In recent days, researchers have found that the world ‘ s top university website domain names have been hijacked by outlaws and the web page is full of pornography and fraud as a result of gaps in website administrators. The affected sites include official domain names such as berkeley.edu (University of California Berkeley), Columbia.edu (Columbia University) and Washu.edu (University of Washington, St. Louis). All domain names are full of explicit pornography, including a number of fraudulent websites, falsely reporting that the visitors ‘ computers were infected with the virus and demanding payment for the removal of malicious software that did not exist. According to the researcher Alex Shakhov, hundreds of sub-domain names in at least 34 universities have been misused and Google search results list thousands of hijacked web pages.
Berkeley was hijacked.
According to Alex Shahov, founder of SH Consulting, these outlaws, another researcher who linked them to a known organization called Hazy Hawk, are taking advantage of a “clerical error” loophole of the website administrator of the affected university.
When universities register a sub-domain (e.g. provost.washu.edu), a CNAME record is created, which points to a “standardized” domain name. When the sub-domain name was eventually discontinued (which often happens), the record was never deleted. Liars like Hazy Hawk then took advantage of the old record of hijacking. Given the reputation of the University, the results of the search are often given priority. Alex Shakhov writes: “The root cause is simple: the university created the DNS record but never cleaned it up. The CNAME records have no expiry time. When the target stops responding, no one gets the alarm. Moreover, most of the IT departments in schools do not maintain a comprehensive list of their sub-domain names and their orientation.” The problem is exacerbated by the special nature of the highly decentralized way in which universities operate. Colleges, laboratories, study groups and student organizations are usually free to apply for sub-domain names. When managers leave, the DNS records they create do not have a corresponding write-off process.”
Thus, any web-based organization should establish a list of all sub-domain names, their use and corresponding CNAME records. Staff members should also review the list on a regular basis and look for “suspension” records, even when official sub-domain names are no longer in use. Any sub-domain names found inactive should be deleted from the CNAME records. According to Alex Shakhov, many universities and other organizations are ignoring this common sense practice. Since the results of the study were made public earlier this month, only a few universities have been aware of the suspended CNAME records. Even so, the index interface of some of these universities was shown in Google ‘ s search results.