[PDF, 274 KB]
Attacks against domain name registration accounts and malicious reconfiguration of Domain Name System (DNS) records are damaging security events. Activities resulting from unauthorized modification of contact information associated with a domain name registration, including malicious alteration of DNS configuration information for the purpose of using the DNS to direct traffic to a destination other than the intended host, even temporarily, can severely disrupt business operations and can cause financial and reputational harm. Incidents occurring over the past year demonstrate that the DNS and domain registration account access continue to be an attractive target of attackers.
In this report, we call attention to certain high profile incidents involving attacks against domain name registration. The report examines the incidents in sufficient detail to identify how accounts were compromised, the actions attackers performed once they had gained control of the account, and the consequences. The report identifies practices registrars can share with customers so registrar and customer can jointly protect domain registrations against exploitation or misuse, and discusses methods of raising security awareness among registrants of the risks relating to even a temporary loss of control over domain names and associated DNS configurations. This report seeks to encourage additional registrars and resellers to consider whether opportunities exist to provide stronger levels of protection from attacks against domain registration accounts. In particular, the report seeks to encourage registrars to consider emphasize registration security measures as a way to differentiate their service in a highly competitive market.
Based on our analyses of recent incidents, the related study, and our Findings, SSAC makes the following recommendations:
Recommendation (1) Registrars are encouraged to offer stronger levels of protection against domain name registration service exploitation or misuse for customers who want or need them. Measures enumerated in this report can be offered as optional services to customers, individually or bundled.
Recommendation (2) Registrars should expand existing FAQs and education programs to include security awareness. Registrars should make information concerning the measures they take to protect domain registration accounts more accessible to customers so that they can make informed decisions regarding protective measures when they choose a registrar.
Recommendation (3) Registrars should consider the value of voluntarily having an independent security audit performed on their operations as a component of their security due diligence.
Recommendation (4) ICANN and registrars should study whether registration services would generally improve and registrants would benefit from having an approved independent third party that will, at the request of a registrar, perform a security audit based on a prescribed set of security measures. ICANN would distinguish registrars that voluntarily satisfy the benchmarks of this security audit through a trusted security mark program that is implemented in a manner similar to the way that SSL certificate issuing authorities provide trust marks or seals for web site operators who satisfy that authority’s security criteria.