Hundreds of high profile sites unprotected from domain hijacking

Hundreds of high profile sites unprotected from domain hijacking

Summary: A MarkMonitor review indicates that less than 10% of the top 300 high trafficked sites have adopted VeriSign's Registry Lock Service.

SHARE:
233

A MarkMonitor review of the adoption of VeriSign's Registry Lock Service launched at the beginning of the year, shows that less than 10% of the top 300 most highly trafficked sites were protected using it.

Should a company entrust the integrity of its high value Web property to a domain registrar, or a DNS service provider in the wake of the most recent Twitter and Baidu domain hijackings? How much damage can be done to brand's reputation in an event of domain hijacking? Where's the weakest link?

Go through the Q&A with Elisa Cooper, Director, Product Marketing, at MarkMonitor.

Were you surprised to find out that less than 10% of the 300 top high trafficked web sites were using the newly introduced "Registry Lock Service"?

Elisa: I was disappointed to see that the adoption of this service was so low, but not entirely surprised because most registrars are not actively promoting or even offering it, in many cases.

What exactly is the VeriSign's Registry Lock Service, and how does it differentiate itself from the already established services offered by a domain registrar?

Elisa: Unlike security options offered by registrars, VeriSign's Registry Lock Service secures domains at the registry-level. The only way domains with this setting can be updated is if the registrar contacts VeriSign and completes a specific set of security protocols.

So even if a registrant's credentials are compromised, or hackers infiltrate a registrar's back-end system, domains with this security setting can not be updated in any way. At MarkMonitor, only a limited number of individuals know how to complete this set of security protocols to add a further check-and-balance to the process.

Why do you think the companies remain reluctant to implement the service? Lack of awareness building on its existence, or a false feeling of security offered by the protection currently in place on their domain registrars?

Elisa: I think that a number of factors are in play. While this service is not actively promoted or offered, even by corporate-only registrars, due to the added responsibility of working directly with the registry to complete legitimate updates, the bigger issue is that many high-profile domains are still registered with retail registrars.

The business models of retail registrars are focused on providing high-volume, highly-automated registration services and this type of security solution falls outside that model.  Retail registrars would find it extremely difficult, if not impossible, to offer such a service.

How much damage do you think can be caused to a brand's reputation in case of a DNS hijacking incident? Is the negative publicity a short-lived PR disaster, or do you think there are other long-term negative issues that the company is facing?

Elisa:If a website is only providing information, and is not collecting credential information, I think that the harm caused is likely to be short-lived. However, for sites collecting credential information - even basic information like a username/password combination - or conducting transactions, I think that effects could be longer lasting as visitors of the affected site may be reluctant to provide sensitive information fearing that they may have fallen prey to a phishing scam.

Despite the fact that so far, we haven't seen embedded malware attacks in any of the high profile DNS hijacking incidents, how realistic do you think is a scenario where the attackers move beyond their hacktivist ambitions, and go truly malicious? Would such an event drive growth in the adoption of Registry Lock Services?

Elisa: I definitely think that is possible, and I am frankly surprised that we haven't seen these types of attacks yet. I would hate to have to come to the point where this type of event is the driving factor for the adoption of this service.

Where's the weakest link? The domain registrar, the domain registrant, or both are equally susceptible to the social engineering attacks most commonly used in the successful DNS hijacking incidents?

We've seen instances of attacks targeted at both the registrant and the registrar. Although the registrants of highly-trafficked domains are sophisticated and would not likely fall prey to simple phishing scams, I am concerned about the possible use of keyword loggers to collect credential information to access domain management portals.

I think also that domains that are registered by large retail registrars are also highly vulnerable to social engineering attacks. At this point, I'd say that both are equally vulnerable but that there are a number of security measures that can be implemented including Two-Factor authentication of users, restrictions to online management tools by IP Address, and of course, VeriSign's Registry Lock Service.

Consider going through related posts on high profile DNS/Domain hijackings from the past two years, including details on how the incidents took place:

The message from MarkMonitor's findings is clear - leaving the faith of your Web property into the hands of a domain registrar or a DNS service provider, is the worst thing you could do given the availability of additional layers of security.

Topics: Networking, Browser, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

233 comments
Log in or register to join the discussion
  • NT

    Just replying so I can subscribe
    AzuMao
  • This looks like a paid advertisement to me.

    nt
    Dietrich T. Schmitz, Linux Advocate
    • RE: This looks like a paid advertisement to me

      - sarcasm ON - I know, but wasn't AppArmor supposed to filter "ads" like these? How are you even seeing this on Ubuntu? :)

      - sarcasm OFF - Although I doubt you read the entire Q&A, the unique value proposition of this service clearly aimed at high profile sites, makes the current "security features" offered by a domain registrar look like "deceptive advertising" in the first place.

      Hence, the reason for including some of the high profile DNS/domain hijacking incidents that took place over the past two years - to help the reader/decision maker draw his/her own conclusions on where's the weakest link, based on real-life events.
      ddanchev
      • Oh, that's gotta hurt.

        Dancho's knee thrust forcefully into his chinny chin chin.

        Seriously, ZDNET gets paid for running these stories, which is fine, so long as they disclose such (new FCC rules went into effect in Dec. 2009).

        I hope you are OK. ;)
        Dietrich T. Schmitz, Linux Advocate
        • Pwnd by Dancho

          [i]- sarcasm ON - I know, but wasn't AppArmor supposed to filter "ads" like these? How are you even seeing this on Ubuntu?[/i] :)

          It's his job to look for the weakest link in a given suit of armor. You know that.

          WAR Dancho
          klumper
          • Big time!

            That line of his cracked me up.
            Loverock Davidson
          • I'll give you that

            Your efforts have not been in vain, or so it appears.

            [Waits for Ed Bott to make a cameo appearance and *sigh*]
            klumper
  • RE: Hundreds of high profile sites unprotected from domain hijacking

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">sesli sohbet</a> <a href="http://www.yuregininsesi.com">sesli chat</a>
    efsane
  • RE: Hundreds of high profile sites unprotected from domain hijacking

    Thank you for bringing more information to this topic for me. Im truly grateful and really impressed.

    Best Regards
    <a href="http://www.seogoogler.com">SEO INDIA </a>
    jessiccarobertt
  • Blog Commenting Service

    Thats all I are able to say. You most absolutely have built this blog website into something special. You clearly know what you are working on, youve insured so many corners. thanks.<a href="http://www.blog-commenting-service.net/">Blog Commenting Service</a>
    ashcbl32
  • Blog Commenting Service

    Thats all I are able to say. You most absolutely have built this blog website into something special. You clearly know what you are working on, youve insured so many corners. thanks[url=http://www.blog-commenting-service.net/]Blog Commenting Service[/url]
    ashcbl32
  • Directory Submission service

    It is important to choose right one since the first time. Nice post to hang on. I really loved it the way of the stuff provided in this article.<a href="http://www.manualdirectorysubmissionservices.net">Directory Submission service</a>
    ashcbl32
  • Directory Submission service

    It is important to choose right one since the first time. Nice post to hang on. I really loved it the way of the stuff provided in this article.[url=http://www.manualdirectorysubmissionservices.net]Directory Submission service[/url]
    ashcbl32
  • social bookmarking service

    I ever further to simulation the evaluation noesis and this event I recovered in you communicator. Your article has helped me to understand this subject on a different level.<a href="http://www.social-bookmarking-service.org">social bookmarking service</a>
    ashcbl32
  • social bookmarking service

    I ever further to simulation the evaluation noesis and this event I recovered in you communicator. Your article has helped me to understand this subject on a different level.[url=http://www.social-bookmarking-service.org/]social bookmarking service[/url]
    ashcbl32
  • Plagiarism Software

    There are so many developers working on this segment but this is one of the best innovative idea ever. Thanks for sharing it here.Another great example of innovation,[url=http://www.plagiarismsoftware.net/]Plagiarism Software[/url]
    ashcbl32
  • seo copywriting services

    Feel free to visit my buy portfolio lighting site. Eventually i am come here and want to say you that thanks for sharing your concept regarding the post.[url=http://freelanceseocopywritingservices.com/]seo copywriting services[/url]
    ashcbl32
  • cheap SEO Services

    Thats all I are able to say. You most absolutely have built this blog website into something speciel. You clearly know what you are working on, youve insured so many corners. thanks[url=http://www.contentarcade.com/seo-services.html]cheap SEO Services[/url]
    ashcbl32
  • kids birthday parties

    I think your suggestion would be helpful for me. I will let you know if this works for me Thanks and keep posting such a informative blogs.[url=http://www.kidsbirthdayparties.org/]kids birthday parties[/url]
    ashcbl32
  • MP3 Players

    Some writers make it difficult to understand the point they???re trying to get across. You, the other hand have made your points clear, concise and interesting.[url=http://www.mavenmp3.com/]MP3 Players[/url]
    ashcbl32