Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

GreatDomains gets spoofed

From: William Knowles <wk () C4I ORG>
Date: Sun, 18 Jun 2000 12:23:05 -0500
http://www.upside.com/News/3949151c0.html

June 15, 2000
by Ben Charny

Online domain name hijackers nabbed perhaps one of their biggest
prizes this week, when they were able to take control of
GreatDomains.com, the domain name clearinghouse.

The hijacking, known in darker circles of the Internet as "spoofing,"
is the seventh such incident in the past two weeks on a Network
Solutions-hosted site and the 12th since January.

It has prompted a warning to Network Solutions' (NSOL) million
customers about pumping up security.

The FBI is investigating the attacks, but a spokesman said it could
not comment. The spoofers may be exploiting a flaw in the system that
links nonprofit Internet Corporation For Assigned Names and Numbers,
which maintains the Web's domain name database, and some of the 80
private companies with access.

Accessed through database

The latest attack took place sometime on Tuesday, according to
sources, when GreatDomains' customers noticed the site wasn't working.

Apparently, the hijackers were able to access GreatDomains'
administrative contact information from Network Solution's database,
then changed and redirected traffic to another registrar.

Network Solutions spokesman Brian O'Shaughnessy said the hijacking of
GreatDomains.com was corrected within minutes of being noticed. He
said it was more of a nuisance "like graffiti."

He said the same person or persons able who hijacked the domain names
of other high-profile sites might have conducted the latest spoofing.

Calls to GreatDomains were not returned.

Tech news site Internet.com was also struck in the last two weeks. Its
CEO, Alan Meckler, said his own engineers were able to catch the
spoofing before traffic could get redirected.

He said his site didn't suffer any problems.

Not too bad, but ...

"The damage could have been huge. What if your traffic gets directed
to, let's say, a porn site? What would your advertisers think?"
Meckler said.

Other sites that were spoofed include Sex.Net and Bali.com. Web.net,
which has 3,500 customers and supports about 700 websites, lost
control of its sites for a few days.

Network Solutions is now reminding its nearly one million users of a
series of online security measures available to them, including
encrypted passwords, O'Shaughnessy said.

"Overall, the efficiency of the system can't be questioned," he said.
"Unfortunately, there are instances, which do occur. Fortunately, they
occur very infrequently."

"We do have a security system now. Some people choose not to use it,
however. We're conducting a campaign to raise people's awareness."


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: