What is domain hijacking?
Domain name hijacking is when an unauthorized third party, often a hacker, gains control of a company’s domain name portal and seizes control over their DNS system, enabling them to make unauthorized changes and transfers.
What happens when a domain name is hijacked?
Once the unauthorised third party gains access to a domain name account, a common tactic is to amend the Name Server records to redirect Internet traffic through external hosts.
Often hackers will attempt to transfer the domain name to their own Registrar or modify zone files such as the MX record to receive all of a business’ incoming mail.
Attacks can be malicious, exploitative, or just nuisance-driven. A recent example is when Air Malaysia’s domain name was hijacked and replaced with a picture of tuxedo-adorned, pipe smoking, monocled lizard. This type of nuisance hijack had a measurable and costly impact in damaging the reputation, limiting their customer’s ability to making and modify bookings, and impacted their bottom line.
Prevention – Registry Lock
Registry Lock Service can help ensure that domain names like .com, .com.au, and many other cctlds domain names, do not get hijacked. It provides additional levels of authentication between the Registry (Verisign in the case of .com, Afilias in the case of .com.au) and the registrar of the domain name. If an end customer requests a change to a Registry Locked domain, an authorized individual at the registrar must submit a request to the Registry to unlock the domain name. This requester is then contacted by the Registry via phone and required to provide an individual security phrase in order for the name to be unlocked. This “out-of-band” step protects against automation errors and system compromises.
Here is an example of the Whois results for a Registry-level-locked domain, with the key statuses highlighted:
brandsec can implement Registry Lock across multiple domain names. Contact your Account Manager to learn more about how we can protect your valuable domain name assets.
bandsec is a corporate domain name management and brand protection company that looks after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.