Dynadot takes down its own web site after apparent breach
Dynadot took the drastic move of turning off its own web site last week after noticing an apparent security breach.
The registrar also reset all of its customers’ passwords, acknowledging the pair of moves were “extremely inconvenient”.
It’s not clear from the company’s statement whether there really had been an attack or whether it overreacted
It said “our system noticed irregular activity” but later brought its site back up after staff “investigated and determined there was not a threat”.
The company said it has engaged “cyber security experts” to help it out in future.
US officials gunning for coronavirus domains
US state and federal law enforcement are pursuing domain names being used to push bogus products and misinformation related to coronavirus Covid-19.
In separate actions, the US Department of Justice forced Namecheap to take down a scam site that was allegedly using fear of coronivirus to hoodwink visitors out of their cash, while the New York Attorney General has written to registrars to demand they take action against similar domains.
The DoJ filed suit (pdf) against the anonymous “John Doe” registrant of coronavirusmedicalkit.com on Saturday and on Sunday obtained a temporary restraining order obliging Namecheap to remove the DNS from the domain and lock it down, which Namecheap seems to have done.
Namecheap is not named as a defendant, but the complaint notes that the DoJ had requested the domain be taken down on March 19 and no action had been taken by the evening of March 21.
The web site in question allegedly informed visitors that the World Health Organization was giving away free coronavirus vaccines to anyone prepared to pay a $4.95 shipping fee by handing over their credit card details.
This is an identity theft scam and wire fraud, the complaint says.
Meanwhile, NYAG Letitia James has sent letters, signed by IT chief Kim Berger, to several large US registrar groups — including GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and Endurance — to ask them to “stop the registration and use of internet domain names by individuals trying to unlawfully and fraudulently profit off consumers’ fears around the coronavirus disease”.
In the letter to GoDaddy (pdf), Berger asks for a “dialogue” on the following preventative measures:
- The use of automated and human review of domain name registration and traffic patterns to identify fraud;
- Human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints;
- Revising your terms of service to reserve aggressive enforcement for the illegal use of coronavirus domains; and
- De-registration of the domains cited in the articles identified above that were registered at GoDaddy, and any holds in place on registering new domains related to coronavirus, or similar blockers that prevent rapid registration of coronavirus-related domains.
In other words: try to stop these domains being registered, and take them down if they are.
No specific malicious sites are listed in the letter. Rather, Berger cites a study by Check Point Software that estimates that something like 3% of the more than 4,000 coronavirus-related domains registered between January and March 5 are “malicious” in nature.
Dynadot sorry for .tv snafu
Dynadot has apologised to customers for glitches during last week’s .tv landrush that allowed people to register premium domain names at well below market prices.
On Thursday, VeriSign slashed the first-year prices of “premium” .tv names and set the renewal fees to a standard lower registry rate.
While prices were lower, they were still premium, but some domainers discovered they could register domains previously priced in the tens of thousands of dollars for the standard fee at some registrars, Dynadot included.
Dynadot said this weekend that this was because “we were given an incomplete list of the Premium .TV Domain Names… So, any Premium .TV Domain Names that weren’t on the list were displayed at the normal .TV registration price.”
The company further apologised for giving registrants store credit, rather than a cash refund, after it discovered its mistake and deleted the registrations, which was “probably not the best way to handle the situation”. This policy has been reversed, and registrants can now get a “no questions asked” refund.
Demand during the .tv land-rush was evidently so high that Dynadot’s float at VeriSign was quickly drained.
The company said: “We had a problem with the central registry and ran out of funds. This meant we could not process any COM/NET/TV/CC domain registrations, domain transfers, and domain renewals.”
Recent Comments