Page semi-protected

Domain hijacking

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant, or by abuse of privileges on domain hosting and registrar(s) software systems.

This can be devastating to the original domain name holder, not only financially as they may have derived commercial income from a website hosted at the domain or conducted business through that domain's e-mail accounts,[1] but also in terms of readership and/or audience for non-profit or artistic web addresses. After a successful hijacking, the hijacker can use the domain name to facilitate other illegal activity such as phishing, where a website is replaced by an identical website that records private information such as log-in passwords, spam, or even distribution of malware, causing additional damage to third-parties to the wrongful loss and wrongful gain of the domain[2]

Description

Domain hijacking can be done in several ways, generally by unauthorized access to, or exploiting a vulnerability in the domain name registrar's system, through social engineering, or getting into the domain owner's email account that is associated with the domain name registration.[3]

A frequent tactic used by domain hijackers is to use acquired personal information about the actual domain owner to impersonate them and persuade the domain registrar to modify the registration information and/or transfer the domain to another registrar, a form of identity theft. Once this has been done, the hijacker has full control of the domain and can use it or sell it to a third party.

Other methods include email vulnerability, vulnerability at the domain-registration level, keyloggers, and phishing sites.[4]

Responses to discovered hijackings vary; sometimes the registration information can be returned to its original state by the current registrar, but this may be more difficult if the domain name was transferred to another registrar, particularly if that registrar resides in another country. If the stolen domain name has been transferred to another registrar, the losing registrar may invoke ICANN’s Registrar Transfer Dispute Resolution Policy to seek the return of the domain.[5]

In some cases the losing registrar for the domain name is not able to regain control over the domain, and the domain name owner may need to pursue legal action to obtain the court ordered return of the domain.[6]In some jurisdictions, police may arrest cybercriminals involved, or prosecutors may file indict.[7]

Although the legal status of domain hijacking was formerly thought to be unclear,[8] certain U.S. federal courts in particular have begun to accept causes of action seeking the return of stolen domain names.[9] Domain hijacking is analogous with theft, in that the original owner is deprived of the benefits of the domain, but theft traditionally relates to concrete goods such as jewelry and electronics, whereas domain name ownership is stored only in the digital state of the domain name registry, a network of computers. For this reason, court actions seeking the recovery of stolen domain names are most frequently filed in the location of the relevant domain registry.[10] In some cases, victims have pursued recovery of stolen domain names through ICANN's (Uniform Domain Name Dispute Resolution Policy (UDRP), but a number of UDRP panels have ruled that the policy is not appropriate for cases involving domain theft. Additionally, police may arrest cybercriminals involved.[11][12][13][14][15]

Documented Cases

  • During the Top level domain-based "dot com boom", the mass-media reported on the sensational case of a three-letter TLD. The "sex.com" cybercrime was a sensational case with sensational expense. The case cost over one hundred million dollars from preparing and committing the crime, the reporting and investigation of the crime, the court filings, prosecution, legal fees, and award of damages.[16]
  • Basketball superstar Mark Madsen unknowingly bought a "stolen" (or hijacked) URL by way of ebay auctions, by his bid of USD $111,000.00 to a Mr. Gonzalves who was later arrested and pleaded guilty to cybercrime allegations of illegally accessing and misusing a computer system.[17]

Prevention

ICANN imposes a 60-day waiting period between a change in registration information and a transfer to another registrar. This is intended to make domain hijacking more difficult, since a transferred domain is much more difficult to reclaim, and it is more likely that the original registrant will discover the change in that period and alert the registrar. Extensible Provisioning Protocol is used for many TLD registries, and uses an authorization code issued exclusively to the domain registrant as a security measure to prevent unauthorized transfers.[18]

There are certain steps that a domain-name owner can take to reduce the exposure to domain name hijacking.[19] The following suggestions may prevent an unwanted domain transfer:

  • Use strong email passwords and enable two-factor authentication if available.
  • Disable POP if your email provider is able to use a different protocol.
  • Tick the setting "always use https" under email options.
  • Frequently check the "unusual activity" flag if provided by your email service.
  • Use a two-step (two-factor) authentication if available.
  • Make sure to renew your domain registration in a timely manner—with timely payments and register them for at least five (5) years.
  • Use a domain-name registrar that offers enhanced transfer protection, i.e., “domain locking” and even consider paying for registry locking.
  • Makes sure your WHOIS information is up-to-date and really points to you and you only.
  • If you have 2500 or more domain names consider buying your own registrar.
  • Relief via the Inter-Registrar Dispute Process[4]

See also

References

  1. ^ Simon, Ruth. "Cybercriminals Are Misappropriating Businesses' Web Addresses As a Result, Customers Can't Find the Real Companies on the Web". The Wall Street Journal. The Wall Street Journal. Retrieved 12 September 2016. 
  2. ^ Weslow, David. "Dealing with cybersquatting: the wisdom of thinking ahead". TBO: Trademarks & Brands Online. Retrieved 12 September 2016. 
  3. ^ "CLBR Featured Segment: David Weslow on Domain Theft". Cyber Law Radio. Retrieved 12 September 2016. 
  4. ^ a b "Domain Name Hijacking". 31 December 2014. 
  5. ^ "Registrar Transfer Dispute Resolution Policy". ICANN. Retrieved 12 September 2016. 
  6. ^ "Domain name theft: Knowing where to turn". TBO: Trademarks & Brands Online. Retrieved 12 September 2016. 
  7. ^ https://www.techdirt.com/articles/20090804/0217125767.shtml
  8. ^ Smith, Gerry. "When Hackers Steal A Web Address, Few Owners Ever Get It Back". The Huffington Post. 
  9. ^ Berkens, Michael. "Wiley Rein Files Suit Over 14 Stolen Domain Names: 9 Are 3 Letter .com's". The Domains. 
  10. ^ Allemann, Andrew. "Lawsuit filed to recover stolen three letter domain names". Domain Name Wire. Retrieved 13 September 2016. 
  11. ^ https://www.techdirt.com/articles/20090804/0217125767.shtml
  12. ^ "WIPO Arbitration and Mediation Center". Retrieved 12 September 2016. 
  13. ^ "WIPO Arbitration and Mediation Center". WIPO: World Intellectual Property Organization. 
  14. ^ "Mascot Media Circle, LLC dba OnlineMBA v. WhoIsGuard, Inc. / Ahmed Guettouche Case No. D2015-1209". WIPO: World Intellectual Property Organization. Retrieved 12 September 2016. 
  15. ^ "DECISION Donald Williams v. wangyan hong". Forum: Arbitration, Mediation, International. Retrieved 2017-04-23. 
  16. ^ https://www.cnet.com/news/sex-com-domain-hijacker-captured/
  17. ^ https://www.slamonline.com/archives/man-who-sold-web-domain-to-mark-madsen-going-to-jail/
  18. ^ Internet Corporation For Assigned Names and Numbers (15 July 2005). "DOMAIN NAME HIJACKING: INCIDENTS, THREATS, RISKS, AND REMEDIAL ACTIONS" (PDF). Retrieved 17 October 2014. 
  19. ^ Cyger, Michael. "Help! My Domain Name Was Stolen (And 3 Ways to Recover It) – With David Weslow". Domain Sherpa. Retrieved 12 September 2016. 

External links