January 17, 2021

Is it ethical to takeover the NS domain of a ccTLD if its going to expire, for the sake of a Proof of Concept?


I recently came across this article, in which the author heroically saves a ccTLD name server domain from falling into the wrong hands by registering it himself.

[https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/](https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/)

It’s a great act. But it makes me question his intentions at the same time like,

**Why on earth would you NOT REPORT to IANA about the incident and try to register (or take it over yourself)?**

Usually domains as soon they reach *pendingDelete* stage, are picked up by auction houses like DropCatch. Now if it would have been DropCatched by malicious people, it could have been put to bad purpose. That’s not the end of it, he kept monitoring it till it got deleted or, dropped and then claimed it. For what?

Why didn’t he report to the IANA that the NS domain name had reached the *pendingDelete* stage so they could renew it themselves and wouldn’t need him to take it over?

Was **his approach** ethical? What do you think? Had you been in his shoes what would you have done?

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.