Domijn: The Security of Domain Registrars and the Risk of a Domain Name Takeover
For domain owners and registrars, this study highlights gaps in advanced security practices that could prevent costly domain takeovers.
The paper studies security controls of top 10 .nl domain registrars against domain takeovers, finding basic measures effective but advanced controls like two-factor authentication lacking. Domain takeovers can have impact comparable to ransomware attacks.
Domain names are key assets for organisation. They anchor an organisation's online presence and reputation, and serve as linking pin for web services and, e.g., email. Consequently, a malicious takeover of a domain can lead to significant damages. Organisations register domain names through so-called registrars, a type of business that plays a key role in the domain name industry. This implies that registrars play an important part in safeguarding against malicious takeovers of domains. In this paper we empirically study how registrars implement security controls to prevent against such takeovers. We focus on the top 10 most popular registrars for the .nl ccTLD. We present the results of this study in light of a model for the impact of domain takeovers, that analyses the possible consequence of a takeover. We contrast this against the impact of two other well-known threats: ransomware and DDoS attacks. We find that all registrars in our study implement relatively effective security measures, but that they fall short in more advanced security controls, such as the proper implementation of two-factor authentication. We also find that a domain takeover can have significant impact, potentially equalling that of a ransomware attack.