How can you protect your domain from theft

Original author: Danny McPherson
  • Transfer
Our company is committed to helping users improve resource stability through accessibility monitoring . We understand that the stability of a site is not only reliable hosting and smart software. An important component is concern for the security of subordinate resources. Today we would like to talk about an equally important issue - compliance with security measures when working with a domain registrar.

Domain theft threat

The website domain is a virtual “alter ego” of both individuals and entire institutions and enterprises. That is why various organizations, both large and small, are expressing growing concern about reports of "domain name theft," when attackers fraudulently transfer a domain to another registrant through password theft or social engineering. The consequences of such virtual attacks can be very unpleasant, since in most cases after a successful theft, thieves are able to establish full control over the victim’s domain - often for a long period of time. During this time, they manage to mislead and deceive the money from the clients of the unlucky owner, copy his registration data or other confidential information,

Typical Theft Scenarios

A domain name theft occurs when an attacker falsifies a victim’s registration data and transfers the domain to another person, thus taking it from the legal registrant and gaining full administrative and operational control over it.

For this purpose, thieves use many different techniques, from spyware and keyboard recorders to the so-called “social engineering”, when fraudsters impersonate a registrant or another person in a certificate chain in order to gain access to passwords and personal data. However, no matter what means the attacker uses, domain theft is always fraught with serious trouble for the owner. Once a thief takes control of a domain, he gains complete freedom to use it for his dishonest purposes, from creating his own fraudulent website or posting illegal and dangerous content to blackmailing and extorting money from the original owner.

To make matters worse, depending on the scammer’s hacking skills, a stolen domain can be very difficult to get back, since stolen registrations often “launder” them through a series of different fake registrants in order to complicate the recovery process to the rightful owner as much as possible. How effective such tactics will turn out to be partly dependent on the vigilance with which the potential victim monitors his domain name. However, even the most careful monitoring does not give a 100% guarantee of protection, since crackers can show extraordinary tricks without touching the records of domain name servers and email until the stolen domain passes through several transfers.

How to reduce the risk of domain theft

Although the risk of domain theft is very high, this threat can be significantly reduced by proper planning and the use of adequate techniques to mitigate potential damage. For example, in SAC044  [PDF], “Instructions for the Protection of Domain Name Registration Accounts for Registrants”, the ICANN (International Organization for the Distribution of Names and Numbers) allocation Advisory Committee on Stability and Security recommends that owners conduct routine routine domain monitoring to identify, isolate and identify any suspicious or malicious activity. Tracking any activity related to making changes to Whois and DNS, installing and monitoring the status / services of domain blocking - these are the techniques that a registrant should use regularly. In addition to this in the document SAC040  [PDF] “Measures to Protect Domain Registration Services from Unfair Exploitation and Criminal Use” describes a number of well-known and high-profile cases of domain theft and offers additional background information on protecting a domain name from intruders.

Registrants should carefully familiarize themselves with the protective equipment that their registrar offers, and use the proposed tools to the maximum. Such information can significantly reduce the risk of domain theft. The vast majority of registrars are well aware of the potential threat and make significant efforts to protect their customers from fraud. Actively keeping in touch with your registrars, and making sure that your registration and contact information is not out of date, you will cease to be “easy prey” for hackers, which, as a rule, thieves aim at.

Domain Lock Theft Tools

For .com, .net  [PDF], .name domains  [PDF], .tv and .cc “VeriSign” offers a special service “Registry Lock”, thanks to which registrars can provide registrants with protection of the domain name / domain name server records at the server level. “Registry Lock” was designed to be used in conjunction with the registrar’s own protective means, and thus increase the overall security level of domain names and mitigate the potential consequences of their theft, inadvertent or careless deletion, transfer or update. “Registry Lock” allows registrants to set the conditions under which their registration data can and cannot be changed. At the maximum level of protection, “Registry Lock” requires direct “live” interaction between the recording registrar and the VeriSign representative in order to transfer the registration.

Using the domain blocking tools that registrars offer, registrants can significantly reduce the likelihood of changing a domain registration without their knowledge and consent.

So, today on the Internet there is a very tangible threat of domain theft, from which, among other things, you can very easily defend yourself. With the proper level of vigilance and the use of effective tools and protection techniques, both large and small organizations can significantly reduce the risk of losing your domain name. It is imperative that registrants consider all elements of the DNS ecosystem (registrars, DNS providers, registration operators, etc.) as part of the attack surface, and during the risk management procedure they should be treated with the same caution as other organization assets.

The article has been translated specifically for the corporate blog - a service for monitoring the health of sites.

Also popular now: