Update 4 On Domain Registration System Issue Of 6th February
2021-02-12
The LK Domain Registry maintains the Top-Level country code domains .LK, .ලංකා and .இலங்கை. In addition to the servers which run the domain name system - DNS, the Registry maintains a registration system through which customers may register new domains, renew domains, change details of their domains, etc.
In the early morning of Sat 6th February, we received an alert of unauthorised changes to some domain names in .lk. This was immediately investigated by our team, who determined that around 10 domain names had been modified to point to a new IP address. Access to the LK domain registration systems was restricted to prevent further damage. Once the changes were identified, our team immediately reverted the changes to their previous settings. This was completed within 90 minutes.
This issue was immediately reported to our security partner, TechCERT, who started investigations together with the LK technical and the operations teams. It was identified that the changes were done remotely by accessing the Domain Registration system. TechCERT was able to identify that the incident was done by:
compromising of the credentials of one system user account and
bypassing of the restrictions which normally prevent the admin interface from being accessed from the Internet.
There is no evidence of any other unauthorised access to our systems. We have also not found any evidence of changes to any .LK websites, or of any information being stolen from any other .LK websites. We have not found any substantial evidence that any malware had been distributed via the website pointed to by the attackers. However investigations are on-going.
Together with TechCERT, we have identified shortcomings in our security mechanisms, and have updated our systems to mitigate these vulnerabilities. A number of other security improvements have also been implemented. Our domain registration systems are now back on-line. If you have any issue in using our systems, please e-mail hostmaster@nic.lk together with a screenshot if needed. If you need any further information or assistance, please call us on 0114-216-061 or contact us on the above e-mail address.
When you first log-in to the system after it is back on-line, we recommend you reset your password by visiting My Profile > Change Password .
We are continuing our investigations, and will issue further updates as needed. We thank you for your patience and support during this incident, and assure you of our continued commitment to provide reliable domain registry services.
Domain Registrar
LK Domain Registry
