Domain hijacking: What businesses need to look out for

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.fourthsource.com/general/domain-hijacking-businesses-need-look-20041

Online retail sales alone in the UK are set to reach £52.25bn by the end of
the year, and although the rise in online businesses is great news for the
UK economy, it also means we’re experiencing a rise in cyber crime as
hackers get increasingly savvy.

Whether it’s a competitor wanting to harm a company, an ex-employee holding
a grudge, or even a hacker pointing a website elsewhere to make money or
even bribe someone, there are many reasons why a website might be
compromised.

One of the biggest issues brands are currently facing is domain hijacking.
Unfortunately, it can happen to anyone; Microsoft and Google are two big
names that have been caught out, so it’s about time everyone got clued up
on how to protect themselves.

How your domain can be taken over

As you already know, when a domain name is registered, the owner (normally
the business owner) has full control of it through the domain’s control
panel. From the stage of registration, the domain name is pointed to the
part of the web where the website’s data is hosted – its content, web
pages, and scripts, for example.

For a domain to be hijacked, a hacker needs to get hold of the domain
registrar name and the administrative email address associated with it.
This can be easily found through the WHOIS data of the domain, if the
domain isn’t registered privately (which they more than often aren’t). The
email address is then hacked, and control of the account can be taken by
resetting the login details. After this the domain can be pointed to
different web servers, redirecting traffic to wherever the hacker pleases.

How can this affect a business?

In a matter of minutes a business can lose its website, potentially its
reputation, and a whole lot of revenue. Not just this, but for digital
marketers, tactics like PPC campaigns can be sabotaged too, meaning a
business could be paying for clicks through to a website domain that they
no longer own or benefit from.

When a hijack happens, the hacker can redirect traffic wherever they
please. Usually this will be away from your website and to one that looks
identical to fool your customers, or to a different website completely.
Whether the aim is to tarnish your reputation, trick your customers, or
make money from your business, the repercussions could be serious.

So your website has been hijacked, what now?

There is one organisation in the domain name world in particular that you
should familiarise yourself with if you haven’t already. Not just in case
you fall into trouble with hackers, but for any issues you might run into
that affect your domain. Although your registrar will be clued up, for your
own piece of mind it’s worth getting to know some of the processes yourself.

The entire domain name system (DNS) was designed to make the internet
accessible to human beings, giving websites names like 34SP.com for
example, as opposed to a sequence of numbers that can be a struggle to
remember. This means that IP addresses can be changed successfully within
24 hours. So if you are aware of the organisations that can help you with
this if you ever need it – you will know who to turn to.

ICANN (internet corporation for assigned names and number) is one of the
most important. The not-for-profit corporation is dedicated to keeping the
internet secure; and they have put processes in place for registrars to
help them deal with issues like hijackings.

The need to be vigilant

It isn’t surprising that businesses feel concerned about their website and
domain’s safety, with news stories Search Results | CRA-DIcropping up all
the time about brands that have come under threat. However, although there
are laws in place that can return their domain if it’s ever hijacked, it’s
important not to be lazy, and be vigilant in your attempts to protect it.
Your domain could be everything to your business, so it’s really important
you take steps to look after it.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!