Copyright 2011 NTLUX S.A. VAYTON Brand Capital - www.vayton.com

Pag

e1

Protect your Brand Capital:

Strategies for your domain name management

Effective branding strategies (from name creation to brand protection

and valuation) are essential to launch, grow and protect your

business. “Protect Your Brand Capital” is one of several

whitepapers produced by VAYTON. Brand Capital. The aim is to

provide up-to-date background information, trends, and implications

for your business in a digital, global marketplace.

In this whitepaper, seven best practices are presented for protecting

and optimizing the value of your Domain Name portfolio. But first,

you should be aware of current and emerging threats to fully protect

your brand capital.

The winds of change have dramatically altered the business and marketing

landscape. Whether you are a local business or a multinational corporation,

you will not be able to attract and sustain a healthy customer-base without a

strong, protected brand presence on the Internet. Paul Twomey (president

of ICANN – Internet Corporation for Assigned Names and Numbers) called

the new developments a “transformative revolution” and cited 1.4 billion

current Internet users with a projected 1.5 billion in the next two to three

years. Eurostat, the Statistical Office of the European Communities, reported

that in 2009 one person in two in the EU27 used the Internet daily. Those

countries with the highest proportion of daily access and use (three-quarters

or more) were Netherlands (90%), Luxembourg (87%), Sweden (86%),

Denmark (83%), Germany (79%), Finland (78%) and United Kingdom (77%) -

Eurostat news release, Dec. 8, 2009.

Copyright 2011 NTLUX S.A. VAYTON Brand Capital - www.vayton.com

Pag

e2

In the not too distant past, a company just starting up would go through the

process of creating a name and registering a trademark to launch and market

its business enterprise. Acquiring an Internet address came next, though

often as an afterthought. The company would scramble to find a domain

name (DN) that matched the brand name. The next step would be to register

and periodically update the DN account information. There seemed to be no

other considerations. The DN was secured and the company went live on the

web. Unfortunately, many companies failed to anticipate threats posed by

cybercriminals and neglected to protect their brand capital with a robust

Domain Name management strategy. Without a rigorous DN management

strategy and without cutting-edge technology to thwart cyber attacks, a

company places itself at risk. Loss of revenue, a damaged reputation, and

security compromises (for the business and the customer) are three of the

most severe consequences.

New communication technologies bring new marketing opportunities—and

new threats The Internet has pushed the marketplace into a global arena.

The innovations altering the landscape of business and marketing (such

mobile Internet and social networking) are at the same time ushering in

vulnerabilities. Multinational corporations are forced into registering

hundreds of DNs to prevent interruption of business and brand dilution.

Cybersquatters have registered hundreds and thousands of DNs with the

malicious intent of “domain hijacking” or strong-arming a company into

buying at an exorbitant price brand-linked domain names. Internet traffic to

a company’s website risks being redirected to a malicious site. Worse, the

cybercriminal can solicit private customer information under the pretense of

being the authentic website. Prospective consumers are using the Internet

not only to shop for products and services but to assess the brand promise.

Brand dilution happens when customers are redirected to malicious sites

seeking to damage the company’s reputation. It may take just one mistyped

letter when entering an Internet address to be redirected to a bogus site.

No one who has an Internet presence is exempt: including celebrities,

writers, and politicians. Immediately after the State of the Union Address by

U.S. President Barack Obama (January 2010), the official websites of the

members of Congress were attacked and defaced with anti-Obama

Copyright 2011 NTLUX S.A. VAYTON Brand Capital - www.vayton.com

Pag

e3

messages. The creator of Bridget Jones, British author Helen Fielding, the

fashion house Chanel and the Reuters news company all won cybersquatting

cases recently (Reuters News, March 15, 2009). Chanel won against an entity

using the DN chanelfashion.com and chanelstore.com in bad faith.

A cybersquatter case can be won if an entity has registered a DN that

contains a company’s brand name or a variation on the brand name and uses

that DN in “bad faith.” Complaints are filed under the Uniform Domain

Name Dispute Resolution Policy (UDRP), a quick and cost-effective dispute

resolution procedure administered by the WIPO Arbitration and Mediation

Center. According to WIPO, the top five sectors filing cases in 2009 were

biotechnology and pharmaceuticals, banking and finance, Internet and IT,

retail, and food, beverages and restaurants.

T H E N A T U R E A N D M A G N I T U D E O F T H E T H R E A T S

The Internet Corporation for Assigned Names and Numbers (ICANN) is an

international non-profit entity whose mission is to regulate Domain Name

registration and monitor domain abuse. The magnitude and severity of the

threat to a company is summed up by the ICANN Security and Stability

Advisory Committee (SSAC):

“Domain hijacking can disrupt or severely impact the business and

operations of a registrant [company], including … denial and theft of

electronic mail services, unauthorized disclosure of information

through phishing web sites and traffic inspection (eavesdropping),

and damage to the registrant’s reputation and brand through web

site defacement.”

These threats are possible because of vulnerabilities in the DN registration

system. The Domain Name System (DNS) works like an automated telephone

directory but substitutes the numeric Internet Protocol (IP) addresses with a

unique name (usually the brand name). Registrars require all prospective

Web site registrants (DN “owner”) to provide contact information, which is

then made available to the public on the Internet through a service called

Whois. Each top-level domain or TLD (.com or .eu for instance) has a registry

Copyright 2011 NTLUX S.A. VAYTON Brand Capital - www.vayton.com

Pag

e4

responsible for managing Domain Names and setting policy for the domain.

The registrant is responsible for keeping the Whois information current. An

expired registration for a DN means it can be bought by a third party with

“bad intent,” potentially harming the company or product.

The recent availability of new generic TLDs (21 to date) has increased the

chances of a company’s brand name being hijacked by a cybersquatter who

acquires a company’s Domain Names that have expired and tries to

re-sell the names at a high price;

registers a company’s brand/trademark with a different top-level

name taking consumers to a counterfeit site; and,

registers Domain Names identical to a company’s DN but with one

letter altered (known as typo-squatting).

The Anti-Phishing Working Group (AWG) monitors phishing attacks around

the globe. Phishers attempt to obtain private information (such as

passwords and credit card numbers) primarily through emails and social

networking sites. A Phisher will redirect the Internet user to a fake site that

mimics the design of an authentic site. When using the search engine, a

user may be fooled into accessing a site that mimics the authentic site.

TrendMicro, a security company, is already reporting in 2010 the risks of

users trying to find information about the new Apple iPad but being directed

to phising sites. The phisher will use a domain name that has one altered

letter in the Internet address or that mimics a brand-linked address. Social

engineering seems the preferred technique. The Internet user is tricked into

voluntarily providing private information.

AWG recently published Global Phishing Survey: Trends and Domain Name

Use 1H2009.

Major findings from the AWG report with implications for domain name

protection and management are cited here:

1. In 1H2009, the average uptime of all phishing attacks was noticeably

shorter than in 2H2008. This is an encouraging improvement, most

likely reflecting efforts by providers and responders.

2. The Avalanche phishing kit accounted for a whopping 24% of all

phishing attacks launched in 1H2009. This criminal operation is one of

Copyright 2011 NTLUX S.A. VAYTON Brand Capital - www.vayton.com

Pag

e5

the most sophisticated and damaging on the Internet, and targets

vulnerable or non-responsive registrars and registries.

3. The great majority of phishing is also concentrated in certain

namespaces – just five TLDs

4. The amount of Internet domain names and numbers used for

phishing has remained fairly steady over the past two years.

5. Anti-phishing programs implemented by domain name registries can

reduce the up-times of phishing attacks, and can reduce the number

of malicious registrations made in those TLDs.

6. The unique characteristics of Internationalized Domain Names (IDNs)

are not being used to facilitate phishing, and there are factors that

may perpetuate this trend in the future.

7. Phishers continue to use subdomain services to host and manage

their phishing sites. Phishers used such services more often than they

registered domain names via regular registrars. This trend shows

phishers using services that cannot be taken down by domain

registrars or registry operators.

The AWG report further noted that

“Of the maliciously registered domains, 1,098 contained a relevant brand name, variation, or misspelling thereof. This represents 25% of maliciously registered domains, and just 3.6% of all domains that were used for phishing. Placing brand names or variations thereof in the domain name itself is not a favored tactic, since brand owners are proactively scanning Internet zone files for such names. … Instead, phishers almost always place brand names in subdomains or subdirectories. This puts the misleading string somewhere in the URL, where potential victims may see it and be fooled. Internet users are rarely knowledgeable enough to be able to pick out the “base” or true domain name being used in a URL.”

The ICANN Security and Stability Advisory Committee (SSAC) posted a study

based on a series of incidents occurring from May 2008 through April 2009.

Copyright 2011 NTLUX S.A. VAYTON Brand Capital - www.vayton.com

Pag

e6

Below are several common characteristics SSAC listed in their review of

domain name abuse incidents. (Key points have been highlighted.)

1. Many organizations have domain name registration accounts that

contain high-value or business-critical names, domain names that could

be as valuable to the organization as any tangible asset, trademark or

intellectual property right the organization possesses.

2. Many registration service providers operate with consumer-focused

service objectives; i.e., the registration service is highly automated and

focused on serving very large numbers of registrants at a high rate of

transaction. Automation is extremely important in any business

endeavor that attempts to provide service in a timely and scalable

manner. Our study revealed that attackers have familiarized

themselves with registrar behavior and will exploit certain aspects of

automation; for example, knowing that electronic mail is the preferred

method of notifying registrants of contact and configuration changes,

renewals, etc., attackers often attempt to disrupt delivery to email

addresses by modifying DNS configurations.

3. Among the incidents we studied, the victims were frequently customers

with business critical domain accounts operated by registration service

providers with consumer focused service objectives. In some cases,

customers did not adequately assess the risk associated with the

possible loss of control or access to their domain registration account

until they were victimized; in other cases, the internal policies and

monitoring activities in place prior to the incident were not sufficient to

detect or block the attack.

Copyright 2011 NTLUX S.A. VAYTON Brand Capital - www.vayton.com

Pag

e7

A T T A C K E R S A R E C L E V E R A N D T E C H - S A V V Y

According to “Measures to Protect Domain Registration Services Against

Exploitation or Misuse,” (SSAC Report [English]; [French]), DN attackers apply

a variety of methods to hijack and maliciously use domain name account

information.

SAMPLE CASES REPORTED BY SSAC –

ICANN was victimized by a group of hackers accessing ICANN’s domain

registration account at Register.com. ICANN described the attack as

“sophisticated, combining both social and technological techniques.” The

attackers altered the DNS configurations of several domains (icann.net

iana-servers.com, icann.com, and iana.com). Visitor traffic was rerouted

to a defacement web site.

CheckFree (now FIServ), the leading global provider of information

management and electronic commerce systems for the financial services

industry suffered a DN attack. The attacker gained control of

CheckFree’s domain registration account and modified the DNS

configuration of several domains, including checkfree.com and

mycheckfree.com. Customers logging onto their accounts to make

online bill payments were “redirected to an impersonation web server in

the Ukraine that attempted to install a malicious code that contained an

Adobe Reader exploit.”

“Registrars have been and will continue to be targets for attackers. Just as customers of financial institutions may be victimized by attacks against an online banking portal, so may domain name registrants be victimized by attacks against registrar domain administration pages.”

Copyright 2011 NTLUX S.A. VAYTON Brand Capital - www.vayton.com

Pag

e8

The SSAC report cited vulnerabilities that registrars, registrants and

resellers of DNs should address:

1. All an attacker needs to gain control of an organization’s entire domain

name portfolio (and to hamper authorized access to that portfolio) is a

user account and password.

2. Attackers need only guess, phish, or apply social engineering techniques

on a single point of contact to gain control of a domain registration

account.

3. Attackers scan domain account registration and administration portals

for web application vulnerabilities (e.g., SQL injection). A successful

exploit of vulnerable application code can result in the disclosure of

account credentials for many domain accounts.

4. Email is the preferred and often the only method by which some

registrars attempt to notify a registrant of account activity.

5. Attackers can block delivery of email notifications to targeted registrants

by altering DNS configuration information so that email notifications will

not be to any recipient in the domains the attacker controls through a

compromised account (e.g., registrant’s identified administrative or

technical contact email addresses hosted in the domain).

6. Access to and the ability to modify contact and DNS configuration

information for all the domains in a registration account is commonly

granted through a single user account and password.

7. Even when unauthorized modification of DNS information is discovered

quickly, the process of restoring DNS information to correct for a

malicious configuration can be a lengthy one that is inherent in the

distributed nature of the DNS and related to time to live (TTL) values.

Copyright 2011 NTLUX S.A. VAYTON Brand Capital - www.vayton.com

Pag

e9

From the business point of view, the nature of the threats to Domain Name

security must be thoroughly understood to determine what actions should

be taken to prevent disruption and damage to the company, product or

service. VAYTON. Brand Capital offers the following recommendations:

The company should be informed about best practices in managing

Domain Name portfolios for optimal brand protection and valuation.

This should be followed by an assessment of the current Domain Name

portfolio management system benchmarked against best practices.

Finally, a corporation should decide whether it has onboard the

necessary expertise and resources to manage effectively and proactively

its DN portfolio.

Copyright 2011 NTLUX S.A. VAYTON Brand Capital - www.vayton.com

Pag

e10

S E V E N B E S T P R A C T I C E S F O R D O M A I N N A M E M A N A G E M E N T

“Best practices applied in provisioning management seek to assure that these operations are performed in proper sequence, by authorized parties, in a timely and auditable manner, with low probability of omission, intrusion or error.” - ICANN, SSAC Report, 2009

Once a business understands current and emerging threats to its brand, a

robust portfolio management system should be seriously considered.

VAYTON has identified the following seven best practices for protecting and

optimizing your brand capital. The practices cited below are based on

published literature on domain name management strategies, case studies

by Internet policymakers and VAYTON’s own experience developing and

managing domain name portfolios for a variety of clients in Europe.

View Your Domain Names as a Corporate Asset

Is the management of your Domain Name portfolio an integral part of your

total business management strategy? Is domain portfolio management in

sync with your corporate objectives and goals? If the answers are no, this is

your first clue that your company has failed to see your DN portfolio as a

valuable corporate asset to be protected and valorized. The risks are too

great not to have a comprehensive domain management strategy. And, the

opportunities to valorize this asset are too numerous to be ignored.

Centralize Domain Name Management

Choose a single, accredited registrar for your DNs to reduce costs and risks

and have a single-point of contact (corporate administrative contact). As

new top level domains become available and as the company builds its e-

commerce for products and services, the necessity of continuously acquiring

new Domain Names can result in too many opportunities to miss renewal

deadlines. You should not only have an effective management system but a

comprehensive strategy to protect and optimize your brands and

trademarks.

Copyright 2011 NTLUX S.A. VAYTON Brand Capital - www.vayton.com

Pag

e11

Perform Systematic DN Portfolio Audits

Audit all your Domain Names immediately. Do managers in different areas of

the company who control Domain Names have the same policies for

renewals and management? After an enterprise-wise audit is performed,

you should develop policies and procedures for systematic renewals and

acquisition of new domains.

Audit and Centralize Your Trademark Portfolio at the Same Time

Many countries require a new trademark or a local company to also register

a domain name. This is true for France. So, audit and centralize your

trademark portfolio at the same time you centralize your DN portfolio.

Monitor Domain Registration Information for Guaranteed Renewals

Take steps to ensure you have the resources and technology for guaranteed

domain renewals and control over the process. Failure to update Whois can

result in losing DNs to cybersquatters who will try to resell the DNs to you at

exorbitant prices or redirect Internet traffic to a bogus or counterfeit Web

site. Renewing your DNs for periods longer than the usual two years will

ease the administrative burden. However, with large portfolios, having

different initial registration dates for DNs, managing renewals can be an

administrative hassle leading to mismanagement of this valuable asset.

Stay Informed About New Threats

Do not wait until the crisis (the counterfeiting, the disruption of services, or

unauthorized access to company and consumer information) occurs to take

action. Devote resources to monitoring the threats on the horizon, assessing

the potential harm, developing a plan and taking action to protect your DN

portfolio asset.

Monetize Domain Names

The commercial and marketing use of domain names is a key element for

brand valuation; a well managed domain name portfolio can reduce the

advertising costs by several thousand Euros. This can largely compensate the

expenses of new domain names and the domain name management

expenditures.

Copyright 2011 NTLUX S.A. VAYTON Brand Capital - www.vayton.com

Pag

e12

R I G O R O U S D O M A I N N A M E M A N A G E M E N T F O R O P T I M A L

B R A N D P R O T E C T I O N A N D V A L U A T I O N

ICANN recommends that registrars “provide security measures to safeguard against the non renewal of the customer’s domain names due to technical errors or oversight, to protect the customer from domain name hijacking through unauthorized modification of registration records, and to prevent unauthorized, malicious DNS configuration. The business model for these registrars is focused on handling individual transactions with a very low probability of error.

VAYTON. Brand Capital has the expertise and cutting-edge technology for

managing your Domain Name (DN) portfolio and optimizing your brand

asset. We offer personalized, customized DN management services to

protect your intangible property—your brand value and integrity.

E X P E R T I S E - Outsourcing DN portfolio management to VAYTON may be

the wise choice for your company. A dedicated team of experts can ease the

burden of DN portfolio management at all levels: administrative, technical

and strategic.

C O M P R E H E N S I V E S E R V I C E S - You can count on a comprehensive

suite of services necessary to prevent brand devaluation and security

compromises. We will audit, monitor, centralize, renew and recover your

domain names.

C U T T I N G - E D G E T E C H N O L O G Y - We have developed technologies

and platforms to audit, monitor and centralize domain names. These

technologies are customized to answer decision makers’ as well as technical

team requirements.

3A bou lev ard du P r inc e H enr i , L - 1724 L ux embour g

t e l . +352.26.44.17 .93 f ax . +352.26.44.18.4 3 Contac t : N ic o las VAN BEEK

c ontac t@v ay ton. c om