Securing Against Domain Hijacking with Strong Access Controls

Hosting registrars for regional Lenovo and Google domains were hijacked last month, prompting a focus on the security of hosting vendors. Domain hijacking is an attack against the Domain Name System (DNS). DNS is a protocol for how computers exchange data on the Internet and private networks. It turns a domain name into an Internet Protocol (IP) address.

Hosting registrars for regional Lenovo and Google domains were hijacked last month, prompting a focus on the security of hosting vendors. Domain hijacking is an attack against the Domain Name System (DNS). DNS is a protocol for how computers exchange data on the Internet and private networks. It turns a domain name into an Internet Protocol (IP) address.

In the Lenovo and Google DNS attacks, the DNS for both were modified to redirect to different websites when their domain name was typed into browsers. Web Commerce Communications, a Malaysian company that registers domain names, was the conduit of the redirects and attack.

In the case of Lenovo, attackers changed registration details to redirect Lenovo visitors to nameservers at CloudFlare, which redirected visitors to several different IP addresses. The hackers (identified as the Lizard Squad) had somehow gained access to Lenovo’s registrant account, which also gave them access to some of Lenovo’s email, as PCWorld.com reported.

Last year, Craigslist was the target of a DNS hijack, redirecting visitors to a site hosted on DigitalGangster(dot)Com, as SecurityWeek.com reported. Craigslist’s CEO acknowledged that a DNS outage occurred as the result of a compromise – the company’s DNS records showed that one of their domain registrars were compromised.

And as SecurityWeek.com reported, these attacks aren’t very technical or sophisticated, nor do they usually affect customer data. Attackers can execute these attacks with phishing or other social engineering methods that give them access to online DNS accounts.

For example, the Syrian Electronic Army (SEA) used DNS hijacking and phishing to attack the New York Times and several Twitter accounts last year. And, in 2013, the SEA compromised the Associated Press (AP) Twitter account and posted a fake tweet that claimed the White House had been bombed, and President Obama was injured. Even though the tweet was deleted, the tweet moved the stock market in seconds – leading to a $136.5 billion dip in the S&P 500 index that day, as Bloomberg Business reported.

How do you prevent criminals from stealing your domain? As an article from Entrepreneuer.com recommended using:

Multi-factor authentication. Do not rely on only one form of authentication. Instead, use a mix of online and offline authentication methods to ensure that no unauthorized person with stolen credentials is able to unlock the domain control for transfer, deletion or name server redirection.

Likewise, a DNS Made Easy, an IP DNS service provider, agrees with using an additional authentication security solution, as reported in ITBusinessNet.com:

Domain and registrar hijacking is a serious concern as hackers can gain unauthorized access into a server and emails as well as have access to sensitive information. We encourage all companies to discuss extra security with their registrars. It should be a company policy to enable a minimum of two-factor authentication for anything as important as DNS and domain registration.

An online method of authentication may refer to logging in with a username and password, in addition to a secondary method of authentication, like a smartphone app that sends push notifications to your phone, requiring the use of a smartphone to approve any authentication requests.

Using a solid two-factor solution may safeguard your organization against future domain hijacking attacks. Learn more about different solutions and find one that fits your company in our Two-Factor Evaluation Guide.