We get calls from companies all of the time indicating that they have lost control of their domain names. Some companies have their registrant login information or email accounts hacked, providing the domain name thief direct access to the registrant account at the registrar level. Some companies make critical mistakes in protecting their domain names, allowing for serious holes in their security and domain protections systems. Other times, registrars simply screw up.
As is being reported at the domain name news, ICANN lost control of its valuable domain names as a result of a attack on the domain registrar register.com: The full story is being reported in the New York Times in the article "ICANN Blames June Site Hijack on Registrar."
Two weeks ago, Turkish hackers rerouted traffic to some of the domains used by ICANN (Internet Corporation for Assigned Names and Numbers) and one of its subsidiary organizations, IANA (Internet Assigned Numbers Authority).
Visitors who intended to reach iana.com, iana-servers.com, icann.com and icann.net on June 26 were instead shunted to an illegitimate destination, which displayed a taunting message: "You think that you control the domains but you don't! Everybody knows wrong. We control the domains including ICANN! Don't you believe us?"
Although it is unclear in the reporting, ICANN apparently hasn't indicated that the attack was "both social and technological" in nature. By social, I assume that the domain name theft occurred in part as a result of the thief contacting register.com and posing as the registrant or administrative contact for the domain names. This is perhaps the most serious security threat to every companies domain name. Human error at the registrar level is extremely common. We have had clients who lost their domain names because cheap imitations of driver's licenses prepared in Adobe Photoshop were provided to registrars Tucows.com and Networksolutions.com which a six year old could have identified as false. These false driver's licenses were used to steal valuable domain names.
Which registrar offers the best security? The answer to that is simple. Moniker.com offers the highest level of security of any registrar that we are aware of. They will contact the registrant prior to allowing any significant action or transfer of a domain name out of their system. Traverse Legal also provides registration and administration services to clients which allow us to monitor and protect domain names and domain name portfolios for companies who want to outsource that function.
If you don't think these issues are serious then consider this. What would happen if your website went down today and was not retrievable? How much money will you lose as a result of a theft of your domain name? Now ask yourself what you're doing to protect your domain name in cyberspace. The answer is probably "not much." Companies need to start treating domain names as serious business assets. Software companies would not post their proprietary source code online for anyone to see or upload the code to a website with minimal encryption or authentication. Companies would not leave their trucks and equipment unlocked after business hours. Banks do not leave their front doors open or the combination to their safe lying around for others to see.
The Internet is still too much like the wild west. But there are things that companies can do and should do and should do to protect themselves in cyberspace. Yes, it can happen to you. And few companies have the leverage that ICANN does to go back and retrieve its domains so quickly. Most registrars will barely return your phone calls and typically point the finger back at the original registrant when a domain is stolen. Their license agreements insulate them from any liability or responsibility for screwing up.