Home > CAPEC List > CAPEC-611: BitSquatting (Version 2.11)  

CAPEC-611: BitSquatting

 
BitSquatting
Definition in a New Window Definition in a New Window
Attack Pattern ID: 611
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary registers a domain name one bit different than a trusted domain. A BitSquatting attack leverages random errors in memory to direct Internet traffic to adversary-controlled destinations. BitSquatting requires no exploitation or complicated reverse engineering, and is operating system and architecture agnostic. Experimental observations show that BitSquatting popular websites could redirect non-trivial amounts of Internet traffic to a malicious entity.

+ Attack Steps
Explore
  1. Determine target website: The adversary first determines which website to impersonate, generally one that is trusted and receives a consistent amount of traffic.

    Research popular or high traffic websites.

Experiment
  1. Impersonate trusted domain: In order to impersonate the trusted domain, the adversary needs to register the BitSquatted URL.

    Register the BitSquatted domain.

Exploit
  1. Wait for a user to visit the domain: Finally, the adversary simply waits for a user to be unintentionally directed to the BitSquatted domain.

    Simply wait for an error in memory to occur, redirecting the user to the malicious domain.

+ Attack Prerequisites
  • An adversary requires knowledge of popular or high traffic domains, that could be used to deceive potential targets.

+ Typical Severity

Medium

+ Typical Likelihood of Exploit

Likelihood: Low

+ Methods of Attack
  • Spoofing
  • Analysis
+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

Adversaries must be able to register DNS hostnames/URL’s.

+ Solutions and Mitigations

Authenticate all servers and perform redundant checks when using DNS hostnames.

When possible, use error-correcting (ECC) memory in local devices as non-ECC memory is significantly more vulnerable to faults.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Other
Other
Depending on the intention of the adversary, a successful BitSquatting attack can be leveraged to execute more complex attacks such as cross-site scripting or stealing account credentials.
+ Technical Context
Architectural Paradigms
Web
+ References
[R.611.1] Artem Dinaburg. "Bitsquatting: DNS Hijacking without exploitation". Raytheon. <http://media.blackhat.com/bh-us-11/Dinaburg/BH_US_11_Dinaburg_Bitsquatting_WP.pdf>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2017-08-04Updated Architectural_Paradigms, Attack_Motivation-Consequences, Attack_Phases, Attack_Prerequisites, Description, Description Summary, Methods_of_Attack, Typical_Likelihood_of_Exploit, Typical_SeverityInternal

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017