12 °c
London
Wednesday, June 29, 2022
No Result
View All Result
FurtherAfrica
  • Countries
    • Angola
    • Botswana
    • Cape Verde
    • DRC
    • Eswatini
    • Ethiopia
    • Kenya
    • Malawi
    • Mauritius
    • Mozambique
    • Namibia
    • Nigeria
    • Rwanda
    • South Africa
    • Tanzania
    • Uganda
    • Zambia
    • Zimbabwe
  • Interviews
  • Understanding
  • Videos
  • Travel
  • Weekend
  • About
FurtherAfrica
  • Countries
    • Angola
    • Botswana
    • Cape Verde
    • DRC
    • Eswatini
    • Ethiopia
    • Kenya
    • Malawi
    • Mauritius
    • Mozambique
    • Namibia
    • Nigeria
    • Rwanda
    • South Africa
    • Tanzania
    • Uganda
    • Zambia
    • Zimbabwe
  • Interviews
  • Understanding
  • Videos
  • Travel
  • Weekend
  • About
No Result
View All Result
FurtherAfrica
No Result
View All Result
Home Africa

How a security researcher helped save DRC’s expired top-level internet domain

FurtherAfrica by FurtherAfrica
January 16, 2021
in Africa, DRC, Government, Tech
Reading Time: 4 mins read
796 33
0
How a security researcher helped save DRC’s expired top-level internet domain
Share via QRWhatsappShare on FacebookShare on TwitterLinkedInPinteresteMail

In mid-October, a little-known but critically important domain name for one country’s internet space began to expire.

The domain — scpt-network.com — was one of two nameservers for the .cd country code top-level domain, assigned to the Democratic Republic of Congo. If it fell into the wrong hands, an attacker could redirect millions of unknowing internet users to rogue websites of their choosing.

Clearly, a domain of such importance wasn’t supposed to expire; someone in the Congolese government probably forgot to pay for its renewal. Luckily, expired domains don’t disappear immediately. Instead, the clock started on a grace period for its government owners to buy back the domain before it was sold to someone else.

By chance, Fredrik Almroth, a security researcher and co-founder of cybersecurity startup Detectify, was already looking at nameservers of country code top-level domains (or ccTLDs), the two-letter suffixes at the end of regional web addresses, like .fr for France or .uk for the United Kingdom. When he found this critical domain name was about to expire, Almroth began to monitor it, assuming someone in the Congolese government would pay to reclaim the domain.

But nobody ever did.

By the end of December, the clock was almost up and the domain was about to fall off the internet. Within minutes of the domain becoming available, Almroth quickly snapped it up to prevent anyone else from taking it over — because, as he told TechCrunch, “the implications are kind of huge.”

It’s rare but not unheard of for a top-level domain to expire.

Also read: The gold mine in Africa’s ‘internet economy’

In 2017, security researcher Matthew Bryant took over the nameservers of the .io top-level domain, assigned to the British Indian Ocean Territory. But malicious hackers have also shown interest in targeting top-level domain hacks into companies and governments that use the same country-based domain suffix.

Taking over a nameserver is not supposed to be an easy task because they are a vital part of how the internet works.

Every time you visit a website your device relies on a nameserver to convert a web address in your browser to the machine-readable address that tells your device where on the internet to find the site you’re looking for. Some liken nameservers to the phone directory of the internet. Sometimes your browser looks no further than its own cache for the answer, and sometimes it has to ask the nearest nameserver for the answer. But the nameservers that control top-level domains are considered authoritative and know where to look without having to ask another nameserver.

With control of an authoritative nameserver, malicious hackers could run man-in-the-middle attacks to silently intercept and redirect to malicious webpages internet users going to legitimate sites.

These kinds of attacks have been used in sophisticated espionage campaigns aimed at cloning websites to trick victims into handing over their passwords, which hackers use to get access to company networks to steal information.

Worse, Almroth said with control of the nameserver it was possible to obtain valid SSL (HTTPS) certificates, allowing for an attacker to intercept encrypted web traffic or any email mailbox for any .cd domain, he said. To the untrained eye, a successful attacker could redirect victims to a spoofed website, and they would be none the wiser.

“If you can abuse the validation schemes used to issue certificates, you can undermine the SSL of any domain under .cd as well,” Almroth said. “The capabilities of being in such a privileged position is scary.”

Almroth ended up sitting on the domain for about a week as he tried to figure out a way to hand it back. By this point the domain had been inactive for two months already and nothing had catastrophically broken. At most, websites with a .cd domain might have taken slightly longer to load.

Also read: Insights: A brief look into the DRC (VIDEO)

Since the remaining nameserver was running normally, Almroth kept the domain offline so that whenever an internet user tried to access a domain that relied on the nameserver under his control, it would automatically timeout and pass the request to the remaining nameserver.

In the end, the Congolese government didn’t bother asking for the domain back. It spun up an entirely new but similarly named domain — scpt-network.net — to replace the one now in Almroth’s possession.

We reached out to the Congolese authorities for comment but did not hear back.

ICANN, the international nonprofit organization responsible for internet address allocation, said country code top-level domains are operated by their respective countries and its role is “very limited,” a spokesperson said.

For its part, ICANN encouraged countries to follow best practices and to use DNSSEC, a cryptographically more secure technology that makes it nearly impossible to serve up spoofed websites. One network security engineer who asked not to be named as they were not authorized to speak to the media questioned whether DNSSEC would be effective at all against a top-level domain hijack.

At least in this case, it’s nothing a calendar reminder can’t solve.

Source: Tech Crunch

Related

Tags: cybersecurityDemocratic Republic of the CongoDR CongoDRChackersinternet domainnational securitysecuritySecurity researcher helped save DRC's expired top-level internet domainTechДемократическая Республика Конгоجمهورية الكونغو الديموقراطيةコンゴ民主共和国刚果民主共和国
ScanSendShare332Tweet207Share58Pin76Send
FurtherAfrica

FurtherAfrica

Founded in 2015 FurtherAfrica is an online platform centralising news and content focusing on the development and growth story of the African continent.

Related Posts

Business

Qatar investors acquire Rwanda Umubano hotel

by Taarifa Rwanda
June 29, 2022
Angola Capital Markets Commission analyses privatisations through stock exchange
Finance

Nairobi Stock Exchange Africa’s 3rd poorest performer

by The Exchange
June 29, 2022
FurtherAfrica join forces to promote ATIGS Dubai 2020
Business

Theorems Groups – Sarko Partners join forces to enter SADC

by Elizabeth Khumalo
June 29, 2022
Banks using US$ should think about their Crypto exposure – FinCEN Director
Finance

Cryptocurrency offers hope for Africa’s economic resurgence

by Web3Africa
June 29, 2022
The tripartite network theory in the gold mining industry: a lesson for Africa
Commodities

Ethiopia’s gold export generated US$513.9M in 11-month

by FurtherAfrica
June 29, 2022
Angola Oil & Gas 2022
 
AFSIC 2022
 
Great Limpopo Transfrontier Park
 
MozParks

Translate this page

Read the Latest

Business

Qatar investors acquire Rwanda Umubano hotel

by Taarifa Rwanda
June 29, 2022
0

Rwanda has handed over the former Umubano hotel to Kasada, a leading independent investment platform dedicated to hospitality investments in...

Read more
Angola Capital Markets Commission analyses privatisations through stock exchange

Nairobi Stock Exchange Africa’s 3rd poorest performer

June 29, 2022
FurtherAfrica join forces to promote ATIGS Dubai 2020

Theorems Groups – Sarko Partners join forces to enter SADC

June 29, 2022
Banks using US$ should think about their Crypto exposure – FinCEN Director

Cryptocurrency offers hope for Africa’s economic resurgence

June 29, 2022
The tripartite network theory in the gold mining industry: a lesson for Africa

Ethiopia’s gold export generated US$513.9M in 11-month

June 29, 2022

FurtherAfrica Partners Network

The Exchange Club of Mozambique Taarifa Rwanda
TechGist Africa Africa Oil & Power Farmers Review Africa
Tanzania Invest Zambia Invest See Africa Today
Africa Global Funds Novafrica CrudeMix Africa
Harambee Africa Botswana unplugged Financial Insights Zambia
Digilogic Africa Web3Africa

Subscribe to FurtherAfrica

Enter your email address to receive new articles on your email.

Join 73,051 other subscribers.

FurtherAfrica

© 2021 FurtherMarkets

FurtherAfrica is a FurtherMarkets Limited platform

  • Countries
  • Interviews
  • Understanding
  • Videos
  • Travel
  • Weekend
  • About

Follow Us

No Result
View All Result
  • Countries
    • Angola
    • Botswana
    • Cape Verde
    • DRC
    • Eswatini
    • Ethiopia
    • Kenya
    • Malawi
    • Mauritius
    • Mozambique
    • Namibia
    • Nigeria
    • Rwanda
    • South Africa
    • Tanzania
    • Uganda
    • Zambia
    • Zimbabwe
  • Interviews
  • Understanding
  • Videos
  • Travel
  • Weekend
  • About

© 2021 FurtherMarkets

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?