Domain Hijacking Takes ICANN Spotlight

Filed under
Security

The report, announced Wednesday during an international meeting of the ICANN (Internet Corporation for Assigned Names and Numbers) in Luxembourg, followed at least two high-profile incidents this year of what is known as domain-name hijacking.

The committee advises the domain-name system overseer's board of directors and constituents such as the registrars that sell domain names to individuals and business and the registries that manage domains such as .com and .net.

Committee members expressed optimism that the report will lead to swift action, but it was still unclear as of late Wednesday whether ICANN's board planned to address the report's findings and recommendations at its meeting later this week.

The report left ICANN's recently changed policy for the transfer of domain names without blame in domain hijacking, although others in the domain-name industry have raised concerns that the change will fuel more stolen domain names. The new policy had focused on streamlining the process of transferring a domain.

The ICANN committee recommended 10 fixes for hijacking, which ranged from more public awareness and a domain-name emergency hotline to potentially stricter verification of the identity of domain-name holders and better record keeping of registrations.

One technical recommendation focused on the use of registrar locks and domain-name holder passwords. The report suggests that registrars use locks, which prevent a domain-name change until the name holder unlocks the name, and consider using a specification called "authInfo," which essentially password protects a domain name.

Currently, the authInfo password is not available for .com or .net, both of which are managed by VeriSign Inc. But VeriSign has said it plans to add the support, according to the report. Other domains, such as .org, .biz and .net, use the passwords.

Full Story.