The Threat of Domain Hijacking (and How to Protect Against It)

The Growing Threat of Domain Hijacking (and How to Protect Against It)

The Growing Threat of Domain Hijacking (and How to Protect Against It)

Domain hijacking seems like a foreign concept to most but it is a very real threat. While it doesn’t gain as much attention as spam or malware, domain hijacking is equally as disruptive to businesses and organizations. In most cases, these disruptions are temporary but they can produce lingering fallout on brands.

Whenever domain hijacking occurs, hackers gain full control over a domain name, including its DNS settings. This may result in one or all of the following scenarios:

  1. “Listen” in on all the traffic to and from a particular domain name, including communications via email.
  2. Redirect traffic to a page with malicious content.
  3. Theft of domain name(s) by initiating a registrar and/or registrant transfer.

Domain Hijacking Cases

Domain hijackers typically target the domain names of reputable brands in order to steal the domain name or to intercept sensitive corporate data. In some cases, hijacking incidents are motivated by something as small as acquiring a rare Twitter handle to larger scale political causes.

In 2005, the luxury brand Coach became a target of the UGNazi hacking group. Many counterfeit versions of Coach’s products are regularly found in China and the brand’s support of SOPA (Stop Online Privacy Act) made it a target for hackers. During the attack, users were redirected to a page managed by the UGNazi group. Luckily, Coach’s corporate emails were not intercepted, nor were visitors sent to a phishing site.

In 2013, both the New York Times and Washington Post websites were compromised by the Syrian Electronic Army (SEA). In these incidents, hackers succeeded in altering each company’s DNS settings. While both companies were able to recover control of their respective domain names, the incident clearly disrupted operations and affected their reputation for online security.

In 2014, the SEA targeted high-profile domain names once more. This time, they took aim at Facebook’s domain, modifying their WHOIS listing information. Fortunately for Facebook, the change was merely cosmetic. Due to a security lock applied to its domain name, the attackers were not able to modify their DNS settings.

While the examples above showed affected organizations being able to recover control over their domain names, the Facebook incident stands out due to the resiliency the company displayed during the attack.

Domain Hijacking Prevention

Domain hijacking is undoubtedly disruptive and potentially damaging for companies, but it is also preventable utilizing the appropriate security measures.

1) Use Domain Privacy to Protect Administrator Details

Applying domain privacy effectively uses proxy contact information on the WHOIS public records. This minimizes threats which originate from scraping WHOIS information. Through proxy contact information, hijackers only see generic registrar contact information. Any attempt to utilize this information to access an account will automatically fail and be rejected.

2) Utilize Domain Locking Mechanisms

Various corporate domain registrars, including Webnames, offer the ability to implement different levels of security locks for a portfolio or domain names.

At the domain name level, registrar lock and registry lock, which is more secure, effectively adds multiple layers of security to each domain name. Depending on the security level of the mechanism, the locks applied are:

  • Registrar Lock – clientUpdateProhibited and clientTransferProhibited
  • Registry Lock – serverDeleteProhibited, serverTransferProhibited and serverUpdateProhibited

Businesses that choose to utilize a form of domain lock harden their accounts by adding a human verification system at the registrar and/or registry level. Modifications to the DNS settings of a domain name are required to be scheduled in advance, pending verification. Even if an account has been compromised, the locks prevent unscheduled changes to a domain’s DNS settings and provides administrators time to react and resolve the breach.

3) Update system and security patches

While IP professionals and brand managers have no control over an organization’s security, they need to work with IT and security professionals to ensure that internal systems utilize the latest security patches.

While domain names are typically managed externally, unpatched systems allow hackers to take advantage of known exploits to compromise accounts, usernames, passwords and confidential information. They can then use this data to access the account associated with a domain name or portfolio.

4) Raise awareness within the organization

The strongest infrastructure in the world is only as strong as its weakest link and for businesses, your employees are part of that infrastructure. While hackers may not directly attack your servers, employees are just as vulnerable to attacks; usually in the form of phishing attempts. While domain names and portfolios are typically managed through a registrar, all it takes is one employee to take the bait and unknowingly grant access to the account housing your portfolio.

The most apparent phishing emails are easy to spot – misspelled words, an unfamiliar domain name, bad grammar, etc. – but what about those that look legitimate, even after intense scrutiny?

This makes implementing an effective education program even more important. As part of the education program, focus on the following:

  • Educate employees on how to distinguish phishing attempts. The most complex attacks can spoof even a legitimate sender’s address and mask emails, making them appear legitimate.
  • Raise awareness about opening attachments and unverified documents embedded in emails.
  • educate employees on how to identify URLS embedded in emails. Attackers often use a similar domain name to give them the appearance of being legitimate. Make sure that the URL matches the sender’s domain name.

Furthermore, companies should consider implementing two-factor authentication whenever possible; as well as enforcing password complexity and password expiration policies.


While the threat of domain hijacking continues to rise each year, prevention is far more cost-effective than recovery from a security breach. Despite the numerous attack vectors available to hackers, deploying the right security tools, updating internal systems and educating employees will allow companies to effectively defend against hijacking attempts.

To find security products to defend your domain names from harm, visit today.

This post was repurposed from the Corporate Services website.

Posted in: