What’s wrong with MyEtherWallet?

Since Wednesday, some of MyEtherWallet users (MEW) have reported about the possible hacking of the DNS server. User requests were forwarded to servers controlled by attackers.

This information about DNS-hacking was confirmed by MEW officials and in the network, the talks about hacking the wallet began. Nevertheless the representatives of MEW denied information about hacking exactly the wallet, they confirmed the information that a number of public DNS-servers are hacked by criminals and users who have DNS in their settings were redirected to a phishing site (a snag site, looks like the main, original site, but belonging to intruders, developed to get an access to confidential user data — logins and passwords, credit card numbers, etc.). Speaking about the MEW, currently, IT does not have any security problems. As the problem appeared not on the side of MEW, company representatives are trying to identify the hacked servers and resolve the situation through informing customers.

What’s the hitch? Why do you need to know what exactly was hacked — the MEW wallet or DNS servers? When a service is hacked, attackers get an access to either managing all the stored service capabilities, or to critical financial or private users information (depending on the hacking quality), and in case of hacking the wallet, they get access directly to the user’s means.

In case of DNS server spoofing, as it happened in the situation with MEW, the user is redirected to a phishing site developed by attackers. Such sites, as mentioned above, completely duplicate the interface, structure, and design of the original site. When users are taken to the phishing site, they enter their logins and passwords of personal online wallets, and in doing so they send the attackers all the information they are interested in. In other words, the user himself gives the attackers all the critical information to access his wallet, without knowledge of working with a duplicate, not the real service.

Roughly speaking, DNS it’s just routing navigation system in the Internet. More precisely, DNS (domain name system) is a computer distributed system for obtaining information about domains. Mostly it is used to obtain an IP address by the hostname (computer or device), obtaining information about mail routing, serving nodes for protocols in the domain. A distributed DNS database is maintained via a hierarchy of DNS servers. So, DNS is a globally distributed store of keys and values. Servers all over the world can provide you with a value by key, and if they do not know the key, they will ask for help another server.

The methods of hacking DNS-servers are a wide topic, it could be the elementary injection or scale DDOS (attacks leading to the inability of the DNS server). In the case of a particular wallet, MEW employers claim that a “popular” hacking method aimed at breaking Internet routing and associated with the detection of vulnerabilities on public DNS servers was used.

In order to protect yourself from such fraudulent actions, it is recommended to visit the site only using the HTTPS protocol, it is usually designated as secure, it looks like this:

and if it is a question of financial and confidential information, always check by whom and how the document certifying the name of this site is signed.
and if it is a question of financial and confidential information, always check by whom and how the document certifying the name of this site is signed.

If you prefer to be absolutely sure, to see the SSL (Secure Sockets Layer - the cryptographic protocol that implies secure communication) certificate information, you need to do the following steps: Chrome Menu -> Developer tools -> Additional tools -> Developer tools -> Security -> View Certificate. A new window opens with all the information about the SSL certificate.

Here you can see the following things:

• Issued to: The domain for which the SSL certificate was issued. If it does not match the domain you were planning to reach, it is possible that the site has been replaced.

• Issued by: The certification authority responsible for issuing the certificate.

• Valid from …. to….: SSL certificate validity period.

In any case, even if you don’t plan to send any important information to the site, never ignore the browser’s message about the wrong certificate. Be careful, if it’s about your money and personal information. Or try to use only a local copy of your wallet.

Original: https://medium.com/@phenomteam/whats-wrong-with-myetherwallet-2e231fc49924