Update 3 on Domain Registration System Issue of 6th February
2021-02-10

The LK Domain Registry maintains the Top-Level country code domains .LK, .ලංකා and .இலங்கை. In addition to the servers which run the domain name system - DNS, the Registry maintains a registration system through which customers may register new domains, renew domains, change details of their domains, etc.

In the early morning of Sat 6th February, we received an alert of unauthorised changes to some domain names in .lk. This was immediately investigated by our team, who determined that around 10 domain names had been modified to point to a new IP address. Access to the LK domain registration systems were temporarily restricted to prevent further damage. Once the changes were identified, our team immediately reverted the changes to their previous settings. This was completed within 90 minutes.

This issue was immediately reported to our security partner, TechCERT, who immediately started the investigation together with the LK technical and the operations teams. It was identified that the changes were done remotely by accessing the Domain Registration system. TechCERT was able to identify that the incident was done by:

  1. compromising of the credentials of one system user account and
  2. bypassing of the restrictions which normally prevent the admin interface from being accessed from the Internet.

There is no evidence of any other unauthorised access to our systems. We have also not found any evidence of changes to any .LK websites, or of any information being stolen from any other .LK websites. We have not found any substantial evidence that any malware had been distributed via the website pointed to by the attackers. However investigations are on-going.

The DNS system continued running uninterrupted. Our telephone lines were manned from 8.00 a.m. on Saturday, and answered a large number of calls from customers, resellers, media, etc. Urgent changes are being performed manually.


Together with TechCERT, we have identified shortcomings in our security mechanisms, and have updated our systems to mitigate these vulnerabilities. A number of other security improvements have also been identified, and are being implemented. We will bring our domain registration systems back on-line shortly, as soon as these improvements are completed. However, in the meantime, please send any urgent requests to This email address is being protected from spambots. You need JavaScript enabled to view it. . If you need any further information or assistance, please call us on 0114-216-061 or contact us on the above e-mail. For media related queries please call on 0114-216-062.


When you first log-in to the system after it is back on-line, we recommend you reset your password.


We are continuing our investigations, and will issue further updates as needed. We thank you for your patience and support during this incident, and assure you of our continued commitment to provide reliable domain registry services.


Domain Registrar
LK Domain Registry

 

Further to our 1st Report (reproduced below), we have made further investigations on the affected system, and have not found any evidence of any additional domains (other than those initially identified) being affected by this issue.

We have also not found any evidence of any affect to any .LK website, or any information being stolen from any .LK website. However, we are continuing our investigations, and will issue further updates as needed.

Gihan Dias
Domain Registrar
LK Domain Registry

V 2.0 - 2021-02-06 16:00

 

 

An issue with the .LK Domain Registration System arose early in the morning of Saturday, 6th February, which affected a few domains registered in .LK. This issue was attended to expeditiously, and the matter was resolved by approx. 8.30 a.m.

The .LK DNS system is now functioning normally. However, some names may be cached in systems outside the registry, and may appear until the cache expires.

We are currently investigating the issue, and will report as soon as concrete information is available. If you need any further information or assistance, please contact us on our hotline +94 114 216061 or e-mail This email address is being protected from spambots. You need JavaScript enabled to view it. .

Gihan Dias
Domain Registrar
LK Domain Registry

V 1.0 - 2021-02-06 10.30 a.m.

 

Last modified on Friday, 12 February 2021 03:17

Corporate Information

Related Links

Follow Us

Like Us On Facebook

blog

blog

Visa MC logonic

vishwa login btnez cash logo

 mCash

Contact us

LK Domain Registry
Bernard's Business Park,
106, Dutugemunu Street,
Dehiwala.

TP: (011) 421-6061

This email address is being protected from spambots. You need JavaScript enabled to view it.