What if you were going to visit this article on Entrepreneur.com only you weren’t on the actual site? Instead, you unknowingly landed on a hijacked version of the site where criminals were stealing your personal information. This is known as domain hijacking -- or domain theft -- and it’s one of the most prevalent threats facing businesses and consumers today.
In 2012, incidents of domain hijacking and related crimes – hacking, phishing and social engineering – increased by more than 42 percent, resulting in a $400 billion hit to the economy, according to security-software company Symantec. And it seems like hackers are just getting started. Several of the world’s biggest brands including The U.S. Marines, The New York Times, Twitter, Google, The Huffington Post and Forbes.com – have fallen prey to domain hijacking, thereby putting millions of consumers at risk for identity theft, credit card fraud and other nightmarish situations.
However, the threat isn’t contained to just big brands or large corporations. Any organization with significant traffic, a familiar brand, valuable intellectual property or a desirable domain name is a target.
While cybercriminals continue to strengthen and evolve the techniques they use to attack company websites, domain hijacking is preventable if you understand how it happens in the first place and how to protect your business.
What is domain hijacking?
When a company’s site is hijacked, the internet domain name is stolen from its legitimate owners and taken over by cybercriminals. The five most common ways that sites are hijacked are:
1. Pharming: A cybercriminal takes control of a site and posts objectionable content that can damage a company’s reputation and turn away customers.
2. Phishing: Hijackers replicate a company’s website and collect information like credit cards and social security numbers from consumers who think they’re on the legitimate site.
3. Man-in-the-middle: An attacker reroutes a company’s internet traffic through external hosts to monitor, capture or alter sensitive communications like system passwords and routing information. This type of breach is particularly virulent because it usually goes undetected for long periods of time.
4. Communication Disruption: Hijackers disable communication channels, such as web and email, which cripple an organization until it gets back online.
5. Domain Loss: Criminals steal valuable domain names.
How to protect your site
A company can greatly reduce the threat of a security breach by deploying a mix of the following techniques and processes:
Multi-layer architecture. Like a safe with multiple locks, using a system of different types of locks on the same domain greatly reduces the potential of a complete hijack.
Distributed systems and processes. Ensure that critical information is protected by making sure the keys and processes used to unlock, transfer, delete or redirect your domains are not being housed in one single system or with one group of individuals. Portions of the credentials, keys and authentication processes should be distributed among different groups and systems.
Isolated systems and processes. As an additional layer of security, parts of the system and processes should be isolated and completely disconnected from one another. Only authorized personnel should hold the keys. This prevents accidental leakage of information, which is usually the case with social engineering.
Encryption. Use the highest level of encryption to protect not only authorized domain credentials, but also the processes and systems supporting the domain.
Multi-factor authentication. Do not rely on only one form of authentication. Instead, use a mix of online and offline authentication methods to ensure that no unauthorized person with stolen credentials is able to unlock the domain control for transfer, deletion or name server redirection.
Ultimately, the only way to protect against hijacking is to manage domain names with the same level of security as other mission-critical corporate assets.