Internet Identity

In many of the recent stories about domain name hijackings, there is often a response from the companies involved to the effect of: "Nothing was hacked, no data was compromised, and there was no breach."

This is flawed thinking and sets a dangerous precedent that runs the risk of making the industry complacent to domain name security incidents in general. It's true that many domain name hijackings do not involve a breakdown in the security of a particular server or workstation, nor are they caused by network intrusions. But they are—or rather become—a technical security breakdown when one considers the broad reach of DNS across an organization. Domain names are a vital corporate asset, and proper attention must be paid to the security of these assets.

A criminal takeover of DNS for a domain introduces a far greater data-loss potential with regards to another system used across the Enterprise: Email. Most organizations use their primary corporate website domains as their email domains, and even if they don't, the Master Registrar account almost always grants criminals access to both domains once the account is compromised. The moment that an email domain's registrar account suffers unauthorized access, whatever email security measures a company has in place can be considered null and void. Further, any data being sent over email from that point forward must be considered compromised. With ingenuity, a criminal could execute their attack in such a way that the targeted organization does not even realize that every single email message (or select messages from select staff) are being copied elsewhere. How much critical corporate data travels over email?

Domain registration accounts often contain controls for things like SSL Certificates and other sensitive data about internal staff and how the organization has set up DNS generally. When a corporate domain name is compromised, it is a major security event, it is absolutely a data breach, and nobody should take this issue lightly.