Domain name registrar sued over alleged security breach.
[Update: The court has now published an unredacted version of the lawsuit, detailing how Baidu alleges Register.com gave the keys to its domain to a hacker.]
Baidu, Inc. announced that it has sued domain name registrar Register.com over a hacking incident by Iranian Cyber Army earlier this month. Baidu claims that Register.com was negligent, allowing the hackers to change the DNS for the domain name.
I have searched U.S. Federal Court records to find the lawsuit, but have not located it. It will be interesting to see the details behind the lawsuit, as presumably it will detail what exactly the hackers did to take down the site, including any edits to the nameservers for Baidu.com.
Once again, it’s time for a registrar to offer bullet-proof registrations, including a service that requires in-person verification to make any changes to a domain’s contact information or nameservers. I’m not sure if such a service will profitable, as I know at least one domain entrepreneur tried this in the past. Will companies pay substantially more to ensure their domain names aren’t hacked? They should, but that doesn’t mean they will.
So a small fraction of a fraction have had issues and now we need change? Please that thinking is more red tape bearu bs. One guy slips on a side walk now everyone has to clean theres. The system is fine, you need to realize NOTHING is bullet proof or at least anything that could be is not practical.
@ Josh – You can opt-in to being bullet proof; it doesn’t need to be forced on everyone. If I’m the CEO of a Fortune 500 company, I can pay extra to make sure this doesn’t happen to me.
And how long before someone walks in, in person, and scams the Rar. Then the Rar would really have a prob. Better to make no promises.
Ask me no questions, I’ll tell you no lies.
The problem there is most CEO’s wouldnt know either the value of a domain name to their company or how it all works, let alone uping security. To me its a simple math game, the numbers wouldnty be there to make having such an option available. When you offer a service the first question is demand, how many people want X. It just is not practical or in demand, imo.
Josh, that’s exactly why I question its financial viability. This sort of thing doesn’t get to the CEO’s desk until Checkfree.com gets its DNS servers switched. Then the CEO says “why the hell didn’t we have some sort of protection in place.”
My cracked crystal ball tells me Baidu’s lawsuit won’t go anywhere, other than try to create publicity.
you know verisign offers registry lock through its registrars (at a fee of course) but worth exploring for some domains worth the additional security.
@ Michelle – yes, but it’s up to each registrar if they wish to offer it.
MarkMonitor provides the kind of service you are talking about. Name.com provides key FOBs. Only pressure from customers is likely to get more registrars to offer better security. Meanwhile you can choose a better one if you have a site that gets lots of traffic.
As a ccTLD registrar supporting worldwide clients who spend large amoutns of money protecting their domains around the world, security is a huge concern for us. Opt-in services like Verisign’s VIP, registry lock, DNSSec and additional levels of authentication will become even more critical as the rest of the world catches up in the domain name industry. We believe a combination of these security features will be most effective and are rolling these out and more in the coming weeks at 101domain.com.
Both Mike and Anthony are right. Markmonitor’s lock is only at registrar level whereas Verisigns’s registry lock is at the registry level and apparently its a process thats very tight. I would recommend speaking to someone at verisign and get an idea of what the registrars get from the registry and go apply pressure on the registrars. Registrars have their own product road maps so, if you don’t voice what you’d like to see being offered, they wouldnt know and so would not put that as a priority offering.
for those that don’t believe this as Register.com’s fault, read the new article on this website. It is amazing that it was allowed to happen!