Domain hijacking, in which one party fraudulently takes control of another's domain name, allows unethical hackers to direct traffic to sites under their control, conduct denial of service attacks, and collect identifying or financial data from unsuspecting users.  These attacks not only cause direct harm to those involved but also undermine the security and stability of the Internet and e-commerce generally.  Every person who uses the Internet has a clear interest in preventing these attacks.

As the SSAC report makes clear, unethical hackers are coupling domain hijackings with an inter-registrar transfer to take advantage of a natural point of confusion and human psychology.  When a domain is transferred from one registrar to another, the losing registrar may feel less responsibility for catching or correcting fraud, whereas the gaining registrar may have less reason to suspect fraud and will have no prior relationship with the victimized registrant.  This, plus miscommunication between the registrars, can prevent or delay efforts to correct the domain hijacking once detected.  ICANN exists to coordinate such communication, and should endeavor to adjust its policies to take these attacks into account.

 

The GNSO currently has before it an extensive list of proposals on how to prevent domain hijackings and to remedy them more rapidly once detected.  In considering these proposals, the GNSO should recognize these two goals as distinct, and ensure that both are addressed.  Moreover, while the registrars can create their own internal security policies to help prevent domain hijacking, all parties are dependent on ICANN to set sound policies for the coordination of two or more registrars and a registrant.  Therefore, the GNSO should carefully consider all proposals that may modify policies for intra-registrar transfer and remedy of a domain hijacking.

When considering these proposals, the GNSO should also recognize that some may be implemented quickly and easily whereas others may require more extensive discussion.  Since these proposals are intended to address an existing vulnerability, timely action is important.  Tying all of these proposals to the same policy development process runs the risk that easily agreed upon fixes will be needlessly delayed or, conversely, that discussion of more complicated or controversial remedies will be hurried or cut short.  Therefore, it may be appropriate for the working group to submit a short list of easily agreed upon proposals before moving on to the more time consuming proposals.

 

 

Because whois reform has been the subject of a separate policy development process, none of the proposed methods of countering domain hijacking include any changes to the whois database policy.  Given the contentious nature of whois reform, it unquestionably warrants its own PDP.  Yet to discuss domain hijacking without discussing whois is to ignore an elephant standing in the middle of the room.  The implications of the current whois policy for domain hijacking should not be ignored merely because the issues straddle two working groups.

As the investigation into high profile domain hijackings has made clear, whois data is a valuable resource to Internet scammers.  The database lets the nefarious hacker know whom he should impersonate in a social engineering attack, and which email address the registrar will accept requests from.  Because this information is made publicly available through whois, this tool has been given to the black-hat hackers for free.  Restricting access to whois data may be the easiest and most effective way to combat domain hijackings.  While it may be appropriate to discuss these issues in another working group, they should not be allowed to slip through the cracks.