Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Massive domain hijacking at registrar Gandi

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

July 14, 2017

We just learned this morning that more than 750 domain names were hijacked through the Web's own systems, domain registrar Gandi has admitted.

Late last week, an unknown individual managed to get ahold of the company's login credentials to one of its main technical providers, which then connects to no fewer than 27 other top-level domains, including .asia, .au, .ch, .jp and .se.

Using that same login, the attacker then simply managed to change all the domain details on the official nameservers for 751 other domains on a range of top-level domains, and redirect them all to a specific website serving up malware and viruses.

Incredibly, the changes went unnoticed for four long hours until one of the registry operators reported the suspicious changes to management.

Within about an hour-and-a-half, Gandi's technical team identified the issue, changed all the login credentials and started the huge task of reverting all the changes made, a process that took almost 4 hours.

Taking into account the various delays in updating the DNS information, the domain names had been hijacked for anywhere between 8 and 11 hours, Gandi's management admits.

Ironically, one website impacted by the attack was Swiss information security company SCRT, which has written a blog post about the hijack on its website.

Gandi said that all of its emails were also redirected during the attack. The company said that "despite the fact that this incident was entirely out of our control," it has since added extra security around its website and DNS, including:

  • Preloading strict-transport-security into browsers to protect all visitors.
  • Active monitoring of DNS resolution.
  • Start talking to its registry (.ch) about how to detect a similar attack in future.
  • Add DNSSEC for an extra layer of security.
  • Gandi meanwhile has since reset all its logins and has launched a security audit of its entire infrastructure in an effort to determine how its logins were stolen in the first place.

    "We apologize that this incident occurred," said its report. "Please be assured that our priority remains on the security of your data and that we will continue to protect your security and privacy."

    The security breach comes in the same week that a botched back-end handover of the .io top-level domain enabled a security researcher to register four of the seven domain names acting as the nameservers for registry and potentially redirect tens of thousands of domains to a malicious website.

    Source: Gandi.

    Sponsered ads:
    Read the latest IT news. Visit ItDirection.net. Updated several times daily.

    If you need reliability when it comes to SMTP servers, get the best, get Port 587.

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.


    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer