Latest news of the domain name industry

Recent Posts

Register.com settles Baidu domain hijacking lawsuit

Kevin Murphy, November 25, 2010, Domain Registrars

Register.com has apologised to Chinese portal company Baidu for allowing its domain, baidu.com, to be hijacked by the Iranian Cyber Army hacker group.

The two companies have announced that the lawsuit, which alleged gross negligence among other things, has now been settled. Terms were not disclosed.

If Baidu’s complaint was to be believed, the hackers took over baidu.com with a trivial social engineering attack that relied upon a Register.com tech support employee being asleep at the wheel.

The company is one of China’s largest internet firms, employing over 6,000 people and turning over well over $600 million a year. But for the period of the hijack, visitors to baidu.com instead just saw the hackers’ defacement message instead.

The registrar had argued in court that its terms and conditions released it from liability, but the judge didn’t buy it.

Register.com, which was acquired by Web.com for $135 million in June, said yesterday:

After an internal investigation, we found that the breach occurred because Register’s security protocols had been compromised. We have worked with United States law enforcement officials and Baidu to address the issue. We sincerely apologize to Baidu for the disruption that occurred to its services as a result of this incident.

Baidu said it accepted the apology. And the check, I imagine.

Internet closes in on 200 million domain names

Kevin Murphy, September 21, 2010, Domain Registries

The internet will almost certainly break through the 200 million domain names milestone before the end of the year, judging from VeriSign’s latest Domain Name Industry Brief.

There were about 196.3 million registered domains at the end of June, according to the report, up by 3 million on the first quarter and 12.3 million on the second quarter 2009. That’s 2% and 7% growth, respectively.

The drag factor on the overall market caused by the mass expiry of millions of Chinese .cn domains seems to have levelled off, making the growth a little more encouraging than in the first quarter.

Regardless, VeriSign said that 76.3 million domains were registered in the ccTLDs, basically flat when compared to the March numbers and a 2.5% increase year-on-year.

The ccTLDs may see a growth spurt in the third-quarter DNIB, due to the influence of .co’s launch, assuming another .cn situation does not arise in another TLD.

VeriSign doesn’t say as much, but if the ccTLDs only grew by a net 63,000 names, that means the bulk of the 3 million new domains were in the gTLDs, but it doesn’t break the number down by gTLD.

It doesn’t even say precisely how many .com/.net domains it manages, or what its growth rates were, just that the two TLDs’ combined total now exceeds 100 million.

US seeks powers to shut down domains

Kevin Murphy, September 20, 2010, Domain Policy

COICA is the new acronym we’ll all soon be talking about — it’s the law that could give the US its very own Great Firewall of China.

A bipartisan group of US senators today introduced the Combating Online Infringement and Counterfeits Act, legislation that would enable the government to quickly turn off domain names involved in piracy.

The bill would enable the Department of Justice to seek a court order against a domain name it believes is involved in piracy or selling counterfeit goods.

If the sponsoring registrar or registry is located in the US, the order would force it to stop the domain from resolving and lock it down.

The likely effect of this would be to force piracy sites out of .com and into offshore registrars. But the bill has thought about that too.

If it’s a non-US registrar and registry, injunctions could be sought to block the domain at the ISP level.

That’s right folks – if this bill passes, the US would get its very own Chinese-style national firewall.

The bill would allow the domain registrant to petition the court to lift the order.

“By cracking down on online piracy of television shows and movies, we hope this bill will encourage copyright owners to develop innovative and competitive new choices for consumers to watch video over the internet,” said Sen. Herb Kohl.

Which is about as disingenuous a statement as it gets, when you think about it, given that it essentially eliminates a major incentive for business model innovation.

Russian domain crackdown halves phishing attacks

Kevin Murphy, August 20, 2010, Domain Tech

Phishing attacks from .ru domains dropped by almost half in the second quarter, after tighter registration rules were brought in, according to new research.

Attacks from the Russian ccTLD namespace fell to 528, compared to 1,020 during the first quarter, according to Internet Identity’s latest report.

IID attributed the decline to the newly instituted requirement for all registrants to provide identifying documents or have their domains cancelled, which came into effect on April 1.

The report goes on to say:

Following a similar move by the China Internet Network Information Center in December 2009, spam researchers suggested that this tactic only moves the criminals to a new neighborhood on the Internet, but has no real impact on solving the problem.

I wonder whose ccTLD is going to be next.

The IID report also highlights a DNS redirection attack that took place in June in Israel, which I completely missed at the time.

Apparently, major brands including Microsoft and Coca-Cola started displaying pro-Palestine material on their .co.il web sites, for about nine hours, after hackers broke into their registrar accounts at Communigal.

DNS Made Easy whacked with 50Gbps attack

Kevin Murphy, August 9, 2010, Domain Services

The managed DNS service provider DNS Made Easy was knocked offline for 90 minutes on Saturday by a distributed denial of service attack estimated at 50Gbps.

This could be the largest DDoS attack ever. The largest I’ve previous heard reported was 49Gbps.

The company, which promises 100% uptime, tweeted that the attack lasted eight hours, but only saw one and a half hours of downtime.

Here are some tweets from the company, starting on Saturday afternoon:

Out of China. Over 20 Gbps…. Don’t really know how big actually. But it’s big. We know it’s over 20 Gbps

Update…. Over 50 Gbps… we think. Since core Tier1 routers are being flooded in multiple cities…..

Trying to organize emergency meeting with all Tier1 providers. We probably have over 50 senior network admins looking into this.

This is flooding the provider’s backbones. By far the largest attack we have had to fight in history.

And, post-attack:

The good: Not everyone was down, not all locations were down at once. The bad: There were temporary regional outages.

Almost back to normal in all locations. Full explanation, details, and SLA credits will be given to all users as soon as possible.

We did not see a 6.5 hour long outage. That would be ultra-long. DDOS attack was 8 hours. Less than 1.5 hours of actual downtime.

It will prove costly. The company’s service level agreement promises to credit all accounts for 500% of any downtime its customers experience.

Quite often in these cases the target of the attack is a single domain. Twitter and Facebook have both suffered performance problems in the past after attackers went after a single user for political reasons.

For a DNS provider, any single domain they host could be such a target. I’d be interested to know if that was the case in this incident.