Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Stealing Domains via GMail

Using GMail to manage your domain administration can be risky, as some security researchers have found out in the past, but it seems that this lesson is a painful one that plenty of other website owners are finding out, first hand.

Despite the understandable panic and fear being expressed by some of the site owners who have lost control over their domains, it most likely is not a direct flaw in GMail that is leading to the site and account compromises.

In previous cases, the breaches were a result of attackers being able to gain access to GMail accounts through relatively simple hacking attempts and from there they were able to create requests for transferring ownership of the various domains under their control to the hackers. Because many domain registrars (the common thread in many of these cases being GoDaddy) will allow domain transfers based off emails from the nominated account holder's email address, the domain registrars can't really differentiate between a legitimate and illegitimate account transfer request, especially when the attacker controls the victim's email account.

In the most recent domain theft cases, suspicion has fallen on a possibly Turkish hacker (it is the furthest common point that each attacked site owner has been able to trace). When MakeUseOf.com published the supposed email of the attacker (webs@domainsgame.org), they were threatened with a significant Distributed Denial of Service attack unless they removed records of the email from their site.

With it becoming simpler and simpler to obtain domains for the everyday user, and with the continuing popularity of webmail accounts as primary email accounts, the problems of domain theft are going to become more common and more frustrating.

Almost all users are aware that viruses and worms exist, and there is increasing awareness of the risks of phishing and identity theft. It might be some time yet, but users are going to have to become aware of the risks associated with domain and email account theft.

If domain registrars required two factor / two channel means for transferring domain registrations or significant modification of ownership details then it would stop many of these incidents from taking place. It won't stop the compromise of webmail accounts, but it will mitigate the ability of the attacker to transfer domain ownership.

23 November 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.