751 domain names registered at Gandi were pointed to malware sites.
Hackers managed to redirect 751 domain names at domain name registrar Gandi.net to servers spreading malware, the company detailed this week.
All of the domain names were on country code domain names for which Gandi uses a third-party technical provider to connect to the registry. Gandi, like most registrars, has direct connections to many of the registries. But for some ccTLDs, it uses a third party to provide the connection. That’s where the breach occurred.
According to Gandi, someone was able to get its credentials to log in to the web interface of the unnamed technical provider to redirect the names. Gandi believes that the credentials were intercepted because the technical provider allows access via http instead of https.
The domain names were redirected for up to 11 hours.
Although I understand the desire to not throw the technical provider under the bus, revealing its name could help other registrars prevent the same thing from happening. (Psst: if you know who the provider is that handles 34 of Gandi’s ccTLDs, drop me a line.)
© DomainNameWire.com 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.
Latest domain news at DNW.com: Domain Name Wire.
The post Bad guys get Gandi.net’s password to technical provider, redirect domains appeared first on Domain Name Wire | Domain Name News & Views.
Go to Source
Author: Andrew Allemann