Why You Need To Add ?Protect Domain Name? To The Security Checklist
August 24, 2005
Domain name hijacking broadly refers to acts where a registered domain name is misused or stolen from the rightful name holder. A domain hijacking is a security risk many organizations overlook when they develop security policy and business continuity plans. While name holders can take measures to protect their domain names against theft and loss, many measures are not generally known.
How Serious Is Domain Hijacking?
The answer is best illustrated with examples. In one hijacking scenario, you begin the day as an e-merchant doing business online at 'www.onlineseller.example.com.' At 2:15 p.m. that afternoon, your visitor traffic and merchant transactions disappear. You investigate and discover someone’s impersonated your company’s administrative contact, transferred your domain name to a different registrar, and modified the DNS. Visitors to your domain name land at a hoax Web site that impersonates your virtual store. Improbable? It happened to Hushmail in April of this year.
In another scenario, the email service you provide to thousands of users suddenly stops. You discover someone’s transferred your domain name to another registrar without your notice or consent. Your DNS configuration has been modified, and your user’s email is being delivered to someone else’s mail server. Hours later, your registration is restored, but only after an exhausting and frustrating incident response effort. Preposterous? It happened to PANIX back in January, 2005. Internet Corporation for Assigned Names and Numbers (ICANN) CEO Paul Twomey says that while “a domain hijacking is not as obvious a threat as spam and spyware, it can be just as disruptive to the business and operations of name holders; in extreme cases, a domain hijacking can have a lasting impact on an organization."
It may seem implausible that the consequences could be so severe, but domain name holders attribute value to their domain names, both tangible and intangible.
Tangible value increases when consumers associate brand with a domain name (in a positive way). Intangible value increases in proportion to the reputation of a domain name: the domain name of a respected security consulting company is worth more than any financial compensation the company is likely to recover through legal means. Speculative value--the ability to “acquire” a desirable domain name and resell it--creates additional incentives for would-be hijackers, who are motivated by financial gain as well as notoriety.