From the Office of CIO Communications

According to the Navy Computer Incident Response Team, there has been an increase in Domain Name System (DNS) Cache Poisoning of commercial Web sites over the past several months. All NAVAIR personnel should be aware of the potential dangers and vulnerabilities of cache poisoning.

What is DNS Cache Poisoning? It involves replacing addresses of major financial and corporate sites with those of servers controlled by the attackers. Employees attempting to view the sites are routed away from legitimate sites and redirected to compromised DNS cache servers. The Web site may appear to be legitimate, but in fact it puts Internet users at risk for identify theft. A “poisoned” Web site uses a variety of techniques to acquire personal, privacy or bank account information. Legitimate institutions never solicit confidential information through the Internet or e-mail without prior customer consent.

Equally important, cache poisoning is a growing security concern for NAVAIR. As the problem escalates, there is an increased risk of introducing malware (malicious software) into the Navy Enterprise. If users find they have been misdirected, they should refrain from entering any personal information and should report the activity (including the URL) to their Information Systems Security Manager or Systems Administrator. The concern for NAVAIR is that a respondent on a government unclassified network might compromise the security of that network.

Protecting yourself. It’s important to remain vigilant of attempts to steal your information. There are a few things you can do to ward off the possibility of identify theft:
1. Check your credit reports once a year.
2. Guard your Social Security number.
3. Safeguard all passwords and PINs.
4. Keep track of your monthly bills.
5. Shred all unneeded documents with personal information on them.
6. Never give personal information over a cellular phone.
7. Keep a list of all your credit card numbers, banking account numbers, and driver's license number, along with their customer service telephone numbers.

Visit NAVAIR CIO Web site at https://cio.navair.navy.mil for Information Technology related information.