What if an attacker could steal your whole business? In the world of online commerce, that’s not so farfetched; in fact, it’s happened several times this year, and the Internet Corporation for Assigned Names and Numbers (ICANN) is working to halt these online takeovers.
A report by ICANN’s Security and Stability Advisory Committee looks at the problem of domain hijacking, where a hijacker takes control of a domain name from its owner. In one case described in the paper, hackers exploited poorly enforced policies and procedures to briefly take over the domain of PANIX.com, an internet service provider, causing the company’s customers to temporarily lose service.
According to the paper, one attack occurred when the gaining registrar (registrars are the parties that register domain names; when a name is switched from one to another, there is a gaining and a losing registrar) did not properly obtain approval from the registrant, and the losing registrar did not tell PANIX.com when it received the transfer notice.
In this case, the hijacker also took advantage of time-zone differences. New York City-based PANIX didn’t realize until 1:00 a.m. on Sunday morning that it had lost control of its domain name, and neither its registrar nor the gaining registrar—the latter is located in Australia—had contact numbers for emergencies occurring after hours.
The report lists a number of risks facing registrants that are hijacked, and it outlines the procedural vulnerabilities that present opportunities for hijackers. The paper also details steps that registrants should take to protect their domain names, such as locking a name so that it cannot be modified without explicit approval by the owner, and keeping emergency-contact information for registrars current.
@ Domain Name Hijacking: Incidents, Threats, Risks, and Remedial Actions is available at SM Online.