CheckFree.com theft is a reminder of how easy it is to divert a domain name’s destination.
Visitors to bill pay site CheckFree.com early Tuesday morning were diverted to a Ukraine site that tried to install malware on visitors’ computers.
It wasn’t a high tech hack. It turns out someone got a hold of CheckFree.com’s username and password at domain registrar Network Solutions. They logged in and changed the nameservers for the domain name. It was really as simple as that.
This isn’t the first time this has happened to a major corporation, and it should be a call to action for registrars and corporations alike. Registrars should offer their customers an added level of protection for changes to be made to the contact email address and nameservers of a domain name, especially for high profile domains. The fact that anyone with a username and password could login to a registrar and change the nameservers for ATT.com, BankofAmerica.com, or GE.com is downright scary.
Moniker offers a $34.95 service called MaxLock that requires additional verification before a domain is transferred to another registrar. It could just as easily require additional verification before a nameserver is changed. I suspect the CheckFree.com thief would have moved on to a different target rather than jump through the extra hoops.
*
I don’t think registrars should gouge their customers by charging them 34.95 extra to protect their domains.
When I buy a house, ownership can’t pass to someone else unless I, with ID in hand, sign a document, so why not just require this before transfer?
*
@ Ms. Domainer – I don’t want that sort of protection on my domains. You used to have to fax in a copy of your drivers license just to change ownership of a domain. And you had to pay a fee. An added level of protection should be provided to companies that want/need it.
*
Andrew, you do raise a good point.
I just thought $35.00 seemed a bit steep, although it may be worthwhile on a super premium.
*
Ms Domainer: This case isn’t about transfer a domain – to do that you’ll need to confirm the transfer through several steps (involving contact e-mail address). This case is about changing name servers.
Only just caught up on my blog reading today and thought it was worth mentioning that Fabulous.com offer Executive Locks for Premium domains. More information here – http://tinyurl.com/5nqv6k.
E-locks are a free value added service to all Fabulous.com customers.
Cheers,
Mike
Fabulous.com