-by Mark Gaudet

Holy@#!& Our websites domain name was just hijacked!

On a Friday evening in November, the City of Ottawa's

domain name, Ottawa.ca, was hijacked. Visitors to the city's website were redirected to a

malicious website featuring a

dancing banana. The hijacking was in retaliation for what was claimed to be police efforts to frame an innocent teen of

malicious web activity and harassment.

Only a few weeks later, the web­site for the Ontario provincial govern­ment was the victim of a hijacking. For about two hours on a Friday night, Ontario.ca was redirected to a web­site playing a video for an old MC Hammer song, "U Can't Touch This,"

along with the full name and picture of a boy apparently responsible for the attack. The boy in the photo denied being responsible for the attacks and claims the person behind the attacks has been bullying him for some time.

Vulnerabilities, Risks -and Consequences

These two high-profile Canadian incidents in the span of a month high­light the risks and impact of domain name hijacking. Canadian municipali­ties and other governments are targets of domain hij acking, and the motives and origins for an attack are unpre­dictable. In one case, the hijacker was bringing attention to a criminal case brought against an Ottawa teen. In the other case, the hacker was apparently a bully, using the hijacking of Ontario. ca as a weapon against his victim.

JUNE 2015

Any municipality can be the victim of a domain hijacking.

Until a website is restored, a domain hijacking is a full-on emergency for a municipality. In addition to redirect-ing the website, email is also impacted. During a domain name hijacking, all email sent to the organization under at­tack is either dropped or, worse, can be intercepted by the attacker. While the IT team works to analyze and neutral­ize the attack, municipal officials must prepare a media response. The scrutiny from the media and public is intensive and lasts well beyond the hijacking.

MARK GAUDET is a Business Development Man­ager at the Canadian Internet Reg istration Author­ity (CIRA) and leads the market development for new DNS and Registry products and services. CI RA manages .CA, Ca nada's national top- level domain. Mark ca n be contacted at <mark.gaudet@cira.ca>.

MUNICIPAL WORLD 15

I L_

The good news is that domain hijacking can be prevented. The best defence against domain

hijacking is through security measures that lock a domain name at the registry level.

Questions focus on how and why was the website hijacked and quickly shift to leaks of sensitive data. Both hijackings received extensive local and national coverage.

Domain hijacking is one of the easiest, yet most publicly damaging cyber-attacks that can be aimed at a municipality. Consequences are em­barrassment, damage to reputation, and the high cost of response for both IT staff to mitigate the attack, as well as senior officials to respond to the media. In both cases described above, users were directed to a malicious website and no data was lost or ex­posed. However, both incidents raised serious doubts about overall cyber se­curity the safety of sensitive data.

The good news is that domain hijacking can be prevented. The best defence against domain hijacking is through security measures that lock a domain name at the registry level. For both the Ottawa.ca and Ontario. ca, registry locking of a domain would have prevented the hijackings. Ap­plying a lock to a domain name at the registry level prevents hijacking by disabling any changes to a domain un­til an extensive security protocol has been executed.

Understanding the Domain Registration System

To understand how domain hijack­ing works and how registry locking can protect a municipal domain name requires a basic understanding of the domain name ecosystem. There are three different roles that are involved in the domain name registration pro­cess; registry, registrar, and registrant.

Registry - The domain name reg­istry is the organization that manages the top-level domain. Examples of top-level domains are .ca, .com, and

16 MUNICIPAL WORLD

Domain Registration System

Registrant > Registrar > Registry

.net. Canadian municipalities all have domain names in .ca, the top-level domain for Canada. The Canadian In­ternet Registration Authority (CIRA) under a mandate from Industry Cana­da manages the .ca domain. CIRA en­forces the rules for .ca domain names and sells names to the public through registrars. Each registry, including CIRA, offers some form of registry lock service to provide extra security for high-profile domains.

Registrar - The registrar is an or­ganization accredited to sell domain names to the public. There are more than 100 accredited registrars that can sell .ca domain names in Canada.

Registrant - The registrant is the person or organization (such as a municipality) that registers a domain name. Registrants manage their do­main name settings through an elec­tronic interface with their registrar. When changes are made to the contact or technical information associated with a domain name, the registrar updates the data in the registry's data­base.

How Hijacking Happens -and Can Be Prevented

Your domain names can be hi­jacked if a hacker is able to make un­authorized changes to the technical in­formation associated with the domain name. The key technical information is related to the domain name system (DNS) that helps other computers on the internet find your website. Each time a user goes to your website, they

JUNE 2015

do a DNS lookup. The DNS provides the mapping of a website name to an internet mutable address. Each do­main name has specific DNS name servers that provide the name to ad­dress mapping for visitors to your website. Changing the DNS informa­tion associated with your domain name enables a hijacker to change this mapping and redirect your website visitors to a malicious website.

There are numerous ways to make unauthorized changes to the technical information associated with a domain name. The attack vector for Ottawa. ca involved the hacker impersonating a representative from the city. Using information acquired in a fraudulent phone call, the hacker was able to crack the city 's account credentials. The hacker then logged into the city's registrar account and made changes that resulted in the Ottawa.ca web­site being redirected to a malicious website. A registry locking service would have prevented this attack by disabling any changes to Ottawa.ca at the registry level.

For the hijacking of Ontario.ca, the hacker was able to compromise the registrar's network security. Once they gained access to the registrar's computer network, the hacker made changes to the information associated with Ontario.ca. In this case as well, implementing a lock at the registry level would have prevented the attack. Even with access to the registrar's network, changes would have been disabled at the registry level.

Domain hijacking is a real risk that municipalities face, and the origin and motives for an attack are wildly unpredictable. Every municipality should

review the security of their domain names ...

The attacks on Ontario.ca and Ot­tawa.ca illustrate only two of the many methods of hijacking a domain. There are numerous ways to make unau­thorized changes to a domain name. Implementing registry locking is the best defence against domain hijacking. Registry locking is security feature implemented by registries and sold by registrars. With registry locking, no changes can be made to your domain name unless a security protocol is suc­cessfully executed between the registry and the registrar to temporarily unlock the domain for changes to be made. Locking a domain name at the regis-

~ E:rnau Update service

8R4't1+. Q

YEARS*

al World

18 MUNICIPAL WORLD

try is the highest level of security and should be used for all domain names associated with public-facing govern­ment websites.

Boosting Front-Line Security

In addition to locking domains at the registry level , registrars also offer other security services and features designed to protect those domains. Municipalities should contact their registrar to review security features and implement the following if they are available: access control lists (ACLS); event notifications for any changes to domains; two-factor au-

JUNE 2015

thentication; and strong passwords with periodic reset. These security features are sometimes optional and need to be activated.

Domain hijacking is a real risk that municipalities face, and the origin and motives for an attack are wildly unpredictable. Every municipality should review the security of their domain names with their registrar and lock high-profile domains used for municipal websites. Domain hijacking can easily be prevented. The effort and cost to secure domain names is low in comparison to the public damage from a website being redirected. MW