Cyber Crimes and Steps to Help Avoid Them: Domain Name Hijacking

     Posted by: Craig Carpenter, Fred FultonOne hacking trend that is often under the radar, but which can be devastating on businesses, is domain name hijacking. In today’s online world, a company’s domain name can be one of its most valuable assets. Catchy domain names are often valued in the millions of dollars, and e-commerce websites can be a company’s primary or sole revenue generator. And when a company loses control of that asset, recovering it can be very expensive and difficult (if not impossible).When a hacker takes control of a domain name, the hacker can use the stolen domain name to wreak havoc on the company by:Vandalizing the website with disparaging content or materials;Using the website for other hacking activity such as phishing or distributing malware or spam;Diverting income from the website to the hacker; andShutting down the company’s ecommerce operations.Domain name hijacking occurs when an unscrupulous person exploits a vulnerability to steal a company’s domain name. The unauthorized access can relate to a vulnerability in the domain name registrar’s system, a password hack of the administrative email associated with the account, social engineering, keyloggers, or a disgruntled employee with access to the administrative email. Once the hacker has access to the administrative email account and/or the registrar account through one of these means, he or she can take control of the domain name and lock out the true owner. Once a domain name has been hijacked, it can be difficult for the true owner to recover access to it. With enough documentation, the owner may be able to recover access from the registrar, but this may be ineffective if the domain name has been transferred to another registrar and/or another country (frequently China), or if the registrar just declines to help. If the registrar cannot or will not help, companies may try to recover a stolen domain name through legal action, either in the form of a Uniform Domain Name Dispute Resolution Policy through ICANN or a lawsuit based on theft. These actions have a better chance of succeeding when the stolen domain name includes the owner’s registered trademark or service mark.Fortunately, there are steps companies can take on the front end to help prevent this type of cyber crime. No single step is likely to be 100% effective at preventing domain name hijacking, but in combination they can improve a company’s security posture and greatly reduce the effort and expense needed to recover the name. The steps include:    1. Careful RegistrationIn the domain name world, the “WHOIS” field in the domain name registrar’s database is analogous to the title to the domain name, so it’s critical that the correct information be entered there. When registering your domain name with a registrar, be sure to follow these tips:Enter correct and valid information in the WHOIS (registrant), administrative, technical, and billing contact fields.The entity listed as the registrant in the WHOIS field is the entity that will have the legal right to transfer the domain name, acting through any individual who has been designated as an administrative contact with respect to it, so make sure all of those individuals are trustworthy employees.After the initial registration has been completed, continue to update all of the administrative, technical and billing contact information in your domain name customer account    2. Limit Access to Administrative Contact Email AddressEach employee who has access to, and thus the ability to send email to the domain name registrar from, the administrative contact email address associated with your domain name will have the ability to effect the transfer of the domain name to another registrar or owner, or to make other changes to the domain name customer account.  Accordingly, it is extremely important to limit access to the administrative contact email address to trustworthy employees. Do not give your domain name customer account login, password, username, user ID, credit card number, or shopper PIN information to anyone, including your webmaster. Do not allow the administrative contact email address to expire, as this could make it possible for an unauthorized third party to sign up for that email address. That would provide access to your domain name customer account and thus the ability to transfer the domain name or make other changes to the domain name customer account.    3. Agreements with EmployeesThe entity in whose name your domain name is registered, and so owns it, should enter into written agreements with all employees who have access to the administrative contact email address wherein they acknowledge and agree that the domain name is (i) owned exclusively by their employer, and (ii) cannot be transferred, nor can any change be made in the related domain name customer account, without prior authorization from specified senior officers of their employer.    4. Monitoring and DocumentationRegularly log in to your domain name customer account to confirm that the registrant and the related administrative, technical and billing contacts are listed correctly, reflecting all changes that have been made with proper authorization and no others.Keep records of your account information to help show that you have a prior claim to the rights to the domain name. Records could include registration records, billing records, web logs, correspondence from the registrar, and third-party directory information.    5. Lock Your Domain NameLock your domain name from within your domain name customer account. Your registrar may provide an option to purchase additional features to help prevent your domain name from being transferred, or changes being made to your domain name customer account, without proper authorization.    6. Use Secure EmailKeeping secure the email through which you administer the registration of your domain name is important to preventing unauthorized changes to the registration. Consider the following precautions:Use a secure email address. Free email accounts can be easy targets for those seeking unauthorized access to your domain name customer account.Create passwords to limit access to the administrative contact email address associated with your domain name, using a complex series of letters, numbers and symbols.Use two-factor authentication when its available.    7. Antivirus and AntispywareTo prevent keylogging software from capturing your account logins, usernames, user IDs and passwords and forwarding the information to unauthorized persons, install antivirus and antispyware software and update it periodically.    8. Register your Domain Name as a TrademarkIf, despite your best efforts, your domain name is stolen, you may have to seek legal recourse to recover it if other means fail. However, if the stolen domain name comprises a trademark or service mark that is registered in the name of your company (i.e., with the U.S. Patent and Trademark Office), you will likely have more options for recovering it and preventing further unauthorized use of it, which can make the process easier, faster, and less expensive.