Domain hijacking
   HOME

TheInfoList



Click Here for Items Related To - Domain hijacking
OR:
Domain hijacking on:   [Wikipedia]   [Google]   [Amazon]

Domain hijacking or domain theft is the act of changing the registration of a
domain name A domain name is a string that identifies a realm of administrative autonomy, authority or control within the Internet. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. As ...
without the permission of its original registrant, or by abuse of privileges on domain hosting and registrar software systems. This can be devastating to the original domain name holder, not only financially as they may have derived commercial income from a website hosted at the domain or conducted business through that domain's e-mail accounts, but also in terms of readership and/or audience for non-profit or artistic web addresses. After a successful hijacking, the hijacker can use the domain name to facilitate other illegal activity such as
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwa ...
, where a website is replaced by an identical website that records private information such as log-in passwords, spam, or may distribute malware from the perceived "trusted" domain


Description

Domain hijacking can be done in several ways, generally by unauthorized access to, or exploiting a vulnerability in the domain name registrar's system, through social engineering, or getting into the domain owner's email account that is associated with the domain name registration. A frequent tactic used by domain hijackers is to use acquired personal information about the actual domain owner to impersonate them and persuade the domain
registrar A registrar is an official keeper of records made in a register. The term may refer to: Education * Registrar (education), an official in an academic institution who handles student records * Registrar of the University of Oxford, one of the se ...
to modify the registration information and/or transfer the domain to another registrar, a form of
identity theft Identity theft occurs when someone uses another person's personal identifying information, like their name, identifying number, or credit card number, without their permission, to commit fraud or other crimes. The term ''identity theft'' was c ...
. Once this has been done, the hijacker has full control of the domain and can use it or sell it to a third party. Other methods include email vulnerability, vulnerability at the domain-registration level, keyloggers, and phishing sites. Responses to discovered hijackings vary; sometimes the registration information can be returned to its original state by the current registrar, but this may be more difficult if the domain name was transferred to another registrar, particularly if that registrar resides in another country. If the stolen domain name has been transferred to another registrar, the losing registrar may invoke ICANN's Registrar Transfer Dispute Resolution Policy to seek the return of the domain. In some cases the losing registrar for the domain name is not able to regain control over the domain, and the domain name owner may need to pursue legal action to obtain the court ordered return of the domain. In some jurisdictions, police may arrest cybercriminals involved, or prosecutors may file indictments. Although the legal status of domain hijacking was formerly thought to be unclear, certain U.S. federal courts in particular have begun to accept causes of action seeking the return of stolen domain names. Domain hijacking is analogous with theft, in that the original owner is deprived of the benefits of the domain, but
theft Theft is the act of taking another person's property or services without that person's permission or consent with the intent to deprive the rightful owner of it. The word ''theft'' is also used as a synonym or informal shorthand term for som ...
traditionally relates to concrete goods such as jewelry and electronics, whereas domain name ownership is stored only in the digital state of the domain name registry, a network of computers. For this reason, court actions seeking the recovery of stolen domain names are most frequently filed in the location of the relevant domain registry. In some cases, victims have pursued recovery of stolen domain names through ICANN's ( Uniform Domain Name Dispute Resolution Policy (UDRP), but a number of UDRP panels have ruled that the policy is not appropriate for cases involving domain theft. Additionally, police may arrest cybercriminals involved.


Notable cases

* During the original "
dot com boom The dot-com bubble (dot-com boom, tech bubble, or the Internet bubble) was a stock market bubble in the late 1990s, a period of massive growth in the use and adoption of the Internet. Between 1995 and its peak in March 2000, the Nasdaq Compos ...
", there was extensive media coverage of the hijacking of "sex.com". * Basketball player Mark Madsen unknowingly bought a "stolen" (or hijacked) URL by way of eBay auctions. * In 2015 Lenovo's website and Google's main search page for Vietnam were briefly hijacked. * In early 2021, Perl’s domain was briefly hijacked, causing a relatively major issue with CPAN. * In early May 2022, Minecraft server Hypixel got hijacked, with its players being redirected to a page attempting to fool players into donating to the hacker's crypto wallets. The page then shortly afterwards redirected players to a music video.


Prevention

ICANN imposes a 60-day waiting period between a change in registration information and a transfer to another registrar. This is intended to make domain hijacking more difficult, since a transferred domain is much more difficult to reclaim, and it is more likely that the original registrant will discover the change in that period and alert the registrar.
Extensible Provisioning Protocol The Extensible Provisioning Protocol (EPP) is a flexible protocol designed for allocating objects within registries over the Internet. The motivation for the creation of EPP was to create a robust and flexible protocol that could provide communicat ...
is used for many
TLD A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in ...
registries, and uses an authorization code issued exclusively to the domain registrant as a security measure to prevent unauthorized transfers. There are certain steps that a domain-name owner can take to reduce the exposure to domain name hijacking. The following suggestions may prevent an unwanted domain transfer: * Use strong email passwords and enable two-factor authentication if available. * Disable POP if your email provider is able to use a different protocol. * Tick the setting "always use https" under email options. * Frequently check the "unusual activity" flag if provided by your email service. * Use a two-step (two-factor) authentication if available. * Make sure to renew your domain registration in a timely manner—with timely payments and register them for at least five (5) years. * Use a domain-name registrar that offers enhanced transfer protection, i.e., "domain locking" and even consider paying for registry locking. * Make sure your WHOIS information is up-to-date and really points to you and you only. * If you have 2500 or more domain names consider buying your own registrar. * Relief via the Inter-Registrar Dispute Process.


RFC’s

* - Generic Registry-Registrar Protocol Requirements * - Guidelines for Extending EPP * - Domain Registry Grace Period Mapping (e.g. Add Grace Period, Redemption Grace Period) * - Using EPP for
ENUM Telephone number mapping is a system of unifying the international telephone number system of the public switched telephone network with the Internet addressing and identification name spaces. Internationally, telephone numbers are systematica ...
addresses * - Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP) (obsoletes , DNSSEC) * - Extensible Provisioning Protocol (EPP) (obsoletes , which obsoleted ) * - Extensible Provisioning Protocol (EPP) Domain Name Mapping (obsoletes ) * - Extensible Provisioning Protocol (EPP) Host Mapping (obsoletes ) * - Extensible Provisioning Protocol (EPP) Contact Mapping (obsoletes ) * - Extensible Provisioning Protocol (EPP) Transport over TCP (obsoletes )


See also

*
Cybercrime A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing th ...
*
Cybersquatting Cybersquatting (also known as domain squatting) is the practice of registering, trafficking in, or using an Internet domain name, with a bad faith intent to profit from the goodwill of a trademark belonging to someone else. The term is derived ...
*
DNS hijacking DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server unde ...
* Domain tasting


References


External links


Wall Street Journal: Web-Address Theft Is Everyday Event


* ttps://www.youtube.com/watch?v=CKPoPsxvXXU Quotes from Landmark 2011 Domain Name Theft Case: First U.S. Criminal Conviction {{DEFAULTSORT:Domain Hijacking Domain Name System Cybercrime