Police could have prevented hack
DBS would have warned them
For eighteen months, an ethical hacker received information intended for the Dutch police by claiming previously cancelled domain names. The hacker said that the police could have prevented the data falling into unauthorised hands by using SIDN's Domain Name Surveillance Service (DBS). And what about you? Are you making the same mistake?
The security incident happened after the police cancelled a large number of domain names as part of a reorganisation. Some were picked up by ethical hacker Wouter Slotboom. When he started getting mail meant for the police, he told them what was happening, but got no reply. So Wouter took his story to the media. He highlighted the fact that the police could have prevented the information leaking out by using DBS. The police are by no means alone in failing to guard against problems. Earlier research by SIDN revealed that many domain names incorporating the Netherlands' top fifty brand names had been registered by people other than the brand owners. No fewer than 675 phishing sites with domain names that echoed leading brands were detected.
What's DBS for?
SIDN's Domain Name Surveillance Service protects brands on line by looking out for registrations that look like brand names. In the .nl zone, there are 1,786 domain names that include the Dutch word for 'police'. About 1,500 of them aren't registered to a police force. If the police had used DBS, they would have been warned whenever anyone registered a suspicious domain name, enabling them to intervene in appropriate cases.
How does DBS work?
DBS has three components:
The profiler scans the websites linked to flagged-up domain names and labels them as phishing sites, normal sites or advertising sites.
Whois information enables the brand owner to contact the registrants of suspicious domain names.
DBS's supporting workflow environment enables users to coordinate response action with colleagues.
What are the benefits?
A clear picture of the domain names in existence that incorporate or resemble your brand name
Information about who has registered the domain names in question
Alerts whenever suspicious new domain names are registered
A proper overview of the domain names landscape for your organisation
For more information about DBS, contact:Pim Pastoors, Product Manager+31 26 352 55 00 email@example.com