As a key risk to the service and security of your website, domain hijacking - a.k.a. “domain name hijacking” and “domain theft” is not a new problem. However, it is one that we’re seeing pop up in the news increasingly, and that few registrars seem to be proactively addressing.
At Instatus, our mission is to help you monitor your domain’s service and give you a trustworthy means of communication if you do have issues: but let’s hope it doesn’t come to that. With that said, keep reading to learn all about domain name theft and how to protect yourself from domain hijacking.
Domain name hijacking is when a hacker gains control of their target’s complete DNS (Domain Name System, or web address) information without the legitimate owner’s consent. The hijacker can then use the domain for any purpose they want, including blocking the owner’s access to it and making unauthorized changes to their advantage.
While it is technically theft, the legal status of domain hijacking isn’t clear. Currently, there are no specific laws, whether national or international, that criminalize domain name hijacking. One reason for this is that it can be challenging to prosecute when the hijacker transfers the domain to a registrar in another country.
With that said, some US courts have been able to charge cases of domain theft. What’s more, certain acts related to domain hijacking, like phishing, are criminal offences in multiple countries.
Reverse domain hijacking, also known as “reverse cybersquatting” or RDNH, is not the same as domain theft. Instead, it’s a legal solution to domain squatting, or cybersquatting, i.e. when an individual holds registered domain names containing famous third-party trademarks with the intent of profiting by selling the domain names back to said trademark owners.
So, RDNH is when a trademark owner attempts to secure their domain name by making cybersquatting claims against the owner of a site to intimidate them into transferring ownership to them and avoid legal action.
Domain hijacking is really quite simple. The easiest and most common way for domains to be hijacked is for the attacker to get access to the domain via social engineering or hacking into the administrator’s email account. They then change the DNS administrator’s handle information and take over the domain.
The only information a domain hijacker needs is the administrative contact email address of the DNS, and that data is often already public record via the WHOIS database.
Domains get hijacked for different reasons. Often, the attack is driven by money. Particularly in the case of valuable domains, the hijacker will hold the DNS ransom and blackmail the legitimate owner or hijack it for resale.
Some hijackers steal domain names purely for the challenge of hacking them; others have malicious intent, for example in the case of an unhappy employee. Domain hijacking attacks can also be a form of “hacktivism”, i.e. hacking for politically or socially motivated purposes.
What hackers do after domain hijacking varies. Common and notable cases of domain hijacking include:
Communication disruption: this domain hijacking example is one that people see regularly without even realising. After accessing the DNS, attackers disable and interfere with communication channels like web and email.
Often, this results in the hijacker sending fake emails and messages. We’ve all received malicious spam before, and sometimes this comes from domains we think we can trust. For example: when the FBI domain was hijacked and spam sent to some 100,000 people.
Another risk is that the hacker can get access to sensitive, personal and confidential information in emails. This type of domain hijacking highlights the importance of having a tool like Instatus to maintain a secure channel of communication with your users even in the worst-case scenario.
Domain name transfer and pharming: this is when the attacker redirects traffic from your domain to another website or takes control of your site to post offensive content. This can result in loss of revenue, particularly for e-commerce sites, and reputational damage. For example, the UK Department for Transport website is thought to have been hijacked recently and a subdomain transferred to a porn site.
Domain takeover: as mentioned above, some domain hijackings are driven by financial reasons, i.e. when attackers take control of valuable domains to sell or to hold them for ransom.
Phishing, or online identity theft: this is when a hijacker attacks a domain to steal valuable user data like passwords, credit card details and social security numbers. Hackers send legitimate-seeming emails and messages from the domains they have stolen to customers asking for personal and financial information. Again, this domain hijacking case is so common, we receive messages like this every week. That’s why you always see disclaimers on online banking and other sites reminding customers that “we will never ask for your password”, and so on.
Thankfully, there are steps you can take to safeguard your DNS and prevent domain hijacking:
Sometimes, unfortunately, you can’t prevent domain hijacking in time. If worst comes to worst and your site comes under attack, the following steps should hopefully help you get back your hijacked domain:
Domain hijacking is an important online security issue that can have serious consequences on your business, both in terms of finances and reputation. By following the preventative steps in this guide, you’ll give your domain the best chance of protection from hijacking.
Create a status page with Instatus, and you can also be sure of protecting the hard-earned trust you’ve built with your users by communicating any issues and downtime with them. Sign up now to try it for free!
Get a beautiful status page that's free forever.
With unlimited team members & subscribers!