Domain hijacking refers to the unauthorized changing of a domain name’s registration, thereby taking control of the domain name without the owner’s permission. It usually involves exploiting vulnerabilities in the domain registration system or using social engineering tactics to gain access to the administrative controls of a domain.

How does domain hijacking work?

Attackers often use a combination of tactics to gain control of a domain:

  1. Exploiting email vulnerabilities to intercept communication between the domain owner and the registrar (such as password reset emails).
  2. Using keyloggers or other malware to steal the login credentials of the domain owner or an authorized user.
  3. Conducting phishing attacks to trick the domain owner or authorized users into revealing their login credentials.
  4. Exploiting weaknesses in the registrar’s systems or processes to bypass security measures.

Different types of domain hijacking

There are several types of domain hijacking, including:

  • DNS hijacking: altering a domain’s DNS settings to redirect traffic to a different IP address
  • IP hijacking: intercepting and redirecting IP traffic intended for a specific domain
  • URL hijacking: registering a domain with a similar spelling to the target domain and creating a website that closely resembles the original, with the intent of deceiving users
  • Reverse domain hijacking: an attempt by a trademark owner to take control of a domain by falsely claiming cybersquatting against its current owner

Is domain hijacking illegal?

Domain hijacking is generally considered illegal because it typically involves unauthorized access to computer systems and fraudulent activity. However, enforcement and prosecution of domain hijacking cases can be challenging due to jurisdictional issues and the difficulty of identifying and locating the hijackers.

Negative impact of domain hijacking

Domain hijacking can have significant consequences for businesses and individuals, such as:

  • Financial loss due to the disruption of e-commerce activities
  • Damage to the reputation of the affected domain and its owner
  • Loss of audience or readership for the website using the hijacked domain
  • Potential security risks for users who may inadvertently visit a hijacked domain and become victims of malware or phishing attacks

Examples of domain hijacking cases

Several notable domain hijacking cases serve to illustrate the severity of the issue: In 1995, a notorious domain hijacker fraudulently obtained control of the domain, leading to a protracted legal battle that ultimately resulted in the rightful owner regaining control in 2000.

Lenovo’s website: In 2015, hackers briefly hijacked Lenovo’s website and redirected traffic to a different page.

Google Vietnam search page: In 2015, the search page for Google’s Vietnam domain was temporarily hijacked and redirected to an unrelated site, causing confusion and concern for users.

How to prevent domain hijacking

Preventing domain hijacking involves implementing a combination of domain security measures and cybersecurity best practices, including:

  • Choosing a reputable domain registrar with robust security features and processes
  • Protecting domain registrar accounts with strong, unique passwords and enabling multi-factor authentication
  • Ensuring that domain registration information is accurate and up-to-date
  • Monitoring the domain for any unauthorized changes or suspicious activity
  • Utilizing WHOIS privacy protection and domain auto-renewal

How to recover hijacked domains

If a domain is hijacked, there are several steps that can aid in its recovery:

  • Contact the domain registrar and provide evidence of the unauthorized changes
  • Seek legal assistance to explore potential avenues for recovery, such as civil lawsuits or ICANN’s dispute resolution process
  • Engage security professionals to help investigate the incident and recommend additional recovery measures

What is reverse domain hijacking?

Reverse domain hijacking refers to an instance in which a trademark owner attempts to gain control of a domain by falsely accusing the existing domain owner of cybersquatting. It differs from traditional domain hijacking in that it is initiated by a purportedly legitimate party rather than a malicious attacker.

What is DNS poisoning?

DNS poisoning, also known as DNS cache poisoning or DNS spoofing, is an attack that alters a DNS server’s records to resolve queries with incorrect IP addresses, often directing users to malicious websites that resemble the intended destination.

Difference between domain hijacking and DNS poisoning

Domain hijacking involves illegally taking control of a domain name through unauthorized registration changes, whereas DNS poisoning focuses on modifying DNS server records to redirect users to fraudulent websites. Both attack types exploit vulnerabilities in the domain name system but have differing implications and consequences for affected parties.

Ready to go Passwordless?

Indisputable identity-proofing, advanced biometrics-powered passwordless authentication and fraud detection in a single application.