New protocol targets domain hijacking

OTTAWA, April 15, 2014 /CNW/ - The Canadian Internet Registration Authority (CIRA), the organization that manages the .CA domain, has just launched Registry Lock, the latest in a suite of products and initiatives that will ensure .CA remains at the leading edge of domain security.

Registry Lock is a method for providing an additional layer of security for any website. It is of particular value to high-traffic, high-transaction websites, such as e-commerce or financial services sites, that regularly deal with large volumes of personal and confidential consumer information.

With Registry Lock, a domain name is locked at the registry level. Any request to have the domain name redirected, its information altered, or its ownership transferred to another party cannot proceed without verification through the domain's sponsoring Registrar and CIRA. In order to perform updates to a locked .CA domain name, a series of specific person-to-person authentication and verification protocols must be followed.

This is the ideal way to protect a domain from malicious activities known as domain hijacking, in which hijackers pose as the rightful owners of the domain (usually using illegally acquired account information) to make changes or transfer ownership so they can seize control of the domain name.

"Imagine a bank, a government agency or other trusted organization losing control of their domain, even if only for a short time," said Byron Holland, President and CEO of CIRA. "The impact on these businesses and all their users is significant. Registry Lock is the single best way for domain holders to protect themselves, and their customers, from this kind of malicious activity."

Domain hijacking is not a theoretical scenario. In the last year alone, there have been a number of incidents affecting high-profile websites such as the New York Times, Twitter and the Huffington Post. Most of the time, these attacks redirect websites to an alternate page managed by the hijackers. In a worst case scenario, domain hijacking could redirect to a phishing page (such as of a bank or e-retailer) from which the hijackers could collect sensitive or personal information. 

MarkMonitor, which provides brand protection technology and expertise to safeguard the world's leading brands in digital channels and is an ICANN-accredited domain name registrar, supports Registry Lock.

"Online consumers rely on the integrity of the domain name system to ensure they are not putting themselves at risk – that the information they are receiving is legitimate, and the information they provide online is secure," said Matt Serlin, vice president, domain operations for MarkMonitor. "If a site is compromised or hijacked, it will give consumers pause about their online security. We continue to encourage every top-level domain operator to offer Registry Lock, and we applaud CIRA for taking this important step."

Like the other services provided by CIRA, Registry Lock is available to .CA domain name holders through .CA certified Registrars. CIRA is pleased to announce Webnames.ca has become the first public-facing Registrar who will be offering Registry Lock to its .CA customers.

"Webnames.ca manages the domain portfolios of some of the country's biggest brands. We pride ourselves in offering a full suite of services to our customers, and we are pleased to be industry leaders in securing .CA domain names with Registry Lock," says Cybele Negris, CEO of Webnames.ca. "It is critical for us that we provide .CA domain name holders – and their users – with the highest level of protection against a range of malicious attacks, including domain hijacking."

To secure your .CA domain with .CA Registry Lock, go to the .CA Marketplace (http://www.cira.ca/marketplace/) and select Registry Lock, under Advanced Services, located on the left-hand side of the page.

About CIRA

The Canadian Internet Registration Authority (CIRA) manages the .CA top-level domain, Canada's online identifier, on behalf of all Canadians. A Member-driven organization, CIRA also facilitates the development of a better Internet for all Canadians, and represents the .CA registry internationally.

SOURCE: Canadian Internet Registration Authority (CIRA)

For further information: To arrange interviews or to learn more, please contact: Tanya O'Callaghan, Communications Manager, Canadian Internet Registration Authority, (613) 237-5335 ext. 262, tanya.ocallaghan@cira.ca; Leo Valiquette, inmedia Public Relations, (613) 769-9479, lvaliquette@inmedia.ca