Asia's Source for Enterprise Network Knowledge

Tuesday, September 23rd, 2014

LAN technology and management

4 ways to prevent domain name hijacking

On the night of Monday, January 23, the hacktivist group UGNazi hijacked Coach.com, the Internet domain name of luxury goods manufacturer Coach. For several hours, fashionistas who wanted to ogle Coach's new Willis handbag on Coach.com or get a deal on its Penelope shoulder bag at Coachfactory.com were redirected to UGNazi's cryptic website. Imagine the confusion—and frustration—the redirect must have caused in their coiffed little heads—not to mention the wear and tear on their manicured nails as they typed and retyped coach.com and coachfactory.com into their browser windows.


 
Coach was lucky that its hackers' motives were political rather than financial. UGNazi targeted Coach because the company, whose exclusive products are heavily counterfeited, supports the controversial Stop Online Piracy Act (SOPA). If UGNazi wanted to do more harm to Coach and its customers, it might have taken control of incoming email to Coach.com or redirected customers to a phishing website. UGNazi stated on its website, "We don't steal users' data, only here to make them aware [of the dangers SOPA, PIPA and ACTA pose to the Internet]."


 
A spokeswoman for Coach told CIO.com that the domain (or DNS) hijacking had a "de minimus impact on our business."


 
Other companies that have had their domains hijacked haven't been so lucky. In 2008, for example, when hackers hijacked CheckFree.com, they redirected traffic to a website in the Ukraine that downloaded malware on CheckFree customers' computers. (The malware was designed to steal usernames and passwords.) CheckFree customers weren't the only individuals vulnerable to the attack. Also susceptible were customers of small banks that had partnered with CheckFree to provide online bill payment services, since their sites directed to the checkfree.com domain, says Lars Harvey, CEO of Internet Identity, a security company based in Tacoma, Wash.


 
Domain hijacking is also serious because it puts sensitive corporate information at risk. It compromises all of the normal ways by which confidential information is shared by giving the hacker access to all of the company's incoming email, says Ram Mohan, CTO of domain registrar Afilias.


 
Mohan says he knows of a company that had its domain hijacked for nearly five months without even knowing it. The company didn't realize its domain had been taken over because the hackers were so subtle: Instead of redirecting visitors to another website, they sent users to the intended domain, but they "listened" to all the traffic, he says. During that time, all of the company's website traffic and emails were routed through a set of servers that the hackers had set up.

"It was a major compromise," says Mohan, who is also a member of ICANN's board of directors and co-authored an article on domain hijacking for the organization in 2005. "That's one of the worst cases because it's disguised and hidden and nobody knows unless you notice where the address is going."