaging Free Resource Consulting Downtime Voice over Internet Protocol Payment Cards Alert Data Storage Flexibility Assessment Mobile Security Display Customer Service Images 101 Unified Communications Managed Services Provider Network Management Social Network Remote Workers Professional Services Consultation Management Gmail File Sharing The Internet of Things Spam Search Risk Management Cooperation Money Vendor Time Management Holidays Bring Your Own Device Co-Managed IT HIPAA Utility Computing Monitoring Big Data Wasting Time Current Events Samsung Microsoft Excel Screen Reader OneNote Permission Smart Devices Outsourcing IT Consulting Computing Infrastructure Identity Statistics Modem High-Speed Internet Authorization CIO applications IT Servers Features Peripheral SharePoint G Suite Politics Windows Server Optimization Superfish CES Google Calendar Fraud Tech Support Employer/Employee Relationships Apple Mail Merge Laptop User Error Private Cloud Database Banking Smart Tech Recovery How To Test Hard Disk Drives Sensors Video Conferencing Alerts Mobile Bluetooth PCI DSS Downloads Virtual Reality Development WPA3 Business Telephone Travel Procurement Notes Motherboard Chromebook User Management Virtual Machines IT Technicians Cost Management Proactive Maintenance Solid State Drive Address Remote Working Firewall Bookmarks ROI Projects Reviews Connectivity Solid State Drives Biometric Comparison Licensing Data Warehousing Cookies Cables Fleet Tracking Zero-Day Threat Value of Managed Services IT Assessment Techology Technology Tips Migration eWaste Websites Cyberattacks Social PowerPoint Distributed Denial of Service Vulnerabilities Teamwork Credit Cards Legislation Mobile Device Management Cybercrime Cyber security Budget Managing Stress Favorites Return on Investment End of Support Options Telephone Gamification Technology Laws Specifications Emergency CRM Multi-Factor Security Operations Nanotechnology Wires Asset Tracking Backup and Disaster Recovery Outlook Digitize Disaster Resistance Digital Payment Hotspot Chatbots SaaS Read Only Security Cameras Managed IT Service Mobile Computing MSP Finance Shared resources Going Green Computers Customer Relationships Mirgation Point of Sale Tech Terms Database Management Printer Touchscreen Enterprise Content Management Hacking Conferencing Settings Personal Information Windows Server 2008 Gifts Wearable Technology Star Wars 5G Mobile VoIP Unified Threat Management Black Friday Virtual Assistant Bitcoin Content Filtering App Human Error Manufacturing Shortcut Shadow IT Proactive IT Mouse Language Identity Theft Enterprise Resource Planning Printing Break Fix Geography Authentication Batteries Cache Heating/Cooling E-Commerce Theft GDPR Social Networking Trending Transportation Active Directory Lenovo Hacker Permissions Electronic Medical Records Wireless Internet Outsource IT Cyber Monday Staff Education CEO Regulation Students Marketing Daniel Stevens Twitter Printers

Latest Blog

A lot of business is being conducted over the Internet right now, in terms of communication and transactions alike, which makes a business’ capability to remain connected to its clientele even more important. Now is not the time to wonder if your business is as connected as ...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...