A security researcher commandeered a country’s expired top-level domain to save it from hackers
Fredrik Almroth thought the authorities would try to save the critical domain name. Nobody ever did. Zack Whittaker@zackwhittaker / 7:00 AM EST•January 15, 2021 In mid-October, a little-known but critically important domain name for one country’s internet space began to expire. The domain — scpt-network.com — was one of two nameservers for the .cd country code top-level domain, assigned to the Democratic Republic of Congo. If it fell into the wrong hands, an attacker could redirect millions of unknowing internet users to rogue websites of their choosing. Clearly, a domain of such importance wasn’t supposed to expire; someone in the Congolese government probably forgot to pay for its renewal. Luckily, expired domains don’t disappear immediately. Instead, the clock started on a grace period for its government owners to buy back the domain before it was sold to someone else. By chance, Fredrik Almroth, a security researcher and co-founder of cybersecurity startup Detectify, was already looking at nameservers of country code top-level domains (or ccTLDs), the two-letter suffixes at the end of regional web addresses, like .fr for France or .uk for the United Kingdom. When he found this critical domain name was about to expire, Almroth began to monitor it, assuming someone in the Congolese government would pay to reclaim the domain. But nobody ever did. By the end of December, the clock was almost up and the domain was about to fall off the internet. Within minutes of the domain becoming available, Almroth quickly snapped it up to prevent anyone else from taking it over — because, as he told TechCrunch, “the implications are kind of huge.” < - > https://techcrunch.com/2021/01/15/congo-comandeered/ _______________________________________________ Infowarrior mailing list Infowarrior@attrition.org https://attrition.org/mailman/listinfo/infowarrior
