Posts Tagged: network solutions


8
May 13

Trade Sanctions Cited in Hundreds of Syrian Domain Seizures

In apparent observation of international trade sanctions against Syria, a U.S. firm that ranks as the world’s fourth-largest domain name registrar has seized hundreds of domains belonging to various Syrian entities, including a prominent Syrian hacker group and sites associated with the regime of Syrian President Bashar al-Assad.

The Syrian Electron Army complains about its domain seizures. Source: HP

The Syrian Electron Army complains about its domain seizures, saying Network Solutions cited trade sanctions against Syria. Source: HP

Network Solutions LLC. and its parent firm — Jacksonville, Fla. based Web.com — have assumed control over more than 700 domains that were being used mostly for sites hosted in Damascus. The seizures all occurred within a three- to four-day period in mid-April.

The apparently coordinated action ended with each of the site’s registration records being changed to include Web.com’s Florida address, as well as the notation “OFAC Holding.”

OFAC is short for the Office of Foreign Assets Control, an office of the U.S. Treasury Department‘s  Under Secretary of the Treasury for Terrorism and Financial Intelligence. OFAC administers and enforces U.S. economic trade sanctions against targeted foreign countries, including Syria.

Web.com declined to say whether it had coordinated the seizures or why it may have done so. “We do not comment publicly about specific accounts so we cannot provide details about the websites or domains mentioned in your inquiry,” the company said in an emailed statement.  “However, you should know that we cooperate with law enforcement and regulators in order to prevent illegal activity online and take the necessary steps to be in compliance with applicable laws and regulations.”

Under a series of executive orders, U.S. businesses are prohibited from selling goods and services into Syria. While there are a number of exceptions — referred to as “general licenses” in OFAC-speak — domain hosting and registration services are not among them. Although the general licenses permit services that are designed for personal communications, the provision of Web hosting and domain name registration is specifically called out in Treasury regulations (PDF) as not authorized under general licenses.

A spokesman for the Treasury Department said OFAC had not contacted either Web.com or Network Solutions regarding these Web sites.

“OFAC has offered a general license authorizing the  export of certain services for the exchange of personal communications over the Internet, such as instant messaging, chat and email, so that these sanctions don’t have the inadvertent effect of cutting the Syrian people off from the rest of the world,” said John Sullivan, spokesman for the Treasury Department’s Terrorism and Financial Intelligence division. “But the [general license] that allows for that does not authorize the exportation of Web hosting or registration services, so those could be subject to enforcement actions under our Syrian sanctions program.”

The domain seizures came to my attention after reading a report produced last month by HP‘s security and research team, which noted that individuals associated with a pro-Assad hacker group known as Syrian Electronic Army were complaining that NetworkSolutions had seized their domains, including syrian-es.comsyrian-es.net and syrian-es.org.

A reverse WHOIS report ordered from domaintools.com produced this list (PDF) of some 708 Syrian domains recently shuttered and assigned an “OFAC” designation by Web.com. According to historic Web hosting records also maintained by domaintools.com, the vast majority of the 700+ domains were hosted at Internet addresses assigned to the Syrian Computer Society (SCS). Interestingly, prior to assuming the presidency, Syria’s Assad was president of the SCS, a group now widely believed to have been a precursor to the Syrian Electronic Army.

Continue reading →


16
Aug 10

NetworkSolutions Sites Hacked By Wicked Widget

Hundreds of thousands of Web sites parked at NetworkSolutions.com have been serving up malicious software thanks to a tainted widget embedded in their pages, a security company warned Saturday.

Santa Clara, Calif. based Web application security vendor Armorize said it found the mass infection while responding to a complaint by one of its largest customers. Armorize said it traced the problem to the “Small Business Success Index” widget, an application that Network Solutions makes available to site owners through its GrowSmartBusiness.com blog.

Armorize soon discovered that not only was the widget serving up content for those who had downloaded and installed it on their sites, but also it was being served by default on some — if not all — Network Solutions pages that were parked or marked as “under construction.”

Parked domains are registered but contain no owner content. Network Solutions — like many companies that bundle Web site hosting and domain registration services – includes ads and other promotional content on these sites until customers add their own.

Continue reading →


19
Apr 10

Network Solutions Again Under Siege

For the second time in as many weeks, Internet hosting provider Network Solutions is trying to limit the damage from a hacking incident that has left many customer Web sites serving up malicious code.

In a post to its blog on Sunday titled We Feel Your Pain and We are Working Hard to Fix This, Network Solutions spokesman Shashi Bellamkonda apologized for the incident.

“We have received reports that Network Solutions customers are seeing malicious code added to their websites and we are really sorry for this experience,” Bellamkonda wrote. “At this time since anything we say in public may help the perpetrators, we are unable to provide details.”

Reached by telephone Monday, company spokeswoman Susan Wade declined to offer much more detail about the incident, such as how many customers may have been impacted and whether Network Solutions had uncovered the cause.

“It’s not impacting the entire hosting platform, but a subset of customers,” Wade said. “We’re trying to be very careful of what we say publicly right now. We want to make sure we have our facts straight and that we understand the scope of the problem. We’re putting countermeasures in place, but we’re not quite ready to come out and talk about them just yet.”

Unlike last week’s bout of customer site compromises, which seemed to impact mainly WordPress blogs, security experts have been hard-pressed to find a commonality among the victim sites, other than the malicious sites they are linking to.

“Note that this time we are seeing all kind of sites hacked, from WordPress, Joomla to just simple HTML sites,” wrote David Dede, a Brazilian security blogger who helped to raise the alarm over last week’s Network Solutions infections.

The StopMalvertising blog includes a host of information about the malicious scripts inserted into the hacked sites, indicating that the injected code redirects the visitor’s browser to Web pages that silently try to install malicious software using a variety of known vulnerabilities in popular Web browser plugins — such as Adobe PDF Reader – as well as insecure ActiveX (Internet Explorer) components.


19
Jan 10

Hundreds of Network Solutions Sites Hacked

Web site domain registrar and hosting provider Network Solutions acknowledged Tuesday that hackers had broken into its servers and defaced hundreds of customer Web sites.

The hackers appear to have replaced each site’s home page with anti-Israeli sentiments and pictures of masked militants armed with rocket launchers and rifles, alongside the message “HaCKed by CWkomando.”

According to results for that search term entered into Microsoft’s Bing search engine, there may in fact be thousands of sites affected by this mass defacement.

One of the defaced pages belonged to Minnesota’s 8th District GOP, according to a story in The Minnesota Independent, which said the Arabic writing that accompanies the defaced pages contains the dedication “For Palestine,” and the repeated phrase “Allahu Akbar” [God is great].

Continue reading →