CheckFree.com theft is a reminder of how easy it is to divert a domain name’s destination.
Visitors to bill pay site CheckFree.com early Tuesday morning were diverted to a Ukraine site that tried to install malware on visitors’ computers.
It wasn’t a high tech hack. It turns out someone got a hold of CheckFree.com’s username and password at domain registrar Network Solutions. They logged in and changed the nameservers for the domain name. It was really as simple as that.
This isn’t the first time this has happened to a major corporation, and it should be a call to action for registrars and corporations alike. Registrars should offer their customers an added level of protection for changes to be made to the contact email address and nameservers of a domain name, especially for high profile domains. The fact that anyone with a username and password could login to a registrar and change the nameservers for ATT.com, BankofAmerica.com, or GE.com is downright scary.
Moniker offers a $34.95 service called MaxLock that requires additional verification before a domain is transferred to another registrar. It could just as easily require additional verification before a nameserver is changed. I suspect the CheckFree.com thief would have moved on to a different target rather than jump through the extra hoops.