Domain Name Hijacking has been an issue for almost as long as domain names have been around. In 1995 sex.com was stolen from it’s registrant in a very high profile case. It was still happening in 2001. In 2003. 2008 was a rough year from Godaddy – they were hit hard twice, in February and again in November and December.
The December incident, arguably one of the most troubling domain thefts in history made us realize how lacking domain registrars have been in dealing with account security.
But a domain name doesn’t have to be stolen to be problematic. USA Today addressed cyber criminal attacks being on the rise today and highlights the recent CheckFree.com fiasco:
In another recent attack, someone acquired the user name and password for a system administrator at CheckFree.com, the nation’s largest e-bill payment system. Using those log-in credentials, an intruder gained access to CheckFree’s domain name service account ’97 an account that permits the administrator to redirect traffic trying to access CheckFree’s home page to other legitimate company pages.
For several hours, the intruder redirected anyone typing www.mycheckfree.com to a Web server in the Ukraine that tried to install a password-stealing Trojan. Although as many as 160,000 customers may have been affected, none had any of his or her data stolen, says Lori Stafford-Thomas, a spokeswoman for Fiserv, the parent company of CheckFree. “CheckFree sites are all up and running properly and securely,” she says.
But the attempt was a sign of things to come, says Amit Klein, CTO of security firm Trusteer.
“The moral of this attack is that it’s so easy to take over your (website),” Klein says. “I just need to get ahold of your user name and password once. And we all know how easy it is to get your credentials.”
Name.com has long offered some of the industries best tools to keep entire accounts safe with login tracking/emails, history and IP restrictions. We’ve demonstrated once again why registrants trust us with their valuable digital assets by partnering with Verisign to offer their VIP (Verisign Identity Protection) service branded under NameSafe.
The NameSafe service offers a two factor authentication – combining something you know (your username and password) with something only you have access to (your one time randomly generate password) to create a more secure registrar experience. Currently both keyfob and credit card form factors are available for a nominal fee, and soon mobile phone options will be available for even greater convenience.