Difference between pages "KSregistry GmbH" and "Domain Name Hijacking"

From ICANNWiki
(Difference between pages)
Jump to navigation Jump to search
m
 
 
Line 1: Line 1:
{{CompanyInfo|
+
'''Domain Name Hijacking''' or Domain Hijacking refers to the security breach that occurs when an outside agent, such as a hacker, gains control over a domain registered to another individual or organization.<ref name="report">[http://archive.icann.org/en/announcements/hijacking-report-12jul05.pdf Domain Name Hijacking: Incidents, Threats, Risks, and Remedial Actions] (PDF), ICANN's SSAC</ref><ref name="go">[http://www.gohacking.com/how-domain-name-is-hijacked-how-to-protect/ How a Domain Name is Hijacked and How to Protect it] by Srikanth Ramesh, GoHacking.com</ref> Hijacking can be accomplished via various practices and often results in domain name registrants losing control of their domains as traffic is redirected to a different site, the content of the original site is changed, or the outside agent switches the control of the name through the registrar. <ref name="go"/> This practice has reportedly tripled since 2005 and is related to [[Reverse Domain Name Hijacking]]<ref name="cio">[http://www.cio.com/article/699206/4_Ways_to_Prevent_Domain_Name_Hijacking_?page=1&taxonomyId=3089 4 Ways to Prevent Domain Name Hijacking] by Meridith Levinson (February 1, 2012), CIO</ref>
| logo            = KSregistryLogo.jpg
 
| type            =
 
| industry        = registry provider
 
| founded        = 2012 (KS registry operations since 2001)
 
| founders        = Alexander Siffrin
 
| ownership      = [[Key-Systems|Key-Systems Group]]
 
| headquarters    = St. Ingbert
 
| country        = Germany
 
| businesses      = Registry
 
| products        = registry services for > 30 TLDs
 
| employees      = KS Group: 100+
 
| revenue        =
 
| email          =
 
| website        = [http://www.ksregistry.com KSregistry.com]
 
| blog            =
 
| facebook        =
 
| linkedin        =
 
| twitter        =
 
| keypeople      = [[Alexander Siffrin]] (CEO), Oliver Fries (CTO)
 
}}
 
'''KSregistry GmbH''' is an Internet infrastructure service provider. The company is part of the Key-Systems/ Moniker Group providing back-end registry solutions for [[ccTLD]]s and [[New gTLD Program|new gTLD]] applicants.<ref>[http://www.key-systems.net/english/business-areas/ksregistry/ksregistry-registry-operation-for-companies-and-organizations.html KSregistry – Registry Operation for Companies and Organizations, key-systems.net]</ref> Key-Systems has been offering registry services since 2001; in February 2012, the Key-Systems Group concentrated these services into the new KSregistry GmbH.<ref>User Submitted</ref>
 
  
'''KSregistry''' is the back-end provider for 27 new Top Level Domains in [[ICANN]]'s [[New gTLD Program]].<ref>[http://domainincite.com/9442-the-registry-back-end-market-numbers-are-in The registry back-end numbers are in, domainincite.com]</ref> The company disclosed that it received 29 out of 30 possible points during the [[Initial Evaluation]] of its first application to go through the review (see also [http://www.gawkwire.com/web_hosting/ksregistry_achieves_high_icann_result.html]). Only 22 points are needed to pass.<ref>[http://domainincite.com/12360-ksregistry-discloses-97-passing-score-for-new-gtld KSregistry discloses 97 passing score for new gTLD, DomainIncite.com] Published & Retrieved Mar 25 2012</ref>. The Company is a leading Registry for new TLDs. The servers of KSregistry and [[SkyWay DataCenter]] are in Germany - governed by German law.
+
==Types of Redirection==
 +
Also called DNS Hijacking, this practice refers to situations in which queries are incorrectly resolved in order to redirect users to malicious sites due after perpetrators have installed [[Malware]] on user computers, taken over routers, or intercepted [[DNS]] communication.<ref>[https://www.imperva.com/learn/application-security/dns-hijacking-redirection/ DNS Redirection, Imperva]</ref>
 +
* Local - when Trojan malware is installed on a user’s computer, it changes the local DNS settings to redirect the user to malicious destinations.
 +
* Router - when attackers take over routers, they can overwrite DNS settings.
 +
* Man in the middle - attackers intercept communication between a user and a server and change the destination [[IP address]].
 +
* Rogue server - when a server is hacked and the DNS records are changed to redirect DNS requests to malicious sites.
  
'''New gTLDs - New Generic Top Level Domains'''
+
==Public Perception==
 +
Domain name hijacking is viewed negatively by most people and can be referred to as domain theft.<ref name="go"/>
  
The applications for new generic top level domains have passed in Initial Evaluation at ICANN and will presumably go live during the course of the next year. Among others, the following new TLDs will use the registry system of KSregistry GmbH as technical framework:
+
==Outcome==
 +
The broader outcome of this behavior is that users' domain names are at risk from predatory parties. Individuals can lose control of their domain names and larger organizations can face major losses, monetarily and in consumer confidence.
  
The term '''[[.bio]]''' has diverse meanings as abbreviation or prefix, it can stand for biography, biology, biotechnology or as synonym for organic farming and products. Due to the diversity of its use, the registration of .BIO domains won’t be restricted to the organic food industry and farming sector only. The mission of the .BIO TLD is to implement national and international organic standards and legislations with the help of .BIO domain name registrants.
+
==Historical Use==
+
Domain name hijacking has been used for a number of purposes, such as "malice and monetary gain."<ref name="report"/> If the hijacked site deals with Internet commerce or retail, for example, its users may be redirected to a [[phishing]] webpage designed to steal their financial information.<ref name="cio"/> A domain name is vulnerable to hijacking through a number of different avenues:
The generic top level domain (gTLD) '''.SKI''' will be the new domain extension for ski fans, ski sport businesses and ski related topics. The community TLD shall create a new domain name space for news, advice, products, services, and brands or shared experiences around the ski topic. The aim of .SKI is to create online new opportunities for the millions of ski sports participants and communities, to support the growth in the ski sports industry, to promote choice and competition for a global ski sports community as well as provide trusted and safe internet spaces for ski fans (see also: [https://www.youtube.com/watch?v=IxRMU-mAMZI] ).
 
  
'''[[.archi]]''' is the new generic top level domain (gTLD) for professional architects to create new business opportunities for them. This new community gTLD will be reserved for community members to guarantee standards of professionalism, integrity, and competence. The mission of .ARCHI is to make it easier for Internet users to locate professional architects and give professional architects the opportunity to register domain names they were not able to register in existing extensions. Further, .ARCHI shall create a virtual place exclusively dedicated to architecture and regulated in collaboration with the International Union of Architects (more info: [https://www.youtube.com/watch?v=wJDrgmt1yA0] ).
+
*DNS Servers: if the DNS is hijacked or poisoned, people typing in a domain name may be redirected to another page without their knowledge.<ref name="cio"/> This method does not require any registrant account information to be compromised or readily available. See [[Pharming|DNS Hijacking]] for more information.
  
The generic top level domain (gTLD) '''[[.desi]]'''  is a new domain extension to provide a unique platform to help the Desi Diaspora facilitate the distribution and exchange of information, products and services within the community. .DESI represents an informal term that is used by many members of the South Asian Diaspora to identify themselves. It refers to people, cultures and products from the Indian subcontinent and is used by the Diaspora to connote an origin or a connection with the Desi regions ([https://www.youtube.com/watch?v=ixOKcl6znJI desi video]). Desi Networks, LLC, the organization behind .DESI, was formed in 2011 for the purpose of operating the DOT DESI gTLD. .desi started going live on 6 October 2014.
+
*Registrar Security: if a registrar's security is compromised and a domain name is not locked, it could be transferred to a different user and registrar before the owner is notified.<ref>[http://www.theregister.co.uk/2005/07/12/icann_domain_hijacking/ ICANN warns world of domain hijacking] by Kieren McCarthy (July 12, 2005), The Register</ref>
  
TUI AG, applied for the brand TLD '''[[.tui]]''' to create a comprehensive communications platform, serving its broad network of corporate affiliates, partners, agents, and clients. .TUI is intended to support the business and marketing objectives of the company. The new domain name space shall enable brand empowerment, self-determined domain allocation, and an extension of TUI’s brand protection and control through the creation of a unique TLD architecture. TUI AG is Europe’s leading travel company providing tour operators, retail shops, online portals, airlines and incoming services for over 30 million customers. The TUI company comprises three corporate divisions: TUI Travel, TUI Hotels & Resorts, and TUI Cruises.
+
*Email Security: a third party can use WHOIS to find information about a registrant, such as a personal email account, and once the email account is compromised, use it to request a new password from the registrar.<ref name="go"/><ref name="cio"/> If the third party gains access to the registrant's account with its registrar, it can change primary ownership and notification information.  
  
Bayerische Motoren Werke AG (BMW), a publicly-held stock corporation located in Germany and one of the most successful manufacturers of automobiles and motorcycles in the world, will use the registry system of KSregistry GmbH for the TLDs '''.BMW''' and '''.MINI'''.
+
*Phishing: an outside agent can pose as a representative of the registrar and ask for log-in information directly.<ref>[http://www.ehow.com/how_8743588_recover-hijacked-domain.html How to Recover a Hijacked Domain] by James Johnson, eHow.com</ref>
  
'''Geographic & ccTLDs'''
+
==ICANN Policy==
 +
*[[Transfer of Registrations between Registrars Policy]]: This policy requires that registrars send registrants an authorization/confirmation notice when domain names are going to be transferred and that registrants reply in a secure way.<ref>[http://www.icann.org/en/resources/registrars/transfers/policy-15mar09-en.htm Policy on Transfer of Registrations between Registrars | In effect until 31 May 2012], Internet Corporation for Assigned Names and Numbers (ICANN)</ref> 
  
The dotSaarland GmbH (nic.saarland) [http://www.nic.saarland], is the registry for the '''[[.saarland]]''' TLD. KSregistry GmbH is in charge of the technical backend of the new Geographic Top Level Domain. “Saarland” is the name of a federal state within Germany. The company wants to provide a platform which serves the needs of the regional community, provide a common internet address to the community, and promote the region and its people, services and regional attractions to all who share an interest in it. The dotSaarland GmbH is a member of the non-profit organisation dotSaarland e.V., which was founded in 2009, and supports the activities of the association.
+
*[[Registrar Transfer Dispute Resolution Policy]]: This policy outlines how registrars deal with transfer disputes, including unauthorized transfers.<ref>[http://www.icann.org/en/help/dndr/tdrp Registrar Transfer Dispute Resolution Policy], Internet Corporation for Assigned Names and Numbers (ICANN)</ref>
 +
**Note: It can be challenging to prove to registrars that a domain name has been hijacked as "Registrars are often skeptical of claims of domain hijacking."<ref name="help">[http://www.circleid.com/posts/help_domain_name_hijacked/ Help! My Domain Name Has Been Hijacked!] by Brett Lewis (January 12, 2007), CircleID</ref>
  
The Canton of Zurich, single applicant for the '''.ZUERICH''' TLD, will work with the KSregistry GmbH, which will provide the technical backend for the new generic top level domain. The .ZUERICH TLD is part of a new branding concept for Zurich started in 2011 and shall represent the Canton of Zurich, one of the largest of Switzerland’s 26 national districts, and the city of Zurich, the largest city in the country. .ZUERICH will be the new domain extension to promote the local industry, scientific interests, tourism and marketing, and to highlight the high standard of living in the Zurich region. .ZUERICH will be a restricted TLD.
+
==Legislation==
 +
There is no U.S. legislation that directly addresses domain name hijacking. However, as it potentially can involve theft, fraud, identity theft, and phishing, there are avenues for legal redress. It is worth noting that proving domain name ownership after being hijacked can be difficult.<ref name="help"></ref>
  
DotDM Corporation is the official administrator of '''[[.dm]]''' since 2001. In December 2011, DotDM decided to cooperate with the KSregistry GmbH, which is the technical operator of its registry platform since the re-launch in June 2012. .DM is the country code top level domain of Dominica, an independent member state of the Commonwealth.
+
==Additional Resources and Tips==
 +
*Read ICANN's Report on [http://archive.icann.org/en/announcements/hijacking-report-12jul05.pdf Domain Name Hijacking] for a brief overview of domain name hijacking and a thorough account of notable domain hijacking incidents
 +
*View [http://www.ehow.com/how_8743588_recover-hijacked-domain.html How to Recover a Hijacked Domain]
 +
*View ICANN's [http://www.icann.org/en/resources/registrars/transfers/foa-conf-12jul04-en.htm Standardized Authorization Form] required to transfer domain names from one registrar to another
 +
*For tips on how to prevent domain name hijacking, read [http://www.circleid.com/posts/help_domain_name_hijacked/ Help! My Domain Name Has Been Hijacked!]
  
The National Telecommunications Regulatory Commission (NTRC), an agent of the state Grenada, has delegated the operation of '''[[.gd]]''' the ccTLD of Grenada, to the former technical backend provider, KSregistry GmbH.
+
==Related Articles==
 +
*[[Reverse Domain Name Hijacking]]
  
The Telecommunications Regulatory Commission of Virgin Islands (TRC) has sourced out the operation of '''.VG''', the ccTLD of Virgin Islands. The former technical backend provider, KSregistry GmbH, resumes the operation of .VG in future.
+
==References==
 
+
<references/>
'''Security & DataCenter'''
 
 
 
KSregistry's main components are set up as a cluster with a minimum of two servers, and all system backups are distributed to two different geographical sites. The complete design of their system is based on TIER III architecture, in order to guarantee maximum security for all services. By using their own [http://www.skyway-dc.com SkyWay DataCenter] the company is able to ensure fast reaction times and full process control.<ref>[http://www.key-systems.net/english/business-areas/ksregistry/ksregistry-registry-operation-for-companies-and-organizations.html KSregistry – Registry Operation for Companies and Organizations, key-systems.net]</ref>
 
 
 
'''Domain Store'''
 
 
 
With its '''Domain Store''' Ksregistry provides a '''white-label shop solution for domains'''. The Domain Store allows registries to offer their top level domains to end customers by using the turn-key retail sales platform for domains as a Software-as-a-Service (SaaS) in the cloud.
 
 
 
The white-label shop solution is adaptable to the corporate desing of the client and allows the full automation of the domain selling process. Thanks to the user-friendly web interface, end customers can register and administer domains in an easy and target-group-specific manner. Furthermore, the distribution of additional products, such as web hosting packages or e-mail services is possible with the Domain Store. The flexible price administration, automated billing processes and the connection to established payment service providers complete the functionality of the all-in-one solution. The Domain Store offers the complete portfolio of ccTLDs, gTLDs and new top level domains.
 
 
 
==Dispute at AdamsNames==
 
In March 2013, KSRegistry was wrapped up in a dispute which seemed to arise from members of the executive management at [[AdamsNames [http://www.adamsnames.com]], the registry for [[.tc]]. KSregistry terminated its cooperation with the UK based head office of AdamsNames in May 2014.
 
  
==References==
+
[[Category: Bad Practice]]
{{reflist}}
 

Revision as of 16:01, 12 May 2021

Domain Name Hijacking or Domain Hijacking refers to the security breach that occurs when an outside agent, such as a hacker, gains control over a domain registered to another individual or organization.[1][2] Hijacking can be accomplished via various practices and often results in domain name registrants losing control of their domains as traffic is redirected to a different site, the content of the original site is changed, or the outside agent switches the control of the name through the registrar. [2] This practice has reportedly tripled since 2005 and is related to Reverse Domain Name Hijacking[3]

Types of Redirection

Also called DNS Hijacking, this practice refers to situations in which queries are incorrectly resolved in order to redirect users to malicious sites due after perpetrators have installed Malware on user computers, taken over routers, or intercepted DNS communication.[4]

  • Local - when Trojan malware is installed on a user’s computer, it changes the local DNS settings to redirect the user to malicious destinations.
  • Router - when attackers take over routers, they can overwrite DNS settings.
  • Man in the middle - attackers intercept communication between a user and a server and change the destination IP address.
  • Rogue server - when a server is hacked and the DNS records are changed to redirect DNS requests to malicious sites.

Public Perception

Domain name hijacking is viewed negatively by most people and can be referred to as domain theft.[2]

Outcome

The broader outcome of this behavior is that users' domain names are at risk from predatory parties. Individuals can lose control of their domain names and larger organizations can face major losses, monetarily and in consumer confidence.

Historical Use

Domain name hijacking has been used for a number of purposes, such as "malice and monetary gain."[1] If the hijacked site deals with Internet commerce or retail, for example, its users may be redirected to a phishing webpage designed to steal their financial information.[3] A domain name is vulnerable to hijacking through a number of different avenues:

  • DNS Servers: if the DNS is hijacked or poisoned, people typing in a domain name may be redirected to another page without their knowledge.[3] This method does not require any registrant account information to be compromised or readily available. See DNS Hijacking for more information.
  • Registrar Security: if a registrar's security is compromised and a domain name is not locked, it could be transferred to a different user and registrar before the owner is notified.[5]
  • Email Security: a third party can use WHOIS to find information about a registrant, such as a personal email account, and once the email account is compromised, use it to request a new password from the registrar.[2][3] If the third party gains access to the registrant's account with its registrar, it can change primary ownership and notification information.
  • Phishing: an outside agent can pose as a representative of the registrar and ask for log-in information directly.[6]

ICANN Policy

  • Registrar Transfer Dispute Resolution Policy: This policy outlines how registrars deal with transfer disputes, including unauthorized transfers.[8]
    • Note: It can be challenging to prove to registrars that a domain name has been hijacked as "Registrars are often skeptical of claims of domain hijacking."[9]

Legislation

There is no U.S. legislation that directly addresses domain name hijacking. However, as it potentially can involve theft, fraud, identity theft, and phishing, there are avenues for legal redress. It is worth noting that proving domain name ownership after being hijacked can be difficult.[9]

Additional Resources and Tips

Related Articles

References

  1. 1.0 1.1 Domain Name Hijacking: Incidents, Threats, Risks, and Remedial Actions (PDF), ICANN's SSAC
  2. 2.0 2.1 2.2 2.3 How a Domain Name is Hijacked and How to Protect it by Srikanth Ramesh, GoHacking.com
  3. 3.0 3.1 3.2 3.3 4 Ways to Prevent Domain Name Hijacking by Meridith Levinson (February 1, 2012), CIO
  4. DNS Redirection, Imperva
  5. ICANN warns world of domain hijacking by Kieren McCarthy (July 12, 2005), The Register
  6. How to Recover a Hijacked Domain by James Johnson, eHow.com
  7. Policy on Transfer of Registrations between Registrars | In effect until 31 May 2012, Internet Corporation for Assigned Names and Numbers (ICANN)
  8. Registrar Transfer Dispute Resolution Policy, Internet Corporation for Assigned Names and Numbers (ICANN)
  9. 9.0 9.1 Help! My Domain Name Has Been Hijacked! by Brett Lewis (January 12, 2007), CircleID
Retrieved from "https://icannwiki.org/index.php?title=KSregistry_GmbH&oldid=1312305"