Correction to media reporting of incident

07 August 2013

Over the last few days, various media outlets have carried reports on the incident that affected one of our registrars on Monday. Some of the reports carried misleading statements, such as 'On Sunday night, saboteurs modified the name servers of SIDN's Domain Registration System' and 'In the night of Sunday to Monday, hackers succeeded in rerouting traffic in SIDN's DRS system to external name servers'.

The information that SIDN places in the domain name system (DNS) on behalf of its registrars is maintained by the registrars themselves, using SIDN's DRS. The DRS is a closed system, on which each registrar has its own account. In the reported incident, one registrar's log-in details were used to change certain data in the DRS, specific to that registrar. The modified data were automatically published in the DNS, with implications for the routing of traffic to the domain names for which that registrar is responsible.

It is entirely normal for registrars to log in to the DRS and modify the data that they control, and for the modified data to then be published in the DNS by SIDN. There is absolutely no reason to believe that the party or parties responsible for Monday's incident took advantage of any weakness in SIDN's security.