Expired Domain Allowed Researcher to Hijack Country's TLD

upstart writes in with an IRC submission:

Expired Domain Allowed Researcher to Hijack Country's TLD:

A researcher claimed last week that he managed to take control of the country code top-level domain (ccTLD) for the Democratic Republic of Congo after an important domain name was left to expire.

Before the holidays, Fredrik Almroth, founder and researcher at web security company Detectify, decided to analyze the name server (NS) records used by all TLDs. These NS records specify the servers for a DNS zone.

He noticed that a domain named scpt-network.com, which had been listed as a name server for .cd, the TLD for Congo, had been left to expire. Almroth realized that the domain could be highly valuable to a bad actor so he quickly acquired it himself to prevent abuse.

The remaining name servers managing the .cd TLD belonged to South African Internet eXchange (SAIX), which kept the TLD operational. However, gaining control over the scpt-network.com domain could have still allowed a malicious actor to hijack half of the DNS traffic for .cd websites.

Almroth believes the impact could have been significant considering that the African country has a population of approximately 90 million people, as well as the fact that many international organizations have a .cd website.

Also at Detectify Labs

Original Submission

Read more of this story at SoylentNews.