Domain hijacking
Encyclopedia
Domain hijacking or domain theft is the act of changing the registration of a domain name
without the permission of its original registrant.
This can be financially devastating to the original domain name holder, who may have derived commercial income from a website hosted at the domain or conducted business through that domain's e-mail accounts. Additionally, the hijacker can use the domain name to facilitate illegal activity such as phishing
, where a website is replaced by an identical website that records private information such as log-in passwords.
is a related practice of a bad actor registering a domain name
whose registration has lapsed. Although domain registrars often make multiple attempts to notify a registrant of a domain name's impending expiration, these may fail due to out of date contact information or confusion by unsophisticated domain holders. Registrar
s and ISP's now normally have measures such as a Redemption Grace Period to provides some protection, but unless the original registrant holds a trademark or other legal entitlement to the name, they are often left without any form of recourse in getting the domain name back.
.
The most common tactic used by a domain hijacker is to use acquired personal information about the actual domain owner to impersonate them and persuade the domain registrar
to modify the registration information and/or transfer the domain to another registrar, a form of identity theft
. Once this has been done, the hijacker has full control of the domain and can use it or sell it to a third party.
Responses to discovered hijackings vary; sometimes the registration information can be returned to its original state by the current registrar, but this may be more difficult if the domain name was transferred to another registrar, particularly if that registrar resides in another country. In some cases the original domain owner is not able to regain control over the domain.
The legal status of domain hijacking remains unclear. It is analogous with theft, in that the original owner is deprived of the benefits of the domain, but theft
traditionally regards concrete goods such as jewelry and electronics, whereas domain name ownership is stored only in the digital state of the domain name registry, a network of computers. There are no specific laws regarding domain hijacking, nor any law that specifically holds the domain name registrar responsible for allowing the registrant information to be modified without the permission of the original registrant. In some cases there may be recourse under trademark
law, but not all domain names are (or can be) registered as trademarks.
is used for many TLD
registries, and uses an authorization code issued exclusively to the domain registrant as a security measure to prevent unauthorized transfers.
Domain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
without the permission of its original registrant.
This can be financially devastating to the original domain name holder, who may have derived commercial income from a website hosted at the domain or conducted business through that domain's e-mail accounts. Additionally, the hijacker can use the domain name to facilitate illegal activity such as phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
, where a website is replaced by an identical website that records private information such as log-in passwords.
Exploiting expiration
While not technically domain hijacking, domain snipingDomain sniping
Domain sniping is the practice of an individual registering a domain name whose registration has lapsed in the immediate moments after expiry. This practice has largely been rendered moot through ICANN's addition of the Redemption Grace Period , which allows registrants 30 days to reclaim their...
is a related practice of a bad actor registering a domain name
Domain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....
whose registration has lapsed. Although domain registrars often make multiple attempts to notify a registrant of a domain name's impending expiration, these may fail due to out of date contact information or confusion by unsophisticated domain holders. Registrar
Domain name registrar
A domain name registrar is an organization or commercial entity, accredited by both ICANN and generic top-level domain registry to sell gTLDs and/or by a country code top-level domain registry to sell ccTLDs; to manage the reservation of Internet domain names in accordance with the guidelines of...
s and ISP's now normally have measures such as a Redemption Grace Period to provides some protection, but unless the original registrant holds a trademark or other legal entitlement to the name, they are often left without any form of recourse in getting the domain name back.
Description
Domain hijacking can be done in several ways, generally by exploiting a vulnerability in the domain name registration system or through social engineeringSocial engineering
Social engineering may refer to:* Social engineering , efforts to influence society on a large scale* Social engineering , the practice of obtaining confidential information by manipulating and/or deceiving people....
.
The most common tactic used by a domain hijacker is to use acquired personal information about the actual domain owner to impersonate them and persuade the domain registrar
Domain name registry
A domain name registry is a database of all domain names registered in a top-level domain. A registry operator, also called a network information center , is the part of the Domain Name System of the Internet that keeps the database of domain names, and generates the zone files which convert...
to modify the registration information and/or transfer the domain to another registrar, a form of identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
. Once this has been done, the hijacker has full control of the domain and can use it or sell it to a third party.
Responses to discovered hijackings vary; sometimes the registration information can be returned to its original state by the current registrar, but this may be more difficult if the domain name was transferred to another registrar, particularly if that registrar resides in another country. In some cases the original domain owner is not able to regain control over the domain.
The legal status of domain hijacking remains unclear. It is analogous with theft, in that the original owner is deprived of the benefits of the domain, but theft
Theft
In common usage, theft is the illegal taking of another person's property without that person's permission or consent. The word is also used as an informal shorthand term for some crimes against property, such as burglary, embezzlement, larceny, looting, robbery, shoplifting and fraud...
traditionally regards concrete goods such as jewelry and electronics, whereas domain name ownership is stored only in the digital state of the domain name registry, a network of computers. There are no specific laws regarding domain hijacking, nor any law that specifically holds the domain name registrar responsible for allowing the registrant information to be modified without the permission of the original registrant. In some cases there may be recourse under trademark
Trademark
A trademark, trade mark, or trade-mark is a distinctive sign or indicator used by an individual, business organization, or other legal entity to identify that the products or services to consumers with which the trademark appears originate from a unique source, and to distinguish its products or...
law, but not all domain names are (or can be) registered as trademarks.
Prevention
ICANN imposes a 60-day waiting period between a change in registration information and a transfer to another registrar; this is intended to make domain hijacking more difficult, since a transferred domain is much more difficult to reclaim, and it is more likely that the original registrant will discover the change in that period and alert the registrar. Extensible Provisioning ProtocolExtensible Provisioning Protocol
The Extensible Provisioning Protocol is a flexible protocol designed for allocating objects within registries over the Internet.The motivation for the creation of EPP was to create a robust and flexible protocol that could provide communication between domain name registries and domain name...
is used for many TLD
Top-level domain
A top-level domain is one of the domains at the highest level in the hierarchical Domain Name System of the Internet. The top-level domain names are installed in the root zone of the name space. For all domains in lower levels, it is the last part of the domain name, that is, the last label of a...
registries, and uses an authorization code issued exclusively to the domain registrant as a security measure to prevent unauthorized transfers.