Your customer service line received a call on Monday morning from the owner of a small business whose e-commerce website is hosted through your service. The owner is hysteric. After years of constant visitor traffic and steady daily transactions, all visits to the site have suddenly ceased. Unsure of what to do next, she turns to you, the last chance of help. You assure him/her that you will look into the situation and begin the investigation process. The cyber bogeymen don’t stand a chance.
To your horror, you discover that a cyber criminal has hacked into your domain control panel by impersonating your customer’s administrative contact. Upon entry, the hacker modified the Domain Name System (DNS) and transferred your customer’s domain name to a different server. Having solved the problem, you must now tell your customer the grim news: the domain has been hijacked.
Does the above story sound unreal? Sad to say, such attacks are common occurrences, with targets as high-ranking as companies listed on enterprise-class domain registries. While domain hijackings are not as common as virus and malware threats, they can be equally devastating to both the financial stability of the customer and your reputation as the web host. The recovery process can be initiated by logging a dispute through ICANN (International Corporation for Assigned Names), but since this process is costly, many customers opt to register a new domain name – often through a new web host.
Who is In Charge of Domain Security?
Most people believe that the responsibility of domain name security lies with the customer who registers it. If a breach occurs, it is solely the fault of poor monitoring on the customer’s end. However, throughout the course of investigations into hijacked domains of high-level websites, the Security and Stability Advisory Committee of ICANN discovered that both registrants of these domains and the registrars with whom they worked were responsible for security breaches leading up to the hijackings. Remember that, since the customer is paying you for secure web services, you are required to do all in your power to ensure that the service you offer is as secure as it can be.
How Domain Hijacking Is Performed
Domain hijacking is an extremely simple process that anyone with the desire and a little know-how can achieve. A hacker does not require access to your web server in order to hijack a domain. Instead, the hacker uses the contact email address belonging to the customer. The entire process is listed in detail below.
- The hacker types in whoisdomaintools.com and located the name of the target website. The Whois record lists the administrative contact email address of the customer, which the hacker collects.
- Using the same record, the hacker locates the registrar (which, in this case, is your web hosting services) in the “Registered through:” search field. If this information happens to be unavailable in the Whois record, the hacker can find the registrar beneath the “Registry Data” heading.
- Now that the hacker has located the email address and the name of the registrar, he or she needs to break into the email account. Password cracking software can achieve this in a matter of minutes.
- Once the hacker has broken into the administrative email account, he or she locate your website and chooses the “Forgot Password” option. The hacker will then enter either the domain name or the email address to reset the password.
- An email will be sent to the administrative email address with detailed password reset instructions. The hacker will then create a new password and will henceforth hold total control over the domain.
- The final step is to redirect the domain over to the hacker’s web server. This is the final step in domain hijacking.
- Because the hijacker used the administrative contact email address associated with the domain name, your web hosting system may not be able to recognize that the domain has been hijacked. Often, it is only when the customer notices an abrupt halt in web traffic and email correspondence that anyone is aware of a problem. By this time, the cost associated with lost customer transactions may have skyrocketed through the roof. On top of that, the customer will now need to choose whether to shell out more cash to have the problem solved or to simply register a new name.
How To Protect Your Domains
Recognizing the weak spots in domain registration, the SSAC mentioned several steps that both registrants and registrars can take to help decrease the chances of a hijacking.
- Be sure that your customers understand the importance of using domain privacy protection along with their hosting service package.
- Design a uniform default setting that locks all customer domains. Instruct the customer on how to disable the domain lock through mail, phone or fax. Do not convey this information through email.
- Create uniform guidelines for Extensible Provisioning Protocol (EPP) authInfo and ensure that these codes are unique to each domain. Caution customers on the importance of using a single authInfo code per domain name.
- Be alert to ways you can upgrade customer authentication and authorization process for all updates and changes to a domain. EPP can provide communication when domain information is renewed, but you may also wish to establish a rigorous identification system that goes beyond the simple confirmation of a domain name or email address.
Because domain hijacking is a serious and costly threat, it is important to be able to assure your customers that you have a hosting service that they can trust. Implementing the correct safeguards can go a long way toward making your service less vulnerable to hijackers and more attractive to potential customers. Though a fail-proof hijack prevention system has yet to be designed, following the steps above can help protect your domains and may even serve to dissuade would-be hijackers from targeting your customers.