Domijn: The Security of Domain Registrars and the Risk of a Domain Name Takeover

TL;DR

This study examines how the top .nl domain registrars implement security measures to prevent domain takeovers, revealing that while generally effective, they lack advanced controls like proper two-factor authentication, which can have severe consequences.

Contribution

It provides an empirical analysis of security controls at major registrars and compares the impact of domain takeovers to ransomware and DDoS threats.

Findings

Registrars implement relatively effective security measures.

Security controls like two-factor authentication are often inadequately implemented.

Domain takeovers can have impacts comparable to ransomware attacks.

Abstract

Domain names are key assets for organisation. They anchor an organisation's online presence and reputation, and serve as linking pin for web services and, e.g., email. Consequently, a malicious takeover of a domain can lead to significant damages. Organisations register domain names through so-called registrars, a type of business that plays a key role in the domain name industry. This implies that registrars play an important part in safeguarding against malicious takeovers of domains. In this paper we empirically study how registrars implement security controls to prevent against such takeovers. We focus on the top 10 most popular registrars for the .nl ccTLD. We present the results of this study in light of a model for the impact of domain takeovers, that analyses the possible consequence of a takeover. We contrast this against the impact of two other well-known threats: ransomware and DDoS attacks. We find that all registrars in our study implement relatively effective security measures, but that they fall short in more advanced security controls, such as the proper implementation of two-factor authentication. We also find that a domain takeover can have significant impact, potentially equalling that of a ransomware attack.