The great domain name robbery

Last month, a large number of European companies were horrified to discover that their domain names had been hijacked, with all traffic to their sites being redirected to a page containing messages about the war in Kosovo.

In a time where online presence is a business necessity, this was a major disaster for the companies concerned - which included Adidas and Manchester United.

All global domain names are stored and managed by one company: Network Solutions (NSI). The individuals in this case managed to spoof email addresses from a variety of sites. The hijackers then sent NSI an email appearing to come from the 'correct' domain, requesting that the registration details and DNS server be changed. The DNS servers for these sites were then switched to another provider.

So these Serbian 'cybervandals' caused chaos simply by sending a hoax email to NSI. Without checking on the authenticity of the requests, it duly complied.

WebDNS - another domain name outfit - issued a damning statement soon after the incident last week, blaming Network Solutions itself. "Network Solutions has serious security issues pertaining to the manner in which domain names are maintained and changed using their automated email system," the statement read.

But NSI has rejected such criticisms. The domain name registrar has a range of security options available to companies when they register: the more stringent the security you want, the more you have to pay. The company says the victims of the attacks are to blame because they didn't opt for a strong enough security option.

Cheryl Regan, head of corporate communications at Network Solutions, said: "Emphasis needs to be made here that the domain names that had been attacked or 'hijacked' were those whose registrations had subscribed to 'Mail-From' - the lowest protection scheme available for a domain name record."

NSI offers higher levels of protection, including encrypted passwords and pretty-good-privacy (PGP) cryptography systems. Troublemakers trying to redirect domain names by pretending to send an email from within the company would be foiled if the company had registered a domain name with these 'four-star' security options.

But Paul Cronin, head of testing at security company CenturyCom, says this is not good enough. "It's the responsibility of Network Solutions to look after the security of domain names registered with them no matter what. Their existing security measures are very sloppy."

But not everyone thinks Network Solutions should be solely to blame. Jonathan Robinson, CEO of one of the UK's largest domain name companies, NetBenefit, said it's as much up to the domain name owners to protect their online territory.

"Everyone thinks that domain names are a simple area. We've obviously always been aware that it's essential to have the highest security protection on domain names. There has been a proliferation of new companies registering theirs independently - they are not so aware of the dangers," said Robinson.

He concluded that the recent spate of 'email hijacking' will serve as a wake-up call to all involved in registering domain names.

The question of who should shoulder responsibility is still undecided. Obviously the idea that Network Solutions should provide a security option so void of protection that a simple hoax involving a bogus email can shatter a company's Web presence seems absurd.

But on the other hand companies, when registering their addresses, should be more aware of the dangers. Don't wait for Network Solutions to get their act together - you may have to do it yourself.