A story on Hacker News from earlier Tuesday  mentions that a group of hackers , Hack The Planet (HTP), was able to hack in to several domain name registrars late last year . The registrars were not  specifically targeted, rather they were hacked in order to take down the hosting of another hacker’s IRC channel.

Even though the registrars were not specific targets of the attack, HTP have posted a file called registrar-data.txt (not resolving now which details some of the info accessed from the registrars.

The HTP5 zine (now apparently down, cached copy here) brags about the registrars being “owned”. Name.com, MelbourneIT, Moniker and Xinnet are mentioned: Speaking of registrars, Xinnet, MelbourneIT, and Moniker – you’re all owned. Back in November, we hinted at Huawei access in our Symantec release. Their registrar? Xinnet. Total domains owned: about 5.5 million total. No kidding. :P

The hackers admitted difficulty with Melbourne IT security specifically because the registrar controls the DNS for Twitter.   “Domain management credz for Melbourne IT are mostly internal SOAP requests. DNS control of Twitter is tight.”

The info that was accessible from the hack in to Name.com seems to include data base access to a great amount of information.  The registrar-data file lists countless databases including quickbooks, customer info, hosting accounts, etc.

The Moniker information that was published included several administrator accounts with user names and passwords. Some of the accounts included former employees of Moniker/Oversee. Moniker is no longer a company owned by Oversee so that information seems to be somewhat dated.

As these are claims by hackers that have yet to be verified by the registrars involved, DNN is making attempts to contact all registrars involved to find out what breaches of security occurred and what was done to fix these problems.  To our knowledge no customer account information has been published publicly and there are no reports of domains stolen.

As reported by Michael Berken’s The Domains, name.com sent an email alerting their customers of the breach asking them to change their passwords.

Anti-virus software maker McAfee released their second “Mapping the Mal Web” (PDF) report today. The McAfee report attempts to map and identify the specific domain names where malicious websites reside. This is the second year for the report. In the 2007 report, the .tk extension was reported to have the highest number of malicious websites with over . This year Hong Kong domain name extension .hk takes away the title with 19.2% , followed closely by China’s .cn with 11.8%.  Within the generic domain name extensions (gTLDs) .info ranked in with 11.7% of all sites ending in .info posing a security threat. The second rank in gTLDs went to .net with 6%. The report claims that a little under 5% of .com domain names were found to be risky. McAfee also identified the domains with the least amount of risk reside in the .gov, .jp and .au extensions.
The newest report specifically points to .hk and .cn domain names as having a substantially higher percentage of malicious websites. In the 2007 report, McAfee had not pointed to those extensions as having such high percentages.

Shane Keats, research analyst for McAfee and lead author of the report, said the increase in dangerous sites registered under the “.hk” and “.cn” domains over last year’s report was caused in part by better data collection on McAfee’s part on those domains and by apparent security lapses in some registrar companies’ processes for registering addresses.

The 2007 report claimed the .tk extension to have one of the highest percentages (10.1%). After the McAfee report was released, Dot TK, operators of the registry for Tokelau, implemented changes geared toward the reduction of these malicious sites. The .tk extension dropped considerably to #28 this year. Dot TK faced a 10% decline in registrations and a backlash from adveritsers running ads on .tk landing pages. The domain business reportedly accounts for a “double digit” percentage of the GDP of Tokelau. One could assume that the reduction in domain registrations that .tk felt will now be seen at the .hk, .cn and .info domain registries. This news should come as a wake up call to these operators.

The high percentage of malicious sites found on the .info extension may also be read as another “nail in the coffin” for the gTLD. The McAfee report follows on the heels of the news earlier last week that Google was dropping .info domains from search listings. All of this bad news can’t be sitting well for the .info registry or anyone heavily invested in .info domain names.

Yesterday evening, a pair of hackers took control of Comast Corporation’s domain names. They were able to hack into the administration area within the registrar NetworkSolutions. Access to NSI allowed the hackers privilege to change the DNS records on Comcast’s main domain Comcast.net as well as over 200 other domain names. (Keep reading for more details) (more…)