Domain and Security

by Donald Carter  (donny.carter76@gmail.com)

When it comes to the security of domains, most people think only of their website or website hosting, and not the actual domain itself.  I should know.  I work for a domain registrar.  I will not name any companies because I do not know how all of them handle the security policies of the domains they register.

I know my company has a pretty solid security policy in place and we enforce it very well, even on the phone with customers.  (I have upset some customers because they put a fake company name in their profile.)  The policy basically states that we have to go by any corporation that is put into either the record of the account owner or domain owner, depending on what is going to be done.

So, let's say that you forgot your password and don't have the email on file anymore.  Then the company would go by account information.  Or, if you want to gain control of your domain because it's a former employee who registered the domain and has the company name in the organization, we go by the domain owner information.

With that said, during a team meeting we were told about a major competitor and a major mistake one of their former employees made.  It started out as a person who purchased a domain for personal use, then purchased some other domains for family.  Then the person went into business with a partner.

Well, the partnership ended, and the partner called up the domain registrar to get a hold of the domain.  After some verification, the agent who helped the partner gave the whole account with all of the domains to the partner.  When the partner figured this out, he back, minus the domain he wanted to keep.  Well, the agent ignored the partner, so it went to court, the agent lost his job, and the company had a big fine, plus they had to figure out how to make their security better for their customers.

After hearing about that, it makes me think about all of the people I talk to on the phone who don't think about the security of their domain as much compared to their website.  I get a lot of callers saying, "My website is down" when the real problem is that their domain is expired.  Then, once the domain is renewed, I used to say things along the lines of, "The name servers need to be updated," and get the all too familiar response of, "What are those?"  So basically, the customers have a new problem of still not having a website because they didn't keep a good record of the name servers to use.

The best way to sum it up is that not a lot of people really think of domain security.  All a hacker needs to do is get a hold of an account of some big name company, say like State Farm or Amazon.

Once they get a hold of the account, they could change all the domain ownership information, and change the name servers in the account to point somewhere malicious.  The registrars could easily change the name servers, but the real issue there would be that the account and domain information had been altered.

With the information altered, then who is the real owner of the domains?  The way to regain control of a domain then is a matter of doing a domain dispute through ICANN if the record doesn't show what information was changed or if the information has been changed so many times that it's too hard to trace back.

Return to $2600 Index