The Security Breach
A malicious attacker can use such methods to subvert a normally functioning web site without actually penetrating that web site's security. A large number of Internet domains are vulnerable to domain hijacking. Domain hijacking or spoofing is a unique form of cyber-attack. It doesn't matter how secure you make your web server. And most forms of this attack are relatively simple to perform.
Here's how it's done.
Every domain name that ends in .com, .net, .org, .gov, and so on translates into an IP address such as 18.104.22.168. A domain registrar such as VeriSign tells users of the Net which DNS server is responsible for each domain name. When an organization registers a domain name, it tells the domain registrar what IP addressor server on the Netthat domains resides upon.
For example, when a user types a domain name into his or her browser, that request goes to a domain registrar's database, which locates the IP address on which that domain resides. The domain name is automatically resolved and the user is sent to the correct IP address.
But what if some one changed the IP address for an authoritative name server in the registrar's database? If that happened, users would be sent to the wrong web serverwithout the user or the owner of the real site being aware of the redirection. Though making such domain name changes is a powerful attack tool, it's also relatively simple to do. Why? Because changes to domain registrations are frequently done through email, and the authentication methods to ascertain whether an authorized person is making the changes are most often very weak. The problem with authentication is that the registrar doesn't send a confirmation email if the request is sent from the same email as the person owning the contact or the domain name itself. Therefore, utilizing this flaw, someone could spoof anyone's email address and change any domain name's information.
If you're curious as to how this is done, a step-by-step guide shows how easy it can be to make changes to a registrant's database. Again, keep in mind that no programming skills are required and the domain name owner will probably not be aware that his domain has been hijacked for some time.
Here's another simple tactic.
The password you use to make changes to your domain name account is also vulnerable to attack. Some registrants offer a simple method of resetting your password. If you claim to have "forgotten" your password, you can just send a contact form with a new password, along with a fax that authorizes the registrant to process that form. Policies like these make it very easy for attackers to change your password.