Awareness about How to Hijack a Domain - Domain Hijacking Explained
I will tell you about how the domain names are hacked and how they can be protected. The act of hacking domain names is commonly known as Domain Hijacking. For most of you, the term “domain hijacking” may seem to be like an alien. So let me first tell you what domain hijacking is all about.
Domain hijacking is a process by which Internet Domain Names are stolen from it’s legitimate owners. Domain hijacking is also known as domain theft. Before we can proceed to know how to hijack domain names, it is necessary to understand how the domain names operate and how they get associated with a particular web server (website).
Domain name hijacking is a process where the name of a particular domain is transferred to another person without getting an approval from the actual owner of the domain. Domain theft exposes the vulnerable nature of the system that registers domain names.
While the person who executes this is at fault, a part of the mistake also lies with the domain owner not being agile and fast. Every domain name is purchased only for a certain span of time. Once that span of time elapses, the domain name comes back on to the market and is made available for all. The moment the domain name comes up for registration, it is purchased by another party.
One of the best ways to prevent domain name hijacking is by ensuring that you update your domain name ownership periodically by keeping a check on the expiry date. As soon as you receive an email notifying you about the proximity of the expiry date, ensure you pay up the renewal charges well in time to prevent losing the name to someone else.
The hijacking process is simple and straight forward. First of all, they gain access to the personal information of the domain name owner. They use this confidential information and impersonate the owner and get in touch with the registrar of the domain. They send a request to modify certain critical data and get the name transferred to a different registrar. Once this is complete, the hijacker can easily misuse the domain name since it is completely under his control. This is nothing but a form of identity theft.
The original holder to the domain name will face loss not only in terms of reputation, but also costs. This is mostly in cases where the owner is getting a substantial amount of income from the many websites he has hosted on the domain. The hijacker can resort to phishing using the domain name and this can have devastating effects because he will be able to gain access to confidential data of customers trying to perform some transactions online.
While there is a possibility of the original owner regaining the ownership to the domain name, the chances are rare. If the name has been transferred to a domain name registrar outside the boundaries of a given country, you can forget the possibility of getting it back.
The operation of domain name is as follows
Any website say for example cyberarmy.in consists of two parts. The domain name (cyberarmy.in) and theweb hosting server where the files of the website are actually hosted. In reality, the domain name and the web hosting server (web server) are two different parts and hence they must be integrated before a website can operate successfully. The integration of domain name with the web hosting server is done as follows.1. After registering a new domain name, we get a control panel where in we can have a full control of the domain.
2. From this domain control panel, we point our domain name to the web server where the website’s files are actually hosted.
For a clear understanding let me take up a small example.
John registers a new domain “abc.com” from an X domain registration company. He also purchases a hosting plan from Y hosting company. He uploads all of his files (.html, .php, javascripts etc.) to his web server (at Y). From the domain control panel (of X) he configures his domain name “abc.com” to point to his web server (of Y). Now whenever an Internet user types “abc.com”, the domain name “abc.com” is resolved to the target web server and the web page is displayed. This is how a website actually works.
What happens when a domain is hijacked
Now let’s see what happens when a domain name is hijacked. To hijack a domain name you just need to get access to the domain control panel and point the domain name to some other web server other than the original one. So to hijack a domain you need not gain access to the target web server.For example, a hacker gets access to the domain control panel of “abc.com”. From here the hacker re-configures the domain name to point it to some other web server (Z). Now whenever an Internet user tries to access “abc.com” he is taken to the hacker’s website (Z) and not to John’s original site (Y).
In this case the John’s domain name (abc.com) is said to be hijacked.
How the domain names are hijacked
To hijack a domain name, it’s necessary to gain access to the domain control panel of the target domain. For this you need the following ingredients1. The domain registrar name for the target domain.
2. The administrative email address associated with the target domain.
These information can be obtained by accessing the WHOIS data of the target domain. To get access the WHOIS data, goto whois.domaintools.com, enter the target domain name and click on Lookup. Once the whois data is loaded, scroll down and you’ll see Whois Record. Under this you’ll get the “Administrative contact email address”.
To get the domain registrar name, look for something like this under the Whois Record. “Registration Service Provided By: XYZ Company”. Here XYZ Company is the domain registrar. In case if you don’t find this, then scroll up and you’ll see ICANN Registrar under the “Registry Data”. In this case, the ICANN registrar is the actual domain registrar.
The administrative email address associated with the domain is the backdoor to hijack the domain name. It is the key to unlock the domain control panel. So to take full control of the domain, the hacker will hack the administrative email associated with it. Email hacking has been discussed in my previous post how to hack an email account.
Tips to Secure Domain Names
The internet is a place where you can find the good and bad in equal amounts. While on one hand, there are people who ensure access to good information for people from various parts of the world, there are others who are willing to bend over backwards to ensure hijacking some critical domain names. Domain name hijacking is a common problem that is plaguing the world today. Hence, it is imperative that you ensure you secure domain names that you have registered for your websites.
There are various things that one needs to keep in mind in order to ensure security for domain names. The first step, and also the most basic, is to ensure you look for the best domain name provider in the market today. There are a number of companies that advertise themselves online and claim to provide domain name registration for down to earth prices. While getting the best names at lowest prices is possible, it is definitely not something that is always credible. Most of these small time domain name providers would have resorted to dubious means to acquire those website names and hence are willing to offer it at the lowest prices possible.
Hence, first check the credibility of the webhosting company before going in for registering your domain. It is always recommended that you opt for players who have a good name and reputation in the world of domain name registration. Opting for such providers not only ensures security of your domain name but also for your website, thanks to their security systems. While the prices for them might be slightly on the higher side, it is definitely worth every cent since you will have complete peace of mind.
Another point to keep in mind is to ensure opt for the longest time span possible. There is an expiry date for every domain name. Ensuring you opt for “own domain name for a period of five years” will ensure that nobody in the market can ever lay claim on it during that period of time, as long as you safeguard your confidential data. Not taking proper measures to protect your personal data will enable fraudsters to gain access to your domain name and hijack it. Once that is done, it is almost next to impossible to get it back.
When the domain name comes up for renewal, make sure you pay the relevant fees upfront and not wait for the last minute. Your ownership rights to the name lapses the minute it expires and it comes on to sale in the market. So, any person in need of it can buy it. So, if you want to secure domain names, ensure you don’t let it lapse.
These are highly efficient tips, which when implemented can make your life and business relatively hassle free.
Once the hacker take full control of this email account, he will visit the domain registrar’s website and click on forgot password in the login page. There he will be asked to enter either the domain name or the administrative email address to initiate the password reset process. Once this is done all the details to reset the password will be sent to the administrative email address. Since the hacker has the access to this email account he can easily reset the password of domain control panel. After resetting the password, he logs into the control panel with the new password and from there he can hijack the domain within minutes.