Last week, The New York Times website domain was hacked by "the Syrian Electronic Army". Other famous websites faced the same attack in 2012 by the Hacker group "UGNazi" and, in 2011 by Turkish hackers.
Basically, it seems that no Registrar on the Internet is safe from attack, but the launching of new gTLDs can offer new ways to mitigate these attacks.
Back-end Registries play an important role supporting new-to-be Registry Operators
The back-end Registry provider is the technical partner to support a Registry. It is in charge of all technical operations between the Registry and the Registrars… for the benefit of the Registrant.
In simple words, when a Registry selects a robust, performant and secure back-end Registry service provider, Registrars have a relatively easy job implementing security functions and their clients, the Registrants, can rest assured that their domain names can be secured in the Registry.
Why is such a technical option so necessary?
A 'Registry Lock' allows Registry-level protection for domain names and/or hosts (name servers). The service enables to set Extensible Provisioning Protocol (EPP) server (Registry) status codes on selected domain names and/or hosts to prevent malicious or inadvertent modifications, deletions, and transfers — even if the Registrar is compromised.
Basically, the "Registry Lock" is an option a Registry Operator, armed with the proper experience and the correct procedures, can elect to implement, at his back-end Registry provider. It is like buying a car "with" or "without" an airbag.
Nowadays, few would purchase a car which did not come equipped with an airbag, even though many drivers are justifiably proud of never having been in a car accident. I once had one, while driving slowly and the idiot, in the car ahead of me, stopped sharply in the middle of the road for no reason whatsoever. Not only did I almost break my nose...but I was also found to have been at fault for having rear-ended him! I wish I had had an airbag on that day...and another car on-hand to drive the day after.
Applied to field of domain names, it means that without a domain name 'airbag' such as Registry Lock, you can lose control of the domain name with all the potential consequences that come with it.
So, in simple words if the registry operator does not offer "Registry Lock" your key domains are at risk. If a Registry lock is an option take it, for all domains that you intend to register in a Registry's Sunrise Period.
With a registry lock activated, you can rest easy in the knowledge that, even if the registrar is compromised, the attackers cannot affect your online business.
Registrars are the ones concerned… in particular during "Sunrise Periods"
If Registrants are not that concerned here, Registrars truly are:
The New York Times' example
I do not know if The New York Times plans to change its domain name when the .NEWS Registry is launched. I sincerely hope it does because "nytimes.news" sounds much better than "nytimes.com".
Should this happen, let's hope that the Registry that wins the .NEWS Top-Level Domain (7 are competing for the honor) offers the "Registry Lock" option. This would likely mitigate any such attack in the future.
|Data Center||Policy & Regulation|
|DNS Security||Regional Registries|
|Domain Names||Registry Services|
|Intellectual Property||Top-Level Domains|
|Internet of Things||Web|
|Internet Protocol||White Space|
Afilias - Mobile & Web Services