What Is Domain Name Hijacking?

One of the hacking trends that continue to fly under the radar despite its capacity to devastate a business enterprise is domain name hijacking. Modern business, that has an increasingly large number of transactions conducted online, has seen a company’s domain name become one of its most valuable assets. The value of a catchy domain name can easily run into the millions of dollars, with large e-commerce websites often being the sole or primary generator of revenue for an enterprise. When a company loses their control over this vital asset, recovering it could prove extremely difficult and expensive (in some cases, impossible).

One of the hacking trends that continue to fly under the radar despite its capacity to devastate a business enterprise is domain name hijacking. Modern business, that has an increasingly large number of transactions conducted online, has seen a company’s domain name become one of its most valuable assets. The value of a catchy domain name can easily run into the millions of dollars, with large e-commerce websites often being the sole or primary generator of revenue for an enterprise. When a company loses their control over this vital asset, recovering it could prove extremely difficult and expensive (in some cases, impossible).

Why Hackers Hijack Domain Names

When a hacker takes over control of a stolen domain name, they can use the hijacked domain name to wreak havoc in one of the following ways:

  • Vandalizing a company’s website by posting disparaging content;
  • Using a company’s website to carry out other hacking activity like distribution of spam or malware;
  • Diverting the income generated from the website to themselves;
  • Shutting down or compromising e-commerce operations

How Hijacking Works

Domain name hijacking takes place when an unscrupulous individual or malicious organization takes advantage of the vulnerability to take unauthorized control of a company’s domain name. Such unauthorized access can be the result of hacking the password of the administrative account, an unpatched vulnerability in the domain registrar’s system, keylogging, and disgruntled employees with access to the admin email or social engineering. Once the hacker gains control of the registrar account or administrative email through one of these methods, the hacker can lock out the owner since they have full and unrestricted administrative access to the domain name.

Get in touch

Recovery of a Hijacked Domain Name

 

Once a hacker has hijacked a domain name, it can prove difficult for the real owner to take back control. If the owner has sufficient documentation, they might be able to work with their registrar to recover access. However, this may prove to be ineffective if the hacker has already transferred the domain name to a different registrar or another country – often China – or if the registrar simply refuses to help. In cases where a domain registrar is unwilling or unable to help, some companies try to recover their stolen domain names by legal action. Either through a lawsuit against the hacker based on theft or by filing a dispute based on the Uniform Domain Name Dispute Resolution Policy via the Internet Corporation for Assigned Names and Numbers (ICANN). These actions have a higher chance of success if the hijacked domain uses the service mark or registered trade mark of the true owner.

How to Prevent Domain Hijacking

Luckily, there are preventive steps that companies can take to avoid falling victim to this form of cyber crime. While no single step can provide 100 percent protection against domain name hijacking when used in combination, they complement each other to not only include the security posture of the company, but they also reduce the expense and effort required to recover the domain name if it is hijacked. Some of these essential security measures are:

– Careful registration of the domain name: The domain owner should ensure that they enter full and valid information when filling out WHOIS (registrant data), technical, billing and administrative fields;

– Limit employee access to the domain’s administrative email address;

– Ensuring that all company employees who are given access to the administrative email address enter into legally binding written agreements;

– Regularly logging in to the domain name administrative portal or customer account to verify that all technical, billing, registrant and administrative contacts are correct.

Conclusion

In general, all domain name owners should ensure that the administrative email address of their domain is highly secure and keep the domain name locked from within the administrative portal to prevent unauthorized changes. These simple steps will make it harder for hijackers to take over the domain name and save the owner a lot of grief later if recovery is needed.

Get in touch