What Singapore businesses can learn about domain name hijack
By Connie HonSome of us may have read BBC’s twitter feed early Wednesday morning on our way to work and had a shock. The news report was on yet another malicious attack by a Syrian group, but this was a domain name hijack and the victim was The New York Times. In January 2012, the Russian embassy in Singapore found their website attacked similarly by Syrian hackers.
The News
On 27 August 2013, Syrian Electronic Army (SEA), a group loyal to Syrian President Bashar Al-Assad, successfully hacked into an Australian registrar’s system to alter DNS zone records of the domain addresses NYTimes.com, HuffingtonPost.co.uk and Twitter.com. Insodoing, they managed to alter WHOIS information to reflect themselves as public owners of these domain addresses, changed the nameservers to those of a Syrian Electronic Army server and re-directed genuine website visitors and tweeters to phishing sites of their choice.
The Effects
This malicious attack lasted for over 2 hours but its effects handicapped the organizations for over 20 hours, as their emails, websites, mobile sites and mobile apps firstly could not be used then secondly were not trusted by apprehensive users worldwide. While these attacks have since been resolved and DNS zone records rectified, the damage to these media groups’ reputations and operations had been phenomenal. In the aftermath of the attack, sensitive correspondence were advised to be held back until management and employees in each organization were confident that security levels had returned. This was the second time in August that the New York Times was under attack and one of multiple times in recent months. The New York Times CEO Marc Frons said in a statement that Tuesday’s attack was more sophisticated than previous SEA hacks.
All Businesses To Beware
Earlier this week, Google’s Palestine domain address google.ps suffered a similar hijack attack. Other attacks in recent months happened to famous brands such as Yahoo!, Dell and Microsoft. SMEs (Small and Medium Enterprises) are not let off the hook either. A recent survey by McAfee found that 45% of SMEs had been targeted by attacks in the past year. McAfee’s Asia-Pacific SMB Manager Robbie Upcroft explained, “The sensational headline is SMBs are under attack. If you think about the way cyber criminals are operating, they are going to go where they can make an easy buck. Many SMBs don’t know or appreciate that the threat is real and that it could happen to them. Worryingly, many don’t have policies or procedure in place to combat this growing threat”.
Four Ways to Protect Your Domain Name
What have we learnt? That attacks such as these could happen to any business, not only famous media organizations but organizations with any level of influence. Fortunately, there are a few ways in which you can protect your domain address:
1. Pick a reliable, enterprise-class domain name registrar
Pick a corporate-focused domain registrar that offers additional security protections. CTO of Afilias Registry, Ram Mohan said in an interview in 2012 that “Companies often make a decision to go with the lowest-cost provider or with someone who is offering a special. (The domain name registration fee) may be the cheapest in the market, but the actual cost when your domain is hijacked is far greater.” CEO of Internet Security, Lars Harvey adds “When you are running millions of dollars through your website, you should have another level of security”
2. Ensure that your registrar provides you with the capability to place various locks on your domain
Registrar for domain extensions worldwide - IP Mirror Pte Ltd and Registry for Australian domains - AusRegistry each has a solution to mitigate the risk and exposure to such attacks.
AusRegistry launched a new security measure earlier this year called .auLOCKDOWN, which allows domain name owners to lock their domain name records and prevent unauthorized changes. Only the domain name owners themselves and authorized individuals are permitted to alter domain name records.
IP Mirror’s registrar-lock SafestDomainLockTM likewise provides an additional layer of security by locking domain name records such that the domains are on a “LOCKED” status; their records cannot be modified; the domains themselves cannot be transferred or deleted by a third party unless the domain name owners’ unlock requests are authenticated and verified.
3. Keep up-to-date with security patches
Make sure your web hosting providers are able to apply the latest security patches to your web servers so that hackers cannot exploit known vulnerabilities.
4. Limit the number of authorized personnel
The less number of personnel authorized to access your login account at your domain hosting provider, the more control you have over the security of your domain names’ DNS zone records
A Final Word
Security goes a long way for your business’s peace of mind and prevention really is better than cure. Malicious attacks on domain names may be politically, socially or financially motivated. In this very vast Internet namespace, “spear-phishing” threats may come from any direction at any time and usually from situations beyond your control.
It is hoped that you will take charge of the protection of your domain name today.