EBRAND ServicesEBRAND Services

Domain Name ManagementBasic terms of the New gTLDsMarketing

Send Print

Domain name attack cases

No one who has an internet presence is exempt 

DN attackers apply a variety of methods to hijack and maliciously use domain name account information (“Measures to Protect Domain Registration Services Against Exploitation or Misuse,” SSAC Report [English] ; [French]).

ICANN was victimized by a group of hackers accessing ICANN’s domain registration account at Register.com. ICANN described the attack as “sophisticated, combining both social and technological techniques.” The attackers altered the DNS configurations of several domains (icann.net iana-servers.com, icann.com, and iana.com). Visitor traffic was rerouted to a defacement web site.

CheckFree (now FIServ), the leading global provider of information management and electronic commerce systems for the financial services industry, suffered a DN attack. The attacker gained control of CheckFree’s domain registration account and modified the DNS configuration of several domains, including checkfree.com and mycheckfree.com. Customers logging onto their accounts to make online bill payments were “redirected to an impersonation web server in the Ukraine that attempted to install a malicious code that contained an Adobe Reader exploit.”

“Registrars have been and will continue to be targets for attackers. Just as customers of financial institutions may be victimized by attacks against an online banking portal, so may domain name registrants be victimized by attacks against registrar domain administration pages.”

No one who has an internet presence is exempt. This includes celebrities, writers, and politicians. Immediately after the State of the Union Address by U.S. President Barack Obama (January 2010), the official websites of the members of Congress were attacked and defaced with anti-Obama messages. The creator of Bridget Jones, British author Helen Fielding, the fashion house Chanel and the Reuters news company all won cyber squatting cases recently (Reuters News, March 15, 2009). Chanel won against an entity using the DN chanelfashion.com and chanelstore.com in bad faith.

A cyber squatter case can be won if an entity has registered a domain name that contains a company’s brand name or a variation on the brand name and uses that domain name in “bad faith.” Complaints are filed under the Uniform Domain Name Dispute Resolution Policy (UDRP), a quick and cost-effective dispute resolution procedure administered by the WIPO Arbitration and Mediation Center.

According to WIPO, the top five sectors filing cases in 2009 were biotechnology and pharmaceuticals, banking and finance, internet and IT, retail, and food, beverages and restaurants.

Next : Vulnerabilities check list