DNS HiJacking
W
The “Host” part of the URL refers to a specific machine in a domain network. In most cases the slang term “www” has been used as a link or pointer to the “world wide web” server. This process of pointing and linking fake name to a real server is call “cname”. This is handy because network administrators can adjust web traffic from one physical machine to another by changing the cname of “www” and the users never have to know or update their bookmarks. (well update their books makes is itself an old term, now it’s more about a company not having to update a million dollars worth of advertising just to take a machine off line for repairs)
AT TCG our current production web-server is named “suzumiya”, so http://suzumiya.taborcg.com brings up out site, www is just a pointer to that address.
Now, if a user mistypes a URL, what is supposed to happen is that a “server or domain cannot be found” error is supposed to be displayed. Depending on what DNS server you have configured on your computer, some DNS servers feed you bogus search or advertising pages instead of errors. There is also a big market in typo domains, for example http://www.ebaayy.com/ is not owned by ebay, but the first link is a paid sponsor link back to ebay, thus this site is a revenue generator for who ever owns ebaayy.com. To combat domain typos, companies will also register several common typo domains and point them to the real location. Again, ebay owns http://www.ebayy.com and points it to their main site.
Domain typos are a problem, but a minor one. Most people and companies understand that the user has the responsibility to type the correct address to get where you need to go, in much the same way they have to dial the correct phone number to reach the right person. What Name.com has done however is NOT domain typo hijacking, but host level typo hijacking. Which on a technical and legal level is much, much worse.
Unlike a domain level typo hijack, a host level typo hijack involves a typo to the “host” part of the domain name. So rather than “www.taborcg.com” a user types “wwww.taborcg.com” or “ww.taborcg.com”. Why this is legally different is that I as the owner of the domain “taborcg.com” am responsible for any and all content on servers within my domain. In contrast if someone registered taborcggg.com and put child porn on www.taborcggg.com, I cannot be held responsible because I have no control over taborcggg.com. (it’s still reprehensible, and I would take action to stop taborcggg.com, but I would not be criminally liable for publishing it.)
