Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Recent hacker attacks on the International Monetary Fund and other prominent targets have reportedly involved “phishing” e-mails that falsely appear to come from a familiar company or individual and attempt to send victims to a bogus website in order to steal information. (When customized to a particular recipient, these are known as “spear phishing” e-mails.)

But a key step toward better Internet-wide protection against such hazards—a long-in-the-works technology known as DNSSEC, which verifies that a domain name points to the correct Web server—is not only years from full deployment but may be scuppered by proposed legislation, experts say.

Phishing has been inferred but not confirmed in the recent data thefts from the International Monetary Fund, where fund employees have been “strongly requested not to open e-mails and video links without authenticating the source,” according to a memo provided to Bloomberg News. And Google said recently that China-based spear phishing has been used against “senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.”

“DNSSEC is the first building block on which the foundation of the whole ‘web of trust’ will be built. We kind of need DNSSEC to fix the basic problem that needs fixing about the way the Internet works—the lack of accountability,” says Paul Vixie, chairman and chief scientist of Internet Systems Consortium, a nonprofit developer of Internet software and protocols.

“DNS” stands for “domain name system,” and the system itself translates domain names (for instance, into numerical Internet addresses that computers understand, in this case But hackers can hijack this system and swap the numbers in order to send you somewhere else, so DNSSEC (“SEC” stands for “security extension”) adds information that can be used to verify that the numbers are the right ones.

The past year has seen adoption at an accelerating pace. By now, 66 of 306 top-level domains (such as .org, .com, .gov, and country code domains) have enabled the use of DNSSEC. However, less than 1 percent of domains for specific companies and organizations have signed up.

0 comments about this story. Start the discussion »

Tagged: Computing

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me