Domain Hijacking Godaddy

Domain hijacking is also known as domain theft.

Domain hijacking godaddy. Godaddy employees have been victims of social engineering attacks and as a result hackers have transferred control over the domains of several cryptocurrency projects. The group was exploiting a vulnerability in godaddy s dns setup platform that allowed them to register for free accounts. Godaddy has patched a cross site request forgery csrf vulnerability that would allow hackers to take over domains registered with the domain registration company.

Security researcher dylan saccomanni while managing an old domain in godaddy noticed that there was absolutely no csrf protection at all on many godaddy dns management actions. In 2014 a hacker stole his website and there was little he or godaddy his domain registrar could do. The act of hacking domain names is commonly known as domain hijacking.

Domain name hijacking is when a hacker wrongfully gains control of their targets complete domain name system dns information enabling them to make unauthorized changes and transfers to their advantage. Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant or by abuse of privileges on domain hosting and registrar software systems. Even with over 15 years of experience working on the internet and having owned a large online retailer for the past 8 years i had never heard of and wasn t familiar with domain name hijacking.

When you register a domain with any registrar the internet corporation for assigned names and numbers icann requires accredited registrars to publish this information in the public whois database. Godaddy the world s biggest domain name registrar confirmed a small number of customer domains and or account information were altered after a limited number of godaddy employees were duped. This can be devastating to the original domain name holder not only financially as they may have derived commercial income from a website hosted at the domain or conducted business through that domain s e mail accounts but also in terms of readership and or audience for non profit.

The group that appears to have been responsible for the godaddy hijacks and the theft of approximately 4000 additional domains was a russian group nickednamed spammy bear by independent researcher ron guilmette. What is domain hijacking. Using social engineering tricks the hackers were able to change the dns settings of their victims domain names redirecting connections and mail to their own servers.