ICANN Issues Warning on Domain Hijacking

Matt O'Conner
MARINA DEL REY, Calif. — ICANN has issued a warning that shows the tricks web bandits use to steal domains and what registrars and webmasters can do to protect websites.

ICANN’s Security and Stability Advisory Committee authored the report, which details the steps hijackers followed in taking over several sites such as Hushmail.com, HZ.com and Panix.com, and contains 10 recommendations for safeguarding domains against unauthorized tampering.

According to ICANN Board Member Steve Crocker, the issue requires heightened awareness to prevent problems and faster response when problems occur.

For example, the report said the ill-effects of hijackings could be mitigated if registrars set up emergency plans to deal with them. Such a plan might involve registrars providing webmasters with 24/7 contact information and having staff trained on hand to deal with domain attacks at a moment’s notice.

ICANN concedes that the effectiveness of such recommendations depends to a large extent on webmasters pressuring registrars to take the issue seriously.

However, since domain thefts have not been widespread, few webmasters see it as a priority. Crocker said taking the issue lightly can prove disastrous to those who fall victim to hijacking.

To compensate for this lack of interest, the Security and Stability Advisory Committee suggested that ICANN consider penalizing registrars that don’t institute protective measures.

There currently are roughly 150 accredited registrars serving the entire web.