MENU
AVP for Institutionalization 2018

DILG STRATEGIC DIRECTION AVP

ACG-CYBER SECURITY BULLETIN NO 130 UNDERSTANDING THE RISK OF DOMAIN HIJACKING

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

The information provided was classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant; this will lead to a loss of control over your online identity and emails,

Domain hijacking can be done in several ways, generally by unauthorized access to, or exploiting vulnerability in the domain name registrar's system, through social engineering, or getting into the domain owner's email account that is associated with the domain name registration.

One reason that can cause the domain name to be hijacked could be negligence towards security. Once, the target registered a new domain, the provider gives access to the domain’s Control Panel. This panel lets you change your domain’s settings, to that point to the original server. And while you create your account, you must have provided an email address that will have administrative access. If the hacker can access this administrative email account, he can also have control over the domain’s control panel and eventually all the settings. Hackers usually obtain your email and other information from the WHOIS data records.

Usually, the hijacked domains become inaccessible, and if the website was a source of income, you’ve started losing your money as well your online identity. The hacker may demand money from you to transfer the domain name back to you. Or the hijacker might replace your website with another similar looking website and misuse it for Phishing or other malicious activity. This might fool your users and lead them to enter their sensitive credentials on a fake website.

To avoid this, the best way to protect the domain name is to protect the administrative email account associated with the domain.

RECOMMENDATION

All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of Domain Hijacking, to wit:

  • Use strong email passwords and enable two-factor authentication if available.
  • Tick the setting "always use https" under email options.
  • Frequently check the "unusual activity" flag if provided by your email service.
  • Make sure to renew your domain registration in a timely manner—with timely payments and register them for at least five (5) years.
  • Use a domain-name registrar that offers enhanced transfer protection, i.e., “domain locking” and even consider paying for registry locking.
  • Makes sure your WHOIS information is up-to-date and really points to you and you only.

For additional information, please refer to the following websites:

POINT OF CONTACT

            Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.