Posted October 8, 2013
In our previous blog post, we explained what bitsquatting is and how it happens. But how often does it actually occur?
Actually, it’s more common than you might expect. The original researcher who first wrote extensively on this issue, Artem Dinaburg, registered just 32 “bitsquat” domain names, and he logged tens of thousands of requests for bit flipped domains over a roughly 7-month research window.
Cyveillance wanted to validate the issue first hand, so we kicked off a small-scale study. We registered four domain names that bitsquat on domains for major sports, video streaming, photo sharing and content delivery sites. In the first week, we saw an average of 27 requests, or lookups, per domain name. Given the potential value of such websites for phishing attacks, malicious updates to existing software, drive-by virus downloads and other nefarious activity, even a few dozen requests per week could be enough of an incentive for bad actors to set up a fraudulent domain name.
It’s also important to understand that this is likely to happen far more in the near future. The number of Internet-connected devices per household is expected to climb dramatically in the next few as the “Internet of Things” grows. Experts predict some 30 to 50 billion devices will be connected and online within 5 to 6 years. Gartner predicts that the total economic value add will be $1.9 trillion dollars by 2020, benefiting industries such as retail, healthcare, and transportation. As devices and apps become ubiquitous, and more automatic DNS lookups happen between them, the potential for bit flipping will likely grow exponentially.
In our next blog post, we’ll explore some of the ways that bitsquatted domain names can be used for malicious purposes, and what you can do to protect your organization and customers.