We here at SecurityWatch believe security is important. Very important.

But, as we’ve often said, technical security can often amount to nothing when human nature gets added into the mix.

And yesterday Ars Technica provided a fine example of what we mean.

Those of you with good memories, or an interest in the certain corners of the web, may well remember how the FBI nabbed Megaupload.com off of Kim Dotcom.

The agency subsequently lauded their new acquisition by proudly redirecting fans of the site to another page under their control, complete with a lovely bureau banner.

Megaupload

All good things come to an end though, and that includes the registration of the Megaupload.com domain.

Normally a business owner, or dedicated member of staff, would be highly alert to such a happenstance – after all, most hosts are hardly bashful when it comes to sending reminders out – but, in this case, something went wrong and the domain was put up for auction by GoDaddy.

Enter a British ex-pat adorned with a suitably nationalistic name: Earl Grey.

A self-styled “black hat SEO marketer,” Earl Grey swiped the domain up, presumably hoping to profit from the undoubted popularity and brand awareness it still carries, not to mention traffic.

As senior GoDaddy security architect Scott Gerlach says:

Once the domain is transferred, DNS records don’t move with domain. The new domain holder could have scraped all the DNS records, and then recreated them and monkeyed with the ones he wanted to change. He would have had to recreate all the entries; there are some tools out there that allow you to guess DNS entries and scrape the info. He would have had to know what he was doing to make it happen—it’s not technically easy to do, but doable.

Irrespective of what actually happened – and I don’t think anyone other than Earl Grey and GoDaddy have any answers right now – the Megaupload.com domain ultimately ended up serving “porn, drugs, malware & ad scams,” according to Kim Dotcom.

Imagine if that was your corporate website?

The amount of security in place would be largely irrelevant if someone let the domain name expire and, hence, end up under someone else’s control, wouldn’t it?

But there is a twist in this tale for Earl Grey.

No matter what he may or may not have done with the Megaupload domain he did, in many respects, become a victim himself.

A week after the domain expired the FBI finally realised and contacted GoDaddy. Gerlach explained that:

We got a notice of an ongoing criminal investigation regarding malware distribution, which lead to a Terms of Service violation and domain suspension.

Which basically means that the domain was frozen. I’m not sure whether that means Earl Grey will be entitled to a refund on the purchase price but one thing that’s for sure is that the purchase cost him his privacy.

As many website owners do, he blocked his contact details from appearing via a Whois lookup which is a sensible and advisable course of action to take.

Unfortunately, however, the suspension of the domain also took away his Domains By Proxy coverage, revealing all manner of personal info to anyone who cared to look for it.

Not that we needed such a disaster to befall him to find out that he lives in sunnier climes – Earl Grey likes to tweet you see, often talking about his taste in food, but also occasionally requesting assistance in the form of “an english person to be a cook/maid for a few hours a day in Marbella Center”.

I guess he didn’t value his privacy that much then, even though he does feel quite strongly about it (” I feel like I have been raped by @godaddy over my privacy. I empathize with women and men who have been raped. Violated.”)

So, what can we learn here?

There’s a few lessons, the first of which is that privacy and security issues are more often than not caused by the action/inaction of people rather than shortfalls in technology.

Secondly, if you own a website be on the lookout for domain renewal notices or at least be aware of when your registration expires – it’s no good securing a website if you let it slip out of your control.

Thirdly, are you aware of what your website is serving to visitors? I’ve seen many a derelict site that is packed full of junk and malware and the same can be said for current sites that get attacked – how often are you checking the integrity of yours?

Lastly, what are you doing to ensure your privacy? Are you hiding your contact details from the general web populace? Are members of your team then undermining that by saying too much on social media?

Food for thought, eh?

About the Author: admin

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

Name*