Some people may have come across the term “domain fronting” at one point during their online browsing sessions. This method is often used to bypass internet censorship, as every individual domain name acts as its own layer of communication. Unfortunately, it appears domain fronting is also becoming more popular among cyber criminals.
Domain Fronting Is A Powerful Tool
Although domain fronting sounds lIke it is a method used to disguise nefarious online activity, the primary purpose of this “protocol” is to bypass internet censorship. As most people are well aware of, online censorship is a very real problem, although it affects some regions more severely than others. Bypassing internet censorship can be quite problematic, even when using a VPN connection or any other similar service.
This is where domain fronting comes into the picture, as the technique is capable of hiding the endpoint of every internet connection. It effectively allows users to connect to a blocked internet platform or service through the HTTPS protocol. However, to the government or internet service provider, it will appear as if the user is visiting an entirely different website. Hiding in plain sight is often the best method of doing things in secrecy, and domain fronting is no different in that regard.
To achieve this goal, domain fronting relies on using multiple domain names, all of which act as a different layer of communication. The “fronting” domain is used to initialize this HTTPS connection to the blocked service or platform. Once this HTTPS connection has been established, the domain name of the blocked endpoint will be communicated. As a result, this secondary connection remains hidden from anyone censoring internet access or snooping on user activity.
To some people, it may sound strange to find out this technique actually works. Explaining this success is rather straightforward” entities censoring the internet have no way to differentiate between legitimate internet traffic and domain fronting traffic. To the censorship-enforcing entity, all internet traffic will look legitimate, as there is no way anyone could access blocked sites without them knowing about it. Their only option is to allow all traffic to legitimate domain names, or block said domain entirely without having a valid reason to do so. The collateral damage caused by blocking the wrong domain could be quite severe, to say the least.
Popular encrypted messaging app Signal implemented domain fronting techniques at the end of 2016. It is evident this method of bypassing internet censorship can prove to be quite useful for anyone active in the communication sector. Applications such as Signal will meet fierce opposition from governments, yet by implementing domain fronting techniques, it will be virtually impossible to prevent people from using such communication tools. Unfortunately, domain fronting is also being used for less legitimate purposes by cyber criminals.
To be more specific, domain fronting is being used by cyber criminals to gain backdoor access to computer systems and networks all over the world. APT29, a notorious hacking collective, has been using this technique for nearly two years now. There is even a Tor-based domain fronting plugin they can use to make it appear as if the APT29 group’s internet traffic passes through legitimate websites.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.