Australian Registrar Distribute.IT Hack: Lessons To Be Learned
Posted in: Domain Names at 07/07/2011 14:00
A "deliberate, premeditated and malicious" attack on the network of Australian registrar and webhost Distribute.IT saw customer data, websites and emails that were hosted on a number of Distribute.IT servers potentially rendered unrecoverable. Distribute.IT described it as "a deliberate aim at the Company and our clients".
The loss of the data has been disastrous for many customers of Distribute.IT. The cost to the company that had around 210,000 domain names under management and 6.5 per cent share of the .AU market representing on recent figures around 130,000 .AU domains, has been disastrous with the company subsequently being acquired by the Netregistry Group, Australia's largest group of registrars.
Approximately 4800 domain names across four servers, holding domain related services, such as DNS and web hosting suffered complete data loss. 2000 of these were websites and associated data while a further 2800 accounts had DNS hosting. Of the 2000 websites lost, Netregistry is still working to recover data around one month after the hack. The SAN storage device hosting data has been sent to Sydney and in the next few days will go to data recovery experts, but time and cost constraints will in part determine what data can be recovered.
To do their work, hackers gained SSH access to a compromised desktop within the company and then gained access to an internal log containing passwords to gain access to the network, Brett Fenton, NetRegistry's Chief Operating Officer told the Goldstein Report/Domain Pulse/Domain News.
The Australian policy and regulatory body auDA worked quickly with Netregistry to ensure the acquisition of Distribute.IT went ahead with minimal disruption. As required under the Registrar Agreement, auDA's consent was requested by the parties prior to finalisation and was very quickly granted.
While the hacking is a rare case, there are lessons the domain name industry - registrants, resellers, registrars and registries - all need to learn.
For registries and TLD managers, Fenton says it is important from an Australian perspective "that auDA needs to take responsibility for ensuring security of domain data for domain registrars." One part of this Fenton believes is that the registrar accreditation test should ensure that registrars have PCI-DSS compliance to ensure best practice security for registrars with the stability of the .AU namespace being the role of the regulator. He further added that a review of the ICANN model of data escrow for registrars should be undertaken with a view to possible implementation in at .AU namespace.
Globally it is highly likely there are many registrars where security is inadequete and the possibility of similar attacks is highly probable. Ultimately more care needs to be taken with the domain names, registrant data and data hosted on these domains.
Registrars need to ensure their security standards are high, recognising their client's website can be their business, and the loss of data such as in the Distribute.IT hack has the potential to destroy a business.
However it is not just registrars such as Distribute.IT that have to bear some responsibility Fenton said, but also resellers who have to safeguard against catastrophic data loss.
And then it comes to the domain name registrant. Registrants need to realise that sometimes despite the best intentions and highest levels of security, hacks and natural disasters can happen that can occasionally lead to a catastrophic data loss.
Webhosting companies can and do lose data and people and organisations using these services should also do regular backups.