Trusted domain names are what allow the Internet to function in spite of the proliferation of spam and hacker attacks. There are many factors that make a domain name "trusted," and it is a fluid identity. In spite of its best efforts, even a domain like Yahoo can be used to spread malware and other forms of hack attacks.
Who Has Trusted Domain Names?
A domain name that is "trusted" is considered to either have enough of an infrastructure to combat attacks or be a low-enough profile to not attract them in the first place. Sites such as Google, Yahoo, or MSN.com are considered to be "trusted" by just about every email or browser program because the corporations spend literally millions of dollars to buy both the best talent and the fastest machines to take on the constant attacks by hackers.
Some examples of trusted domain names are:
- Network Solutions
The first three are large corporations,while the last two are domain registration services that have cutting-edge technologies to keep their servers protected from hack attacks.
However, customizable browsers enable users to specify whether any domain is or is not trusted. The Firefox web browser, for example, has security settings which can be tweaked to allow no websites to download content to the users computer - regardless of the domain. However, when a site attempts to load something - such as a cookie or a pop-up window - the browser will ask first if it should allow the process. If the answer is yes, the browser will also ask if the site in question should always be allowed to put content on the computer. This keeps the constant double-checking from being annoying while at the same time preserving the security of the computer.
The Black List
The problem of what domains should or should not be trusted goes further than simple web security, though. At one point well-meaning system administrators began creating "blacklists," lists of server IP addresses for known spammers. The servers that push content around the internet could be aware that content from these IP addresses was at best annoying, and block it.
Unfortunately, if an innocent server was hacked into sending spam, it might be added to the blacklist and suddenly small businesses, hobbyists, and other web users would find themselves blocked from most of the internet. Worse, once on a blacklist, it is notoriously hard to get off , as they are not created by any one governing body. There is no established process to remove a name from a blacklist - it differs from spam blocker to spam blocker.
An alternative to blacklists is implemented in some software and servers such as Wordpress. Once an IP is identified as being malicious, the user can add or remove the IP themselves, enabling a higher degree of control and communication to address the problem.
Why Attack a Trusted Domain Name?
What are the hackers hoping to accomplish with their attacks? At best, it is a simple matter of using the trusted domain name to send out spam advertising anything from hair cream to sexual aids. While most of the recipients of these emails ignore them, the cost of producing the "spam" is so low that even one or two customers from each mailing results in a tidy profit.
In a worst-case scenario, however, more than e-mails are used. Instead, actual functioning code is used to take over the websites and entire computers of the victims, resulting in crimes like identity theft, phishing scams, and more. The proliferation of social networking sites has increased the ease with which hackers can attack. Being able to upload photos, videos, or just about anything on MySpace or FaceBook means that malicious code can be uploaded as well.
The sheer number of users in social networking sites makes policing all of the uploads for all the users all the time a daunting task, and even the strongest sites sometimes become vulnerable to attack. Yahoo is a good example; in 2008, hackers used an elaborate layered attack to fool servers into thinking that a web ad was going to a safe and established domain owned by Yahoo. In reality, the domain belonged to the hackers, who had disguised it by using an IP address that did, in fact, belong to Yahoo but was unused.
The fact that security analysts have figured out what happened but still do not know how it happened highlights the difficulties involved in establishing and maintaining trusted domain names.