Last week, The New York Times website domain was hacked by “the Syrian Electronic Army”. Other famous websites faced the same attack in 2012 by the Hacker group “UGNazi” and, in 2011 by Turkish hackers.

Basically, it seems that no Registrar on the Internet is safe from attack, but the launching of new gTLDs can offer new ways to mitigate these attacks.

Back-end Registries play an important role supporting new-to-be Registry Operators

The back-end Registry provider is the technical partner to support a Registry. It is in charge of all technical operations between the Registry and the Registrars… for the benefit of the Registrant.

In simple words, when a Registry selects a robust, performant and secure back-end Registry service provider, Registrars have a relatively easy job implementing security functions and their clients, the Registrants, can rest assured that their domain names can be secured in the Registry.

Why is such a technical option so necessary?

A ‘Registry Lock’ allows Registry-level protection for domain names and/or hosts (name servers). The service enables to set Extensible Provisioning Protocol (EPP) server (Registry) status codes on selected domain names and/or hosts to prevent malicious or inadvertent modifications, deletions, and transfers—even if the Registrar is compromised.

Basically, the “Registry Lock” is an option a Registry Operator, armed with the proper experience and the correct procedures, can elect to implement, at his back-end Registry provider. It is like buying a car “with” or “without” an airbag.

Nowadays, few would purchase a car which did not come equipped with an airbag, even though many drivers are justifiably proud of never having been in a car accident. I once had one, while driving slowly and the idiot, in the car ahead of me, stopped sharply in the middle of the road for no reason whatsoever. Not only did I almost break my nose…but I was also found to have been at fault for having rear-ended him! I wish I had had an airbag on that day…and another car on-hand to drive the day after.

Applied to field of domain names, it means that without a domain name ‘airbag’ such as Registry Lock, you can lose control of the domain name with all the potential consequences that come with it.

• Loss of revenue – for e-commerce sites this can account for many hundreds of thousands of Euros every hour that the domain is out of your control.
• Diversion of email traffic – all inbound and outbound email can be collected, read and replied to by the malicious 3rd party who can also spam like crazy from a reputable email address.
• Domain names repointed – to malicious look-alike, phishing or ‘graffiti’ websites denigrating your brand or others’.
• Loss of customer confidence – aside from the embarrassment factor, which might be significant, consumer confidence in the brand will undoubtedly be affected, which in turn will affect sales revenue and customer loyalty.
• Revised career prospects – if you are the one with responsibility for your brand’s domain names you will be in the unhappy position of being the one to explain your top-management why emails don’t work any longer and why your websites are pointing to a porn site (or worse).

So, in simple words if the registry operator does not offer “Registry Lock” your key domains are at risk. If a Registry lock is an option take it, for all domains that you intend to register in a Registry’s Sunrise Period.

With a registry lock activated, you can rest easy in the knowledge that, even if the registrar is compromised, the attackers cannot affect your online business.

Registrars are the ones concerned… in particular during “Sunrise Periods”

If Registrants are not that concerned here, Registrars truly are:

• More added value is offered to their clients when choosing a highly secured new domain name extension, in particular if they don’t have the financial capacity to offer all 1,000 of them;
• With such a crowded domain name space and so many offers, Registrars will need to make decisions based on the quality of the domain name extension, cost efficiency and simplicity of implementation;
• Registries offering Registrars a single access to all their domain name extensions with this option included, minimizes costs, administrative and financial paperwork;
• Sunrise Periods are intense for brands with the intention to secure their core domain names: such option included, is a great added value for a client to make a decision.

The New York Times’ example

I do not know if The New York Times plans to change its domain name when the .NEWS Registry is launched. I sincerely hope it does because “nytimes.news” sounds much better than “nytimes.com”.

Should this happen, let’s hope that the Registry that wins the .NEWS Top-Level Domain (7 are competing for the honor) offers the “Registry Lock” option. This would likely mitigate any such attack in the future.