Domain hijacking

Last updated

Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant, or by abuse of privileges on domain hosting and registrar software systems. [1]

Contents

This can be devastating to the original domain name holder, not only financially as they may have derived commercial income from a website hosted at the domain or conducted business through that domain's e-mail accounts, [2] but also in terms of readership and/or audience for non-profit or artistic web addresses. After a successful hijacking, the hijacker can use the domain name to facilitate other illegal activity such as phishing, where a website is replaced by an identical website that records private information such as log-in passwords, spam, or may distribute malware from the perceived "trusted" domain. [3]

Description

Domain hijacking can be done in several ways, generally by unauthorized access to, or exploiting a vulnerability in the domain name registrar's system, through social engineering, or getting into the domain owner's email account that is associated with the domain name registration. [4]

A frequent tactic used by domain hijackers is to use acquired personal information about the actual domain owner to impersonate them and persuade the domain registrar to modify the registration information and/or transfer the domain to another registrar, a form of identity theft. Once this has been done, the hijacker has full control of the domain and can use it or sell it to a third party.

Other methods include email vulnerability, vulnerability at the domain-registration level, keyloggers, and phishing sites. [5]

Responses to discovered hijackings vary; sometimes the registration information can be returned to its original state by the current registrar, but this may be more difficult if the domain name was transferred to another registrar, particularly if that registrar resides in another country. If the stolen domain name has been transferred to another registrar, the losing registrar may invoke ICANN's Registrar Transfer Dispute Resolution Policy to seek the return of the domain. [6]

In some cases the losing registrar for the domain name is not able to regain control over the domain, and the domain name owner may need to pursue legal action to obtain the court ordered return of the domain. [7] In some jurisdictions, police may arrest cybercriminals involved, or prosecutors may file indictments. [8]

Although the legal status of domain hijacking was formerly thought to be unclear, [9] certain U.S. federal courts in particular have begun to accept causes of action seeking the return of stolen domain names. [10] Domain hijacking is analogous with theft, in that the original owner is deprived of the benefits of the domain, but theft traditionally relates to concrete goods such as jewelry and electronics, whereas domain name ownership is stored only in the digital state of the domain name registry, a network of computers. For this reason, court actions seeking the recovery of stolen domain names are most frequently filed in the location of the relevant domain registry. [11] In some cases, victims have pursued recovery of stolen domain names through ICANN's (Uniform Domain Name Dispute Resolution Policy (UDRP), but a number of UDRP panels have ruled that the policy is not appropriate for cases involving domain theft. Additionally, police may arrest cybercriminals involved. [8] [12] [13] [14] [15]

Notable cases

Prevention

ICANN imposes a 60-day waiting period between a change in registration information and a transfer to another registrar. This is intended to make domain hijacking more difficult, since a transferred domain is much more difficult to reclaim, and it is more likely that the original registrant will discover the change in that period and alert the registrar. Extensible Provisioning Protocol is used for many TLD registries, and uses an authorization code issued exclusively to the domain registrant as a security measure to prevent unauthorized transfers. [21]

RFC’s

See also

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

<span class="mw-page-title-main">ICANN</span> American nonprofit organization that coordinates several Internet address databases

The Internet Corporation for Assigned Names and Numbers is a global multistakeholder group and nonprofit organization head-quartered in the United States responsible for coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet, ensuring the Internet's stable and secure operation. ICANN performs the actual technical maintenance work of the Central Internet Address pools and DNS root zone registries pursuant to the Internet Assigned Numbers Authority (IANA) function contract. The contract regarding the IANA stewardship functions between ICANN and the National Telecommunications and Information Administration (NTIA) of the United States Department of Commerce ended on October 1, 2016, formally transitioning the functions to the global multistakeholder community.

<span class="mw-page-title-main">Domain name</span> Identification string in the Internet

In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority or control. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. As of December 2023, 359.8 million domain names had been registered. Domain names are used in various networking contexts and for application-specific naming and addressing purposes. In general, a domain name identifies a network domain or an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, or a server computer.

A domain name registry is a database of all domain names and the associated registrant information in the top level domains of the Domain Name System (DNS) of the Internet that enables third party entities to request administrative control of a domain name. Most registries operate on the top-level and second-level of the DNS.

Telephone number mapping is a system of unifying the international telephone number system of the public switched telephone network with the Internet addressing and identification name spaces. Internationally, telephone numbers are systematically organized by the E.164 standard, while the Internet uses the Domain Name System (DNS) for linking domain names to IP addresses and other resource information. Telephone number mapping systems provide facilities to determine applicable Internet communications servers responsible for servicing a given telephone number using DNS queries.

Reverse domain name hijacking, occurs where a rightful trademark owner attempts to secure a domain name by making cybersquatting claims against a domain name’s "cybersquatter" owner. This often intimidates domain name owners into transferring ownership of their domain names to trademark owners to avoid legal action, particularly when the domain names belong to smaller organizations or individuals. Reverse domain name hijacking is most commonly enacted by larger corporations and famous individuals, in defense of their rightful trademark or to prevent libel or slander.

A domain name registrar is a company that manages the reservation of Internet domain names. A domain name registrar must be accredited by a generic top-level domain (gTLD) registry or a country code top-level domain (ccTLD) registry. A registrar operates in accordance with the guidelines of the designated domain name registries.

Domain name speculation, popular as domaining in professional jargon, is the practice of identifying and registering or acquiring generic Internet domain names as an investment with the intent of selling them later for a profit.

The Extensible Provisioning Protocol (EPP) is a flexible protocol designed for allocating objects within registries over the Internet. The motivation for the creation of EPP was to create a robust and flexible protocol that could provide communication between domain name registries and domain name registrars. These transactions are required whenever a domain name is registered or renewed, thereby also preventing domain hijacking. Prior to its introduction, registries had no uniform approach, and many different proprietary interfaces existed. While its use for domain names was the initial driver, the protocol is designed to be usable for any kind of ordering and fulfilment system.

The Anticybersquatting Consumer Protection Act (ACPA), 15 U.S.C. § 1125(d),(passed as part of Pub. L.Tooltip Public Law  106–113 ) is a U.S. law enacted in 1999 that established a cause of action for registering, trafficking in, or using a domain name confusingly similar to, or dilutive of, a trademark or personal name. The law was designed to thwart "cybersquatters" who register Internet domain names containing trademarks with no intention of creating a legitimate web site, but instead plan to sell the domain name to the trademark owner or a third party. Critics of the ACPA complain about the non-global scope of the Act and its potential to restrict free speech, while others dispute these complaints. Before the ACPA was enacted, trademark owners relied heavily on the Federal Trademark Dilution Act (FTDA) to sue domain name registrants. The FTDA was enacted in 1995 in part with the intent to curb domain name abuses. The legislative history of the FTDA specifically mentions that trademark dilution in domain names was a matter of Congressional concern motivating the Act. Senator Leahy stated that "it is my hope that this anti-dilution statute can help stem the use of deceptive Internet addresses taken by those who are choosing marks that are associated with the products and reputations of others".

<span class="mw-page-title-main">.ae</span> Country code top-level domain for the United Arab Emirates

.ae is the country code top-level domain (ccTLD) in the Domain Name System of the Internet for the United Arab Emirates. It is administered by .aeDA which is part of the Telecommunications and Digital Government Regulatory Authority of UAE (TDRA).

.ai is the Internet country code top-level domain (ccTLD) for Anguilla, a British Overseas Territory in the Caribbean. It is administered by the government of Anguilla.

<span class="mw-page-title-main">.tw</span> Internet country-code top-level domain for Taiwan

.tw is the Internet country code top-level domain (ccTLD) for Taiwan. The domain name is based on the ISO 3166-1 alpha-2 country code TW. The registry is maintained by the Taiwan Network Information Center (TWNIC), a Taiwanese non-profit organization appointed by the National Communications Commission (NCC) and the Ministry of Transportation and Communication. Since 1 March 2001, TWNIC has stopped allowing itself to sign up new domain names directly, instead allowing new registration through its contracted reseller registrars. As of May 2023, there are 17 registrars.

The Uniform Domain-Name Dispute-Resolution Policy (UDRP) is a process established by the Internet Corporation for Assigned Names and Numbers (ICANN) for the resolution of disputes regarding the registration of internet domain names. The UDRP currently applies to all generic top level domains, some country code top-level domains, and to all new generic top-level domains.

<span class="mw-page-title-main">.ph</span> Internet country code top-level domain for the Philippines

.ph is the Internet country code top-level domain (ccTLD) for the Philippines.

WHOIS is a query and response protocol that is used for querying databases that store an Internet resource's registered users or assignees. These resources include domain names, IP address blocks and autonomous systems, but it is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The current iteration of the WHOIS protocol was drafted by the Internet Society, and is documented in RFC 3912.

An Auth-Code, also known as an EPP code, authorization code, transfer code, or Auth-Info Code, is a generated passcode required to transfer an Internet domain name between domain registrars; the code is intended to indicate that the domain name owner has authorized the transfer.

<span class="mw-page-title-main">.biz</span>

.biz is a generic top-level domain (gTLD) in the Domain Name System of the Internet. It is intended for registration of domains to be used by businesses. The name is a phonetic spelling of the first syllable of business.

Domain registration is the process of acquiring a domain name from a domain name registrar.

The Registration Data Access Protocol (RDAP) is a computer network communications protocol standardized by a working group at the Internet Engineering Task Force in 2015, after experimental developments and thorough discussions. It is a successor to the WHOIS protocol, used to look up relevant registration data from such Internet resources as domain names, IP addresses, and autonomous system numbers.

References

  1. "Preventing Risks From Subdomain Takeover - Cloud Exploits". The Hack Report. 10 February 2021. Retrieved 14 April 2021.
  2. Simon, Ruth (12 March 2015). "Cybercriminals Are Misappropriating Businesses' Web Addresses As a Result, Customers Can't Find the Real Companies on the Web". The Wall Street Journal. The Wall Street Journal. Retrieved 12 September 2016.
  3. Weslow, David. "Dealing with cybersquatting: the wisdom of thinking ahead". TBO: Trademarks & Brands Online. Archived from the original on 31 March 2022. Retrieved 12 September 2016.
  4. "CLBR Featured Segment: David Weslow on Domain Theft". Cyber Law Radio. July 2015. Retrieved 12 September 2016.
  5. "Domain Name Hijacking". 31 December 2014. Archived from the original on 12 December 2016. Retrieved 13 May 2017.
  6. "Registrar Transfer Dispute Resolution Policy". ICANN. Retrieved 12 September 2016.
  7. "Domain name theft: Knowing where to turn". TBO: Trademarks & Brands Online. Retrieved 12 September 2016.
  8. 1 2 Mike Masnick (4 August 2009). "Criminal Prosecution For Domain Hijacking". Techdirt. Retrieved 19 June 2019.
  9. Smith, Gerry (29 September 2014). "When Hackers Steal A Web Address, Few Owners Ever Get It Back". Huffington Post.
  10. Berkens, Michael. "Wiley Rein Files Suit Over 14 Stolen Domain Names: 9 Are 3 Letter .com's". The Domains.
  11. Allemann, Andrew (23 October 2014). "Lawsuit filed to recover stolen three letter domain names". Domain Name Wire. Retrieved 13 September 2016.
  12. "WIPO Arbitration and Mediation Center" . Retrieved 12 September 2016.
  13. "WIPO Arbitration and Mediation Center". WIPO: World Intellectual Property Organization.
  14. "Mascot Media Circle, LLC dba OnlineMBA v. WhoIsGuard, Inc. / Ahmed Guettouche Case No. D2015-1209". WIPO: World Intellectual Property Organization. Retrieved 12 September 2016.
  15. "DECISION Donald Williams v. wangyan hong". Forum: Arbitration, Mediation, International. Retrieved 23 April 2017.
  16. Dawn Kawamoto. "Sex.com domain hijacker captured". CNET. Retrieved 19 June 2019.
  17. "Man Who Sold Web Domain to Mark Madsen Going to Jail | SLAM". Slamonline.com. 26 July 2011. Retrieved 19 June 2019.
  18. Kirk, Jeremy (26 February 2015). "Lenovo, Google websites hijacked by DNS attacks". PC World. Retrieved 12 October 2018.
  19. Richard Speed. "Perl-clutching hijackers appear to have seized control of 33-year-old programming language's .com domain • The Register". The Register. Retrieved 16 March 2024.
  20. brian d foy. "The Hijacking of Perl.com". Perl.com. Retrieved 16 March 2024.
  21. Internet Corporation For Assigned Names and Numbers (15 July 2005). "DOMAIN NAME HIJACKING: INCIDENTS, THREATS, RISKS, AND REMEDIAL ACTIONS" (PDF). Retrieved 17 October 2014.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.