Three Ways Your Domain Name Can Be Hijacked

Babayiz.biz. David Walsh. Chris Coyier. David Airey. Hesham Zebida. Gary Kremen. Hushmail. All of them don’t really have anything in common among one another.

That is, except for one unfortunate thing: all of them experienced their own domain name being hijacked or stolen at some point. By being hijacked or stolen, I mean the domain name is (or was when it happened) registered and paid for, and the domain name was taken from them by third parties without their knowledge and consent.

Imagine one day that happens to you. Your email doesn’t work, your online store isn’t showing up, or…

…you get a web page saying you’ve been PWNED. Owned ya!

Or something else: you receive an email from some unknown individual saying s/he has your domain name. Worse, that person demands you pay money to get it back, even though you have no assurance of seeing it returned to you anyway.

You inform your domain registrar about that right away, and they take (hopefully) action. Days pass, and they (maybe) update you about the situation when they can.

By then, you’re getting anxious because it’s taking so long and it’s still nowhere resolved. Your registrar apologizes for the delays and tells you what’s going on, but the thought that it’s taking days to work on it and keep following up is just agonizing.

If that sort of thing happened to those mentioned above, then it can happen to any of you (even me) as well. It’s scary to think about it, but…there it is.

So now you may be asking: why does this happen? Fair question.

More importantly, what can you do? Is it hopeless?

The why is somewhat easy to answer. Unfortunately there are people out there who will try to steal your domain name if/when they can, whether it’s for money or just the ego trip of taking something from someone who can do little to nothing about it.

Fortunately, this isn’t hopeless. There are actually a bunch of articles out there telling what you can do.

In my opinion, what’s lacking is explaining how this event occurs. That’s what I attempt to write about today, based on my own experiences dealing with various domain registrar issues (including hijacking) in a past life as well as things learned from other registrars.

So…how exactly does a domain hijacking occur?

For domain hijacking to occur, one must somehow gain access to where your domain name is kept. Once that’s broken into, the thief can do anything to it.

You may be asking: wait, shouldn’t the registrar keep that domain name secure? Don’t they inform me if anything is changed on my domain name?

Mainly, registrars do keep your domain name account as secure as possible and do email you whenever they can. But they actually don’t control everything that can allow a hijacking to take place, often without them knowing about it either until someone brings it to their attention.

And that’s what I’ll get into. How your domain name can be compromised can be done in what I consider three ways:

1. By compromising how you access your domain name account.

Of course, one uses a computer to access their online account or control panel with their registrar. If that domain name account is compromised, the domain name can be compromised as well.

It’s not totally known how, but that’s supposedly what happened in the cases of Babayiz.biz, Hesham Zebida, and David Walsh. Their accounts were somehow broken into, and the domain names stolen.

One way to accomplish that is to use a “keylogger” program that logs or records whatever you type on your keyboard such as your username or your password. That or other programs called malware is usually placed in the computer if one visits a web site injecting it or after clicking on an attachment from an email.

As much as possible, keep your computer virus-free, update your anti-virus software if any, and be wary what web sites you visit. And naturally, don’t click on any attachment from any email you may not be familiar with.

Also, try to avoid accessing your account with an unsecure WiFi connection or in an Internet cafe. Unfortunately not all Internet cafes stay on top of their computer or network security, so using your very own machine within your very own control might be more practical.

If you can, use strong/er passwords. Although it’s convenient to use easy-to-remember passwords, using longer and “mixed” passwords with letters, numbers and special characters (e.g. acDd@!$#315) can make it harder to guess or break your account.

Assuming you do keep your domain account secure, there is another way your domain name can be taken. Namely:

2. By taking control of your domain name’s contact email.

Every domain name must display its owner name and contact details in a public database called WHOIS. That includes showing a valid email address where registrars can send notifications to for whatever reason.

If you forgot your domain account’s username or password, one option registrars give is sending a password reset link to the email address on record. If a thief compromises that email address itself, they can also use that to change your login details or even transfer your domain name without you knowing about it.

That’s the scenario with Chris Coyier and David Airey, and (recently) Hesham Zebida. Unless the registrar sends those notices to another email address on file, you’re unlikely to receive any of them at all.

Thus, it’s equally important to secure your email address on record. Similar to your domain name account, try to use stronger passwords for your email as well.

If your registrar offers a privacy service for free, make use of it. Their privacy service can prevent the thief from breaking into your email address by hiding it, although it does have some catches I’ll explain in a future article.

Now this third method is arguably the rarest way, yet it has happened a few times. And that is:

3. By contacting your registrar’s support.

The thief might actually contact your domain registrar’s support online or via phone. That person can pose as you, maybe sweet talk his or her way through, perhaps send documents pretending it’s you but aren’t verified, or intimidate the agent into giving access to your domain name.

That method is often referred to as “social engineering” wherein one impersonates you to sneak in and steal your domain name. That’s the case with Hushmail and Gary Kremen, the latter seeing the thief fax documents with fake ID to later steal sex.com.

(To be fair, both of those cases were years ago. I haven’t seen anything like that happen since then, unless someone writes his/her experience about that online.)

If you created a “challenge” or “security question” when you made your account, you might inadvertently share its answer online. If your security question was “what’s your mother’s maiden name?”, then you casually mention online like “hey, my mother’s maiden name is Smith!”, a thief might find that and try to answer your registrar support’s security question or so on file.

For the most part, registrar personnel know they must guard against domain hijacking attempts and will not back down against threats. How to ensure that happens is really up to the domain registrar itself.

While there aren’t any surefire answers how to necessarily “solve” this one, try to use a reputable domain registrar with the modes of support you require. Personally I recommend Moniker and NameCheap, although other registrars like Dynadot, Hover, NameSilo, Rebel.com and Name.com are equally fine.

I suggest Moniker because of their phone support, something NameCheap doesn’t actively offer to its customers. Then again, I notice many users are fine with NameCheap’s email, ticket and online chat support still.

So to recap: a thief can commit domain hijacking by compromising the computer you use to access it online, by taking over your email address on file, or by getting through your registrar’s support. I aim to write more about this and answer some common questions and concerns soon.

By the way, you’ll be glad to know that all of the cases I mentioned above have been resolved. As in all domain names have since been returned, albeit not after a long amount of time, money, and effort (and pain) has passed.

I want to thank you for taking time to read this, and I want to thank some of the people who bravely documented online their own experiences. The more people are aware of this, the more we can take care of our domain names.

As always, feel free to share your thoughts below or spread the word online about this. I’ll just be around.

Sources: ICANN, CSS Tricks, David Airey, David Walsh, Zebida.com, annaOMline

Check Out These Other Posts:

Tags: ,