Domain hijacking - be prepared

The International Corporation for Assigned Names and Numbers (ICANN) recently published a report on "domain hijacking" and its consequences. It should be essential reading for all .aero domain owners.

The report, "Domain Name Hijacking: Incidents, Threats, Risks, and Remedial Actions", provides a succinct summary of the definition and risks of domain hijacking:

"Domain hijacking refers to the wrongful taking control of a domain name from the rightful name holder. The common use of the term encompasses a number of attacks and incidents including:

  • impersonation of a domain name registrant in correspondence with a domain name registrar
  • forgery of a registrant's account information maintained by a registrar
  • forgery of a transfer authorization communication from a registrant to a registrar
  • impersonation or a fraudulent act that leads to the unauthorized transfer of a domain from a rightful name holder to another party, and
  • unauthorized DNS configuration changes that disrupt or damage services operated under a domain name, including website defacement, mail service disruption, pharming and phishing attacks.

The report continues: "Domain hijackers have a number of motives and objectives, primarily malice and monetary gain. Modification of a registrant's information and unauthorized transfer of a domain registration can cause the registrant to lose its online identity with little recourse, or it may expose the registrant to extortion by name speculators. In several documented cases, domain hijacking caused disruption or malicious use of a registrant's Internet services. By modifying the registrant's DNS information following a successful hijacking, hijackers can have material impact on the business and operations of a registrant, including but not limited to denial and theft of electronic mail services, unauthorized disclosure of information through phishing websites and traffic inspection (eavesdropping), and damage to the registrant's reputation and brand through website defacement."

Lower risks for .aero

The report gives real time examples and recommendations for safety measures that can be implemented by resellers, registries, registrars and registrants, as well as ICANN itself. As sponsors of the .aero domain, SITA has taken careful note of the recommendations. Many of them have already been implemented since .aero launched its operation. It seems that, as a result, the risk of domain hijacking with .aero domains is significantly smaller. However, we recommend that all .aero domain owners read the report and implement changes as appropriate.

A dedicated section of FAQs has been published on our web site, read more. The full text of the ICANN Report can be downloaded from www.icann.org/announcements/hijacking-report-12jul05.pdf.