Last updated: 
3 days 14 hours ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Taking care of domain names

Thursday, June 16, 2016 - 23:00

At the FIRST conference, James Pleger and William MacArthur from RiskIQ described a relatively new technique being used to create DNS domain names for use in phishing, spam, malware and other types of harmful Internet activity. Rather than registering their own domains, perpetrators obtain the usernames and passwords used by legitimate registrants to manage their own domains on registrars' web portals. They can then create their own subdomains (for example badhost.realbusiness.com) and point them at the malicious hosts they control.

Subdomains registered in this way, known as "domain shadowing", have a number advantages for the perpetrator. They may gain some credibility with potential victims from appearing to be part of a legitimate business. For incident response teams they may be harder to spot as the (original) registrant's details are valid and the registered domain appears normal in terms of its lifecycle. RiskIO estimate that at least 27,000 registrant accounts have been compromised and used in this way. That's a small percentage of the total number of registrants, but it seems that as much as 40% of malicious internet activity may involve shadowed domains at some stage.

Depressing to report, domain management passwords seem to be discovered in much the same ways as any others. They may be simple enough to guess, or obtained through phishing, or reused by the same person on some less secure site than a domain name registry. The password that gives control of your domain ought to be important enough to be long and complex, not reused on other sites, and only entered into websites with great care. Better yet, if your domain registry offers two-factor authentication, or other ways of validating that you are indeed the registrant when you request changes, consider taking up that offer.