Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Domain Hi-jacking Nightmare - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Domain Hi-jacking Nightmare
Yesterday afternoon I got a phone call from a local non profit organization. A plea for help really.

A year ago they were going through a change in leadership, board, etc. at the same time as their web site URL was set to expire. They were unaware that they were on the verge of disaster until they received a phone call from a local citizen who had made a gruesome discovery, the web site now contained Porn.  They have learned a very hard lesson.

It has been a year and they are still getting calls from people saying  "do you realize your website contains porn?".  They have to explain to the caller that their web site has changed to the new url and that they are trying to get all of the search links straightened out. (When I google for this organization I came up with close to 1000 entries. On the first google page there were 3 occurrences of the old web address being linked the organization.)  

This organization is popular with both adults and children.  So now we have the potential of children happening on to the site.  

To add fuel to the flame this site attempts to hijack your web browser as well. Once hijacked you get the pleasure of pornography every time you open your browser. For most people this will mean a bill to pay someone to "fix" their computer.

When discussing this with local FBI they indicated that what had happened was not illegal, it happens all the time.

I have to ask myself "how can this be legal"?  How can someone take a website that was owned by someone else and grab it for their dirty deeds?  How can they create a web site that causes "damage" to someone else's computer?  How can they cause potential damage to children by displaying this type of material?  Why is none of
this illegal? (It isn't illegal, perhaps unethical and immoral,  but NOT ILLEGAL).

It has been a year and this small non profit organization has spent time, money and resources trying to undo what has been done. They will probably never get all of the occurrences of these removed from the search engines.  And if someone looking for their web site types in  .com instead of  .org they will be greeted with porn.

I urge all of you to check your web registration and make sure that you know when it is due to be renewed and renew early.  Don't take any chances. These folks are laying in wait, waiting for your web site to expire so that they can snap it up and display their dirty merchandise.

I am interested in hearing from others that have had this happen, if and how they resolved it.

Deborah

278 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!