Hijacking of Firms’ Branded Web Site Names Is Growing Online Problem
The Web hijacking phenomenon that touched companies like Nike Inc. and Internet.com during 2000 may well have affected a San Diego publisher as well.
The Log, a chain of California boating newspapers, recovered its registered Web address Jan. 4 after traffic to the address was routed to another server for seven weeks.
Beginning Nov. 16, traffic bound for the site (www.thelog.com) was routed to a site for a timber company in east Europe.
Officials at The Log said they never authorized the change. Publisher Dan Teckenoff said last week he had not yet added up the costs of the incident, including the expense of having his lawyer contact the Web registrar.
Teckenoff said the incident had the markings of a prank.
The publication had “the rug pulled out from under them,” said David Honl, Webmaster for The Log.
Others familiar with maintaining Internet sites said both malicious hackers and administrative errors can trigger such changes.
Considering the millions of Internet domain names that exist, such incidents are rare, said Sammy Migues, chief scientist with Fairfax, Va.-based iDefense, which provides consulting on Internet security.
“It doesn’t happen often,” said a spokeswoman for Virginia-based Network Solutions Inc., a giant among Web registrars whose clients include The Log.
The spokeswoman, Nancy Huddleston, said The Log’s change had not been properly authorized. She said her company made the switch after it received notice from another registrar that The Log had wanted the change.
Registrar Responsible for Verification
Under rules put out by the Internet Corporation for Assigned Names and Numbers (ICANN), the registrar making the request has to verify whether the request is the real thing, Huddleston said.
She said she did not know the name of the other registrar.
The Log has owned its Web address since 1996 and was paid up on its registration, said officials with the newspaper.
Starting in mid-November its Internet visitors were directed to a Web address with the top-level domain name “md,” which is the country code for the Republic of Moldova. The tiny country lies between Romania and Ukraine.
Honl, who maintains The Log’s Web site from Long Beach, said he signed on to the site one day at 6 a.m. and found the notice for the timber company.
“That’s sort of a panic attack when you’re the Webmaster and you can’t get into your own site,” said Honl.
Teckenoff said he had spent four years building thelog.com into a Web resource for the West Coast marine industry, giving it links to entities from the California Coastal Commission to yachting magazines. All of a sudden, he said, his 230 hits a day went to zero.
The company set up an alternate Web address that it publicized in its newsprint editions. In that sense, The Log had an advantage other Web-based businesses do not have, Honl said, since The Log had an alternate means to communicate with its audience.
A Growing Problem
The Log is not alone in suffering the temporary loss of its domain name.
A hacker took control of Nike’s domain name (www.nike.com) in June, rerouting traffic meant for the Oregon-based shoe company to servers in Scotland.
There are also published reports of takeovers of the domain names internet.com, whoami.com, web.net, bali.com and others during 2000.
Officials at iDefense laid out half a dozen ways a hacker could hijack a domain name as in the case of thelog.com.
“It’s really kind of scary how easy some of that is,” said David Heemann, whose Carlsbad-based Internet service company, nondotcom, inc., has started to register domain names.
Several people said hackers can change names by “spoofing,” the art of making an Internet message look like it came from someone else.
The problem of verifying someone’s identity is bad enough over the telephone, observed Tom Scrivner, owner of the Escondido Internet service company Computing Insights. The problem is “magnified” on the Web, he said.
Several people contacted for this article, as well as published reports, said automated systems for changing domain registration can contribute to such problems.
Honl said The Log could have done nothing more to avoid its problem. But he and several others said companies can build their defenses with vigilance and attention to detail.
Knowing you have to register a domain name yearly, and keeping an eye on your domain like a credit report helps, Honl said.
IDefense’s Migues advised being aware of “look-alike” Web addresses.
Registrars do contact owners of Web addresses to verify whether a request for a change is proper. Frequently they send notices via e-mail, but that can be thwarted in several ways, including by spoofing.
Asking for the highest level of security ,verification via encrypted e-mail or a special phone number , can help, said Migues.
Nondotcom’s Heemann said in the United Kingdom, requests for changes must be on paper.
Sometimes errors occur when a company does not keep its contact information up to date with a registrar, said area resident Kent Smith. Smith said he has lost ownership of two Web addresses because notices were sent to old e-mail accounts.
Keeping a registrar updated is vital, said Honl, adding mistakes can occur with personnel changes at work.
The more unreported changes, the worse. “That stuff can really build up,” Honl said.