Registry locks are usually applied by the registrar and are used to prevent unauthorized or unwanted changes to a domain. Once a domain name is flagged, then the lock will prevent DNS modifications, contact modifications, transfers, and deletion. Any changes requested will require additional methods of verification outside of a username and password.
Rapid7's Chief Research Officer, HD Moore, monitored many of the Web's top brands in the aftermath of the SEA attacks. In the hours following the attacks, a number of brands had registry locks placed on their domains. As expected, Twitter locked t.co and twimg.com, but they also added a lock to tweetdeck.com and vine.com. The Huffington Post, another victim of the SEA, also added a registry lock. Moreover, Patch.com, MapQuest.com, Starbucks.com, and TechCrunch.com also added registry locks.
Among those brands lacking registry lock protection are Adobe (Adobe.com and Acrobat.com) American Airlines, AOL, BB&T Bank, Australia and New Zealand Banking Group, Cisco, IBM, and 1&1 Internet (Mail.com), just to name a few. There are plenty of others, including major security firms (McAfee), media (Huston Chronicle, SF Gate), as well as service portals such a PR Newswire and Monster.com.
In an email sent to CSO, Moore said that although twitter.com did have a lock in place, at the time of the attack, many large-brand domains were hosted with MelbourneIT and were not locked.
"There is no evidence that the attackers made changes to these domains, but these were potentially vulnerable at the time the attack took place. In other words, things could have been much worse."
In a statement, MelbourneIT encouraged domain owners to use registry locks. While the protection offered isn't foolproof, it's another layer of defense.
"For mission critical names we recommend that domain name owners take advantage of additional registry lock features available from domain name registries including.com... Some of the domain names targeted on the reseller account had these lock features active and were thus not affected."
Sign up for Computerworld eNewsletters.