Lost domains, open doors: What old government domains reveal

What happens when state domains expire - and suddenly someone else owns them? This presentation will report on how several formerly official but unregistered domains of German federal ministries and authorities could be acquired - and which data streams became visible as a result. For months, DNS queries from federal networks could be received - a considerable security risk. Among other things, because it was possible to take over accounts, manipulate validations of email signatures, redirect requests and, in extreme cases, execute code on systems. (No sensitive data will be published; the focus is on research, education and responsible handling of the results.) The study revealed not only misconfigurations, but also phenomena such as bitsquatting and typoquatting within the administrative networks. With the operation of a DNS server and the acquisition of bund.ee (more bund.de typosquatting/bitquatting), it was possible to receive numerous DNS queries from servers of the Federal Ministry of the Interior (BMI) and other federal institutions. The presentation sheds light on the technical and organizational weaknesses behind such processes - and shows how DNS details can provide insights into the state's IT infrastructure. The whole thing is rounded off by practical examples, data analyses and recommendations on how similar incidents can be avoided in the future. In other countries, gov domains have long been common as TLDs (e.g. gov.uk) - in Germany, however, bund.de or gov.de is not as widespread as one might think, among other things because federal ministries use their own domains or are renamed after the formation of a government. Licensed to the public under http://creativecommons.org/licenses/by/4.0

LicenseCreative Commons Attribution