contador javascript Saltar al contenido
Contact : alejandrasalcedo0288@gmail.com

Domain error allowed Hackers to register malicious domains

Thanks to a bug in some of the largest domain registrars on the internet, bad actors were able to register malicious domains until the end of last month.

If i tell you

Please click this URL, amɑzon.com, and sign in for a great limited time offer on Amazon, Would you realize it wasn't really the Amazon domain name?

Scroll over it, click it. You will see that it actually directs you to axn—amzon-1jc.com. Why? Look closely and you will notice that the second "a" and "o" are not actually the letters "a" and "o" of the Latin alphabet, which is what is used in the English language.

It is not supposed to be possible

Register these domain names due to the malicious attacks they could be used for. Many web browsers change the characters in the Unicode URL to Punycode, as seen in the example above, for that very reason.

The zero-day, or previously unknown, bug was discovered by Matt Hamilton, a security researcher at Soluble, in association with the security firm Bishop Fox.

According to Hamilton research

He was able to register dozens of names using Latin homoglyphs, basically one character that looks like another character. Verisign, Google, Amazon, DigitalOcean and Wasabi are among the affected companies that allow the registration of these names.

"Between 2017 and today, more than a dozen homogenous domains have had active HTTPS certificates", Hamilton writes.

"This included major financial, internet shopping, technology and other Fortune 100 sites. There is no legitimate or non-fraudulent justification for this activity."

Hamilton

He kept his report for publication until Verisign, the company that manages domain registrations for prominent top-level domain extensions (gTLDs) like .com and .net, fixed the issue. The research was only conducted in gTLDs administered by Verisign. He claims that among all the vendors he contacted, Amazon and Verisign in particular took the issue very seriously.

In the Cyrillic alphabet specifically, there are several letters that look almost identical to the letters of the Latin alphabet. For example, here is the Latin character for "a". Here is the character for "É‘" in Cyrillic.

The combination

These homoglyphic characters with the Latin alphabet in a domain name could create a URL that closely resembles one that is already registered by another company, such as the fake Amazon domain mentioned above.

Hackers could use these domain names to create phishing websites that resemble legitimate sites for services like Gmail or PayPal. The attack could steal a user's website password or credit card information using this information.

Hamilton

You were able to register the following domain names thanks to this error:

  • amÉ‘zon.com
  • chÉ‘se.com
  • sforcelesforce.com
  • É¡mÉ‘il.com
  • É‘ppÉ©e.com
  • ebÉ‘y.com
  • ticstatic.com
  • steÉ‘mpowered.com
  • theÉ¡uardian.com
  • theverÉ¡e.com
  • washinÉ¡tonpost.com
  • pÉ‘ypÉ‘É©.com
  • wÉ‘lmÉ‘rt.com
  • wÉ‘sÉ‘bisys.com
  • yÉ‘hoo.com
  • cÉ©oudfÉ©are.com
  • deÉ©É©.com
  • gmÉ‘iÉ©.com
  • gooÉ¡leapis.com
  • huffinÉ¡tonpost.com
  • instaÉ¡ram.com
  • microsoftonÉ©ine.com
  • É‘mÉ‘zonÉ‘ws.com
  • Android.com
  • netfÉ©ix.com
  • nvidiÉ‘.com
  • É©oogÉ©e.com

In total, he spent $ 400 to register domain names that could be used to defraud people of much, much more.

Internationalized domain names, or IDNs

They have become popular in recent years. These domains allow users worldwide to register names using their native language, such as Greek or Japanese, where you can find non-Latin characters.

However, malicious actors quickly discovered ways to use IDN for attacks.

As Bleeping Computer points out

The Internet Corporation for Assigned Names and Numbers (ICANN), the organization that administers the web's domain name system, has IDN guidelines that state registrars must not allow domains to register using a combination of different alphabets for this same reason.

However, it is not a new practice. The registry points out how homographic attacks have been a problem for the web for 15 years.

As for amɑzon.com, or should I say xn — amzon-1jc.com Since then, Hamilton has transferred the domain to Amazon, the company that can be found at real amazon.com.

TO ADDRESS YOU TO A URL, YOU MUST ALWAYS BE AWARE OF THE URL BY HACKERS WILL ALWAYS BE LIKELY OF OUR DATA