Google’s Kenyan web site was reportedly inaccessible yesterday due to a hijacking of the company’s local domain name.
Google.co.ke briefly redirected users to a site bearing the slogan “hacked” on a black background, according to the Daily Nation. A change of DNS was blamed.
Google Kenya reportedly said:
Google services in Kenya were not hacked. For a short period, some users visiting www.google.co.ke and a few other website were re-directed to a different website. We are in contact with the organisation responsible for managing domain names in Kenya.
Google is of course a high-profile target; hackers often exploit weaknesses at third-party providers such as domain name registries in order to take down its satellite sites.
Its Irish site was taken down in October last year, after attackers broke in through a vulnerability in IEDR’s Joomla content management system.
ICANN is to terminate a Russian registrar’s accreditation.
Name For Name Inc, which was given a breach notice last month, is being shut down for basically failing to act as a registrar.
Verisign had already cut off its .com/.net registrar contract and the company was not managing names, providing Whois, or doing any of the other things registrars are supposed to.
Under normal circumstances, a termination sees a mass transfer of all the domains under management to a nominated registrar, but in Name For Name’s case I can’t see that happening.
The company only had five gTLD domain names under management, according to the latest count.
Its accreditation will be terminated September 6.
ICANN also this week issued a breach notice to Visesh Infotecnics (Signdomains.com), apparently as the result of a badly handled domain name hijacking.
Verisign is causing a bit of a commotion among its registrar channel by demanding 24/7 support for customers whose .com domains have been hijacked.
The changes, we understand, are among a few being introduced into Verisign’s new registry-registrar agreement for .com, which coincides with the renewal of its registry agreement with ICANN.
New text in the RRA states that: “Registrar shall, consistent with ICANN policy, provide to Registered Name Holders emergency contact or 24/7 support information for critical situations such as domain name hijacking.”
From the perspective of registrants, this sounds like a pretty welcome move: who wouldn’t want 24/7 support?
While providing around the clock support might not be a problem for the Go Daddies of the world, some smaller registrars are annoyed.
For a registrar with a small headcount, perhaps servicing a single time zone, 24/7 support would probably mean needing to hire more staff.
Their annoyance has been magnified by the fact that Verisign seems to be asking for these new support commitments without a firm basis in ICANN policy, we hear.
The recently updated transfers policy calls for a 24/7 Transfer Emergency Action Contact — in many cases just a staff member who doesn’t mind being hassled about work at 2am — but that’s meant to be reserved for use by registrars, registries and ICANN.
ICANN has threatened to terminate Chinese domain name registrar eName Technology after the domain 1111.com was allegedly hijacked.
According to ICANN’s notice of breach (pdf), eName has refused to hand over data documenting the transfer of 1111.com as required by the Registrar Accreditation Agreement.
ICANN claims that when it tried to get eName’s help investigating a hijacking complaint, the company did not return its calls or emails.
The registrar now has 15 days to provide the transfer records as called for by the Inter-Registrar Transfer Policy.
According to historical Whois records, 1111.com was transferred to eName between February 12 and 16 this year. After a complaint, ICANN started chasing eName for the data on February 28.
The domain appears to have been owned by at least four different parties and three different registrars – Network Solutions, then Joker, then eName – since the start of 2012.
It’s the second time that ICANN has sent a breach notice to a registrar over an alleged mishandling of a domain name hijacking, and the first time it’s actually named the domain in question.
In February, the organization threatened Turkish registrar Alantron with the suspension of its contract over the botched handling of pricewire.com.
Register.com has apologised to Chinese portal company Baidu for allowing its domain, baidu.com, to be hijacked by the Iranian Cyber Army hacker group.
The two companies have announced that the lawsuit, which alleged gross negligence among other things, has now been settled. Terms were not disclosed.
If Baidu’s complaint was to be believed, the hackers took over baidu.com with a trivial social engineering attack that relied upon a Register.com tech support employee being asleep at the wheel.
The company is one of China’s largest internet firms, employing over 6,000 people and turning over well over $600 million a year. But for the period of the hijack, visitors to baidu.com instead just saw the hackers’ defacement message instead.
The registrar had argued in court that its terms and conditions released it from liability, but the judge didn’t buy it.
Register.com, which was acquired by Web.com for $135 million in June, said yesterday:
After an internal investigation, we found that the breach occurred because Register’s security protocols had been compromised. We have worked with United States law enforcement officials and Baidu to address the issue. We sincerely apologize to Baidu for the disruption that occurred to its services as a result of this incident.
Baidu said it accepted the apology. And the check, I imagine.