In the past 24 hours both the .nl domain registry and .be domain registry have been attacked.
The .be registry‘s public facing website was defaced, though the defacement had no impact on the registry data. As would be expected the registry data is not linked to the public facing website. DNS.be informed registrars that they are still investigating the incident but weren’t taking any chances.
The SIDN security issue, however, appears to be more serious in nature.
Yesterday afternoon the registry informed registrars that they were investigating a possible security incident. In order to mitigate issues they’d closed down access to a number of systems.
This morning they forced a password reset for all registrars and sent a detailed explanation of the security incident.
While SIDN feel quite confident that no registrar account data was compromised they’ve recommended that passwords be reset:
One of our web servers was hacked, enabling the hackers to gain access to a file containing registrars’ website log-in details. The file contained registrar numbers and the associated encrypted passwords. Because the passwords were encrypted, the data could not be used to gain access to the registrars’ website without decryption. We nevertheless felt that the measures described here were necessary to exclude the possibility of abuse in the event of decryption.
Both registry operators did a good job in keeping their registrars informed of what was going on and were as transparent as they could be under the circumstances
But the number of attacks on domain name registry operators is either growing or they’re being reported more. That is worrying.