Newtek Domain Hijacking Puts Customers at Risk

Newtek Business Services Corp., a major web services provider, recently had three of their core domains – webcontrolcenter[.]com, thesba[.]com, and crystaltech[.]com – hijacked and the webpage used by customers to remotely manage their sites – webcontrolcenter[.]com – replaced by a live web chat service. Confused customers used this chatroom to seek answers regarding access to their email accounts and why their websites no longer resolved correctly; these customers were actually communicating with the domain hijacker. This incident occurred five days after the hacker allegedly notified Newtek of a bug in their online operations and the company did not respond. Newtek is facing criticism for their response to the incident, including how and what they communicated to their customers. The hacker is believed to be operating out of Vietnam, as two of the hijacked domains were moved to a Vietnamese domain registrar (inet[.]vn) and the email address provided by the individual was linked to two social networking profiles in Vietnamese. It is unclear whether the individual had any malicious intent or simply intended to publicly embarrass the company for not being more diligent in its online security. The NJCCIC recommends customers of Newtek review the two notices (1, 2) on the incident and follow their recommendations, including eliminating the hijacked domains from all corporate or personal browsers and avoid clicking on them. Organizations, particularly web service providers, are recommended to track their domain registrations and set alerts for any changes to those domains. Additionally, companies are advised to have policies and procedures in place for responding to vulnerability disclosures.

AlertNJCCICNewtek, Hijacking