How can you protect your domain from theft
Our company is committed to helping users improve resource stability by monitoring accessibility . We understand that the stability of the site is not only reliable hosting and smart software. An important component is the concern for the safety of subordinate resources. Today we would like to talk about an equally important issue - compliance with security measures when working with a domain registrar.
The domain of the website is a virtual “alter ego” of both individuals and institutions and enterprises. That is why various organizations, both large and small, are expressing growing concern about reports of “domain name theft”, when attackers fraudulently transfer the domain to another registrant through password theft or social engineering. The consequences of such virtual attacks can be quite unpleasant, since in most cases after successful theft, thieves are able to establish complete control over the victim's domain - often for a long period of time. During this time, they manage to mislead and deceive money from the clients of the hapless owner, copy his registration data or other confidential information, use the stolen domain as a launching pad for hacker attacks and the spread of malicious programs, or simply spoil the hard work reputation of the victim and its brand.
A domain name theft occurs when an attacker forges the victim's registration information and transfers the domain to another person, thus taking it away from the legal registrant and acquiring full administrative and operational control over it.
')
For this purpose, thieves use a variety of different techniques, ranging from spyware and keyboard recorders to so-called “social engineering,” when deceivers impersonate a registrant or another person in a chain of certificates in order to gain access to passwords and personal data. However, no matter what means the attacker uses, domain theft is always fraught with serious trouble for the owner. Once a thief seizes control of a domain, he gains complete freedom of action to use it for his own dishonest purposes, from creating his own fraudulent website or posting illegal and dangerous content to blackmail and extortion of money from the original owner.
Worse, depending on the level of the hacker’s scammer’s skills, a stolen domain can be very hard to get back, as stolen registrations are often “washed” by passing them through a series of various fake registrants in order to make the recovery process as difficult as possible for the legitimate owner. How effective this tactic will be is partly dependent on the vigilance with which a potential victim monitors his domain name. However, even the most thorough monitoring does not give a 100% guarantee of protection, since hackers can be unusually tricky without touching the records of domain name servers and e-mail until the stolen domain passes through several transfers.
Although the risk of domain theft is great, this threat can be significantly reduced by properly planning and using adequate techniques to mitigate potential damage. For example, in SAC044 [PDF], “Instructions for Protecting Domain Name Registration Accounts for Registrants”, the ICANN Stability and Security Advisory Committee (the International Organization for the Distribution of Names and Numbers) recommends that owners organize routine monitoring of domains to identify, isolate and identify any suspicious or malicious activity. Keeping track of any activities related to making changes to the Whois and DNS, setting and monitoring the status / services of domain blocking are the techniques that the registrant should regularly use. In addition, SAC040 [PDF], “Measures to Protect Domain Registration Services from Unfair Operation and Criminal Use,” describes a number of well-known and high-profile cases involving domain theft, and offers additional background information on protecting a domain name from intruders.
Registrants should carefully familiarize themselves with the protective equipment offered by their registrar and make the most of the proposed tools. Such information can significantly contribute to reducing the risk of domain theft. The vast majority of registrars are well aware of the potential threat and make considerable efforts to protect their customers from fraud. Actively keeping in touch with your registrars, and ensuring that your registration and contact information is not outdated, you will no longer be a “easy target” for hackers, which, as a rule, thieves are aiming at.
For .com, .net [PDF], .name [PDF], .tv and .cc domains , VeriSign offers a special “Registry Lock” service, through which registrars can provide registrants with protection of the domain name / domain name server records at the server level . “Registry Lock” was designed to be used along with the registrar’s own defenses, and thus increase the overall security of domain names and mitigate the potential consequences of their theft, unintentional or reckless removal, transfer or renewal. “Registry Lock” allows registrants to set conditions, under which their registration data can, and under which cannot be changed. At the maximum level of protection, “Registry Lock” requires direct “live” interaction between the recorder and the VeriSign representative in order to transfer the registration.
Using domain blocking tools offered by registrars, registrants can significantly reduce the likelihood of changing the domain registration without their knowledge or consent.
So, today on the Internet there is a very tangible threat of domain theft, from which, in other respects, you can defend yourself very easily. With proper vigilance and the use of effective tools and protection techniques, both large and small organizations can significantly reduce the risk of losing your domain name. It is imperative that registrants view all elements of the DNS ecosystem (registrars, DNS providers, registration operators, etc.) as part of the attack surface, and during the implementation of the risk management procedure, treat them with equal caution than other assets of the organization.
Article translated specifically for the corporate blog Host-tracker.com - service monitoring site performance.
The threat of domain theft
The domain of the website is a virtual “alter ego” of both individuals and institutions and enterprises. That is why various organizations, both large and small, are expressing growing concern about reports of “domain name theft”, when attackers fraudulently transfer the domain to another registrant through password theft or social engineering. The consequences of such virtual attacks can be quite unpleasant, since in most cases after successful theft, thieves are able to establish complete control over the victim's domain - often for a long period of time. During this time, they manage to mislead and deceive money from the clients of the hapless owner, copy his registration data or other confidential information, use the stolen domain as a launching pad for hacker attacks and the spread of malicious programs, or simply spoil the hard work reputation of the victim and its brand.
Typical theft scenarios
A domain name theft occurs when an attacker forges the victim's registration information and transfers the domain to another person, thus taking it away from the legal registrant and acquiring full administrative and operational control over it.
')
For this purpose, thieves use a variety of different techniques, ranging from spyware and keyboard recorders to so-called “social engineering,” when deceivers impersonate a registrant or another person in a chain of certificates in order to gain access to passwords and personal data. However, no matter what means the attacker uses, domain theft is always fraught with serious trouble for the owner. Once a thief seizes control of a domain, he gains complete freedom of action to use it for his own dishonest purposes, from creating his own fraudulent website or posting illegal and dangerous content to blackmail and extortion of money from the original owner.
Worse, depending on the level of the hacker’s scammer’s skills, a stolen domain can be very hard to get back, as stolen registrations are often “washed” by passing them through a series of various fake registrants in order to make the recovery process as difficult as possible for the legitimate owner. How effective this tactic will be is partly dependent on the vigilance with which a potential victim monitors his domain name. However, even the most thorough monitoring does not give a 100% guarantee of protection, since hackers can be unusually tricky without touching the records of domain name servers and e-mail until the stolen domain passes through several transfers.
How to reduce the threat of domain theft
Although the risk of domain theft is great, this threat can be significantly reduced by properly planning and using adequate techniques to mitigate potential damage. For example, in SAC044 [PDF], “Instructions for Protecting Domain Name Registration Accounts for Registrants”, the ICANN Stability and Security Advisory Committee (the International Organization for the Distribution of Names and Numbers) recommends that owners organize routine monitoring of domains to identify, isolate and identify any suspicious or malicious activity. Keeping track of any activities related to making changes to the Whois and DNS, setting and monitoring the status / services of domain blocking are the techniques that the registrant should regularly use. In addition, SAC040 [PDF], “Measures to Protect Domain Registration Services from Unfair Operation and Criminal Use,” describes a number of well-known and high-profile cases involving domain theft, and offers additional background information on protecting a domain name from intruders.
Registrants should carefully familiarize themselves with the protective equipment offered by their registrar and make the most of the proposed tools. Such information can significantly contribute to reducing the risk of domain theft. The vast majority of registrars are well aware of the potential threat and make considerable efforts to protect their customers from fraud. Actively keeping in touch with your registrars, and ensuring that your registration and contact information is not outdated, you will no longer be a “easy target” for hackers, which, as a rule, thieves are aiming at.
Tools to block the domain from being stolen
For .com, .net [PDF], .name [PDF], .tv and .cc domains , VeriSign offers a special “Registry Lock” service, through which registrars can provide registrants with protection of the domain name / domain name server records at the server level . “Registry Lock” was designed to be used along with the registrar’s own defenses, and thus increase the overall security of domain names and mitigate the potential consequences of their theft, unintentional or reckless removal, transfer or renewal. “Registry Lock” allows registrants to set conditions, under which their registration data can, and under which cannot be changed. At the maximum level of protection, “Registry Lock” requires direct “live” interaction between the recorder and the VeriSign representative in order to transfer the registration.
Using domain blocking tools offered by registrars, registrants can significantly reduce the likelihood of changing the domain registration without their knowledge or consent.
So, today on the Internet there is a very tangible threat of domain theft, from which, in other respects, you can defend yourself very easily. With proper vigilance and the use of effective tools and protection techniques, both large and small organizations can significantly reduce the risk of losing your domain name. It is imperative that registrants view all elements of the DNS ecosystem (registrars, DNS providers, registration operators, etc.) as part of the attack surface, and during the implementation of the risk management procedure, treat them with equal caution than other assets of the organization.
Article translated specifically for the corporate blog Host-tracker.com - service monitoring site performance.
Source: https://habr.com/ru/post/218939/
All Articles