Domain Hijacking Represents a Serious but Manageable Threat

Pat Kane | Oct 30, 2012
Companies and organizations large and small have expressed increasing concern over reports of so-called "domain name hijacking," in which perpetrators fraudulently transfer domain names by password theft or social engineering.

The impact of these attacks can be significant, as hijackers are typically able to gain complete control of a victim’s domain name – often for a significant period of time. During that time, hijackers can defraud a victim’s customers, use a hijacked domain name as a launch point for malware, or just soil a victim’s hard-earned reputation and brand awareness. 

While the danger of domain name hijacking is significant, it is a threat that can be significantly reduced with proper planning and mitigation techniques. 

As defined by security experts, domain name hijacking occurs when an attacker falsifies the registration data for a domain name, transferring that name away from its rightful registrant and gaining full administrative and operational control over the domain. 

Attackers use a wide range of techniques to hijack domain names, from spyware and keystroke loggers to "social engineering," in which scammers impersonate registrants, registrars, or other entities in the chain of trust in order to gain access to passwords and personal information. Regardless of the technique used, the end-result for registrants is often severe. Once an attacker has full control of a domain name, they have free reign to use it for any number of nefarious purposes, from creating their own scam websites, to hosting illegal and dangerous content, to extorting the original owner. 

Making matters worse, depending on the sophistication of the attacker, domain name hijacking can be extremely difficult to reverse as hijacked registrations are often “laundered” through a series of different registrars and registrants in an effort to make it more difficult for the rightful registrant to reverse the fraud. How effective this tactic is depends somewhat on how vigilant the victim is about monitoring their domain name. But in spite of vigilant monitoring, attackers can be very cunning, leaving email and name server records untouched until they have passed a hijacked domain through several transfers. 

Domain name hijacking is largely preventable. By using the right techniques and tools, a registrant can reduce the threat of hijacking significantly.  

Researching your registrar’s security offerings – and taking advantage of the tools they offer – can go a long way toward mitigating risk of hijacking. The vast majority of registrars are aware of the threat and care deeply about protecting their customers from fraud. Registrants who maintain active relationships with these registrars and ensure that their registration data and contact information is up to date, can avoid becoming the "low hanging fruit" that hijackers sometimes target. 

Similarly, the same sort of password best practices that apply to other areas of Internet security become even more critical in defending domain names against hijacking. Registrants should choose suitably complex passwords, update them regularly, and ensure that they are secure. 

Other techniques are slightly less obvious, but are imminently accessible to organizations seeking a higher level of protection against hijacking. 

Behind the scenes, some registries, including Verisign, are using two-factor authentication to protect registrants. Two-factor authentication requires the use of both remembered passwords with password-generating tokens in processing registration transfers. 

For the domains it operates, Verisign offers Registry Lock, which allows registrants to set the conditions under which their registration information can and cannot be changed. At the highest settings, Registry Lock requires direct, human-to-human interaction between Verisign and the registrar of record in order for a registration to be transferred. 

By taking advantage of Registry Lock and other locking tools offered by registrars, registrants can make it much less likely for their domain name registrations to be changed without their full knowledge and consent. 

The threat of domain name hijacking is very real, and organizations are right to be concerned. But with appropriate vigilance and effective tools, it is a threat that all organizations, large and small, can defend against. 

To learn more about how Verisign is working to keep you safe online visit our Cyber Security Resource Center.