Domain Name Data Breach Poses Concern

Experts say incident poses phishing site danger

Wednesday, April 18, 2012
Domain Name Data Breach Poses ConcernICANN - the Internet Corporation for Assigned Names and Numbers - is the organization that grants new domain names to websites, but it recently suffered a data breach, and that may pose significant problems for consumers.

Because ICANN was hit with the breach, it might allow hackers and phishers to "cybersquat" legitimate domain names, according to a report from MediaPost News. As a consequence, they may be able to create sites for top-level domain names - i.e. those ending with .com, .edu, and other well-known suffixes - that appear to be legitimate but are actually designed to aid in identity theft operations.

The organization recently stopped accepting applications for new domain names because of a data breach that allowed users to see other applicants' information, and will only begin accepting them again when it is ensured that the issue has been resolved, the report said. However, experts see the incident as a sign ICANN needs to reduce its operations to issue new domain names until it is able to generate a new and more secure system for doing so.

"It's another warning signal to go slower, and make sure you have worked out all the glitches before you roll out a new system," Dan Jaffe, executive vice president of the marketing group the Association of National Advertisers, told the news site, adding, "People have a lot of faith in the Internet right now. But if that gets undermined, there could be a very adverse effect."

Between January 12 and March 25, ICANN received applications for 839 top-level domain names, but it is unclear how many will be approved, the report said. Nonetheless, critics say that any significant increase would likely result in bogus sites. For its part, the online organization says that it has a number of protections in place to prevent cybersquatting and other trademark infringement, and that the price tag for a top-level domain - usually about $18,500 - is likely too large for fraudsters to afford.

Ondrej Krehel, chief information security officer for CyberScout, has a blog about the ways hackers and other fraudsters can rip off consumers, and the warning signs Web users should look for to avoid being victimized by this type of fraud.

© CyberScout, LLC. All Rights Reserved.
Sign up for our Newsletter. If you feel that you have been a victim of identity theft, call your provider organization to be put in touch with the CyberScout Resolution Center.