When the Syrian Electronic Army (SEA) hijacked the website of The New York Times (NYT) earlier this week, causing its domain name system (DNS) records to be redirected, the nature of the attack was a direct example of why a defensive approach like the one taken by OpenDNS can be effective.
David Ulevitch, founder and CEO of the San Francisco-based OpenDNS, said his company was involved in helping the newspaper recover from the attack, but what he came away wanting to emphasize (perhaps not unexpectedly) was that OpenDNS users never got redirected in the way that other would-be readers of NYTimes.com were. “As soon as the site got redirected to a new IP, we detected that a super-popular, super-stable, infrequently changing domain on the Internet was all of a sudden redirected to a suspicious IP address in another country, and we automatically flagged it to be blocked. None of our customers ever went to the redirected site.”
It turns out that OpenDNS’s engineers have a massive Hadoop cluster that keeps track of where infected and non-infected machines are spending their time on the Internet. Their Umbrella Security Graph had been rolled out earlier this year, but the linkage between it and the policies that automatically prevent malicious redirection of users had only been in place for a few weeks. There’s a post on the DNS service’s official blog that talks more about their solution.