back to article Another day, another mass domain hijacking

More than 750 domain names were hijacked through the internet's own systems, registrar Gandi has admitted. Late last week, an unknown individual managed to get hold of the company's login to one of its technical providers, which then connects to no fewer than 27 other top-level domains, including .asia, .au, .ch, .jp and .se …

  1. Pompous Git Silver badge

    "Please be assured...

    ...that our priority remains on the security of your data and that we will continue to protect your security and privacy in the face of ever-evolving threats." Just like you have to date? Oh dear...

  2. Sanctimonious Prick
    WTF?

    "it has since added extra security around its website and DNS"

    Like road safety in AU. Hundreds have to die before simple/easy/inexpensive fixes are put in place.

    (hmm... not sure i should say that...)

  3. Anonymous Coward
    Anonymous Coward

    Interesting

    From the incident report:

    « These credentials were likewise not obtained by a breach of our systems and we strongly suspect they were obtained from an insecure connection to our technical partner’s web portal (the web platform in question allows access via http).

    As a rule, we have always systematically implemented all available security measures at all registries and technical partners (such as TOTP, IP restriction, etc.). Unfortunately, these security measures were only recently added, in 2016, by the technical partner in question and had not been identified at the date of our most recent security audit. »

    I believe this is the first time I see positive confirmation of an attack based on the simple expedient of sniffing HTTP traffic.

    Before all the retards pour in with their expressions of glee or pretend outrage: I am a Gandi customer. I have been a Gandi customer since they were a five employee joint in the backstreets of Paris. They did a fantastic job then and they still do a fantastic job over ten years later. In all this time, not once have I been let down and their professional service and customer approach is second to none.

    1. aaronj2906_01

      Re: Interesting

      I'm betting on DNS cache poisoning... All you have to do is break in at even a non-authoritative level an replaced the HOST-A record with a different IP, followed by CNAMES that resolve back to the original HOST-A record, and HOST lookup can tell the difference...

    2. oneeye

      Re: Interestinig Ya But ???

      Why is it that only after suffering a devastating attack do all these unfortunate companies THEN implement all kinds of NEW Security protocols? In light of the massive amount of malware attacks, should not these companies, all of them, not be reviewing how best to beef up Security? Instead of making week apologies later?

  4. Milton

    Fundamentally ...

    Fundamentally, is not the answer to this and a number of other recent (and indeed, not so recent) incursions, that the basic structure of the internet was not designed with real security in mind? That the idea of malicious interference was given little or no thought?

    I don't blame the initial designers, because this was a long time ago and they didn't realise how big it was all to become. But I don't doubt that if we were to design the internet's protocols, structures and standards from scratch today, we'd come up with some very different and infinitely more robust solutions.

    So what troubles me is that I don't seem to hear much about major redesign of (say) the processes around DNS, Perhaps this is brewing slowly on a back-burner somewhere, but then again, perhaps it should be front and centre?

  5. Anonymous Coward
    Anonymous Coward

    Just like other will jump onto....

    As other will no doubt spot, a so called information DIDN'T have DNSSEC set up? Really?

    I guess that's like a road safety campaigner when out on their bike getting hit by a car and ending up with a fractured skull. Once they recover pipe up and go "I'm now going to wear a cycle helmet from now on"

  6. Captain Scarlet
    Paris Hilton

    "despite the fact that this incident was entirely out of our control"

    Erm changed using credentials for your own systems, how was it out of their control?

    1. Anonymous Coward
      Anonymous Coward

      Re: "despite the fact that this incident was entirely out of our control"

      Instead of downvoting your comment I'll answer your question.

      That quote was attributed the the Swiss security company SCRT. I think you will find that SCRT doesn't have anything to do with the operation of Gandi's systems, so yes, it certainly WAS out of their control -- and it wasn't SCRT's credentials or systems that were used either.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like