RealTime IT News

Domain Hijacking Raises Security Issue

In spite of a recent May 5th U.S. district court decision which declared that domain names are not property, and hence, can't be "stolen," domain thieves last weekend successfully hijacked two web site/domains from their rightful owners.

The theft highlights the security issues surrounding domain names, particularly the authorization schemes that are in place to protect domain owners.

What happened is this: An individual contacted Network Solutions Inc. May 29 and told NetSol to change the contact name and the DNS/IP address (this is the "address" to which the domains are directed) of web.net and bali.com. Web Networks contends that Network Solutions made the changes without receiving their authorization, either electronically or by phone, and consequently pushed the changes through. Network Solutions counters that claim by stating that Web Networks' domain, web.net, had the lowest level of security known as "MAIL-FROM."

The MAIL-FROM authentification allows changes to be made if the changes are requested through an email from one of the contacts for the domain, listed in the whois record. Network Solutions FAQ has the following information about the MAIL-FROM level of authentification:

Guardian was created to help protect your domain name registration, contact record and host record from unauthorized changes. If we receive a Service Agreement, Contact Form or Host Form from a source other than the administrative or the technical contact/agent, we will seek confirmation of the change from both of these contacts. We will notify the administrative and technical contacts that a request to make a change has been received. It is then the responsibility of one of these contacts to acknowledge that the request is valid by replying "ACK" or "YES" to the notification. If we do not receive any acknowledgement, or if we are notified that the request is not valid, we will not make the change. The administrative or technical contact should reply "NAK" or "NO" to the notification if he does not want the change to be processed.
Web Networks contends that the e-mail requesting the changes to their domain did not originate from them, and that they did not provide the required authorization to make the changes.

Network Solutions told InternetNews.com that the e-mail requesting the changes was "spoofed" by the thief, making it appear to have originated from Web Networks, and that they were acting in good faith.

On Tuesday evening, a representative from Network Solutions confirmed to Web Networks that all of the changes to the DNS names would be changed back to the web.net settings, but as of Wednesday the 31st, the domain had not been restored.

NSI Vice President of Corporate Communications Chris Clough Friday confirmed the company made the domain transfer and later learned it was fraudulent. Clough indicated that they had contacted TUCOWS, the original registrar for the domain, about the request Tuesday, and after realizing the fraudulent nature of the change request, have continued to work with TUCOWS to find the "best method of handling the return to Web Networks."

Web Networks also spoke with Network Solutions staff, who suggested that the thief had changed the domain record to name himself as technical contact, making it "impossible" for Web Networks to correct these changes, even with the required legal documentation. Network Solutions suggested that the procedure could take some time, and that they would speak to their Investigations Unit immediately to resolve the issue.

Network Solutions told InternetNews.co