CERT.LV and MIDD can lock “.lv” domain names involved in security incidents

From 19th of July 2017 amendments to “Law on the Security of Information Technologies” came into force. The amendments empower structures under the Ministry of Defense (MoD) to temporarily lock “.lv” domain names involved in security incidents.

The MoD structures (Information Technology Security Incident Response Institution CERT.LV and Military Intelligence and Security Service MIDD) have the right to request NIC.LV to temporarily (up to 5 days) lock a “.lv” domain name that is involved in a security incident that has a serious impact on the security of information systems and that cannot be resolved by other means.

Security incidents that CERT.LV wishes to prevent by using these rights are for example:

  • phishing attacks that are often used to steal user data, including login credentials and credit card numbers;
  • cases when a domain name in a robot network infrastructure is used as a command, control center or as an element of infection;
  • cases when the domain name is used to spread malware.

“According to CERT.LV statistics, such cases when a domain name is used to spread malware occurs on average several times a month. Usually the attacker doesn’t register a new domain name, but hijacks an existing one or hacks its legitimate server.” CERT.LV specialist Uldis Koškins.

Domain name lock is intended as the last resort, in cases when an incident can’t be prevented by other means, for example, if the holder of the domain name hasn’t responded to repeated attempts to contact him/her.

NIC.LV suggests domain name holders and Registrars to update their contact details, so in case of an incident, CERT.LV and MIDD could successfully contact you.

Upon receipt of the request from MoD structures, NIC.LV will inform the holder of the according domain name and its’ Registrar about the request and the time when the domain name will be locked.

The law states that a domain name can not be locked for more than five days! However if the problem has not been resolved within the deadline and the renewal of the domain name could cause serious impact on the security of its users, the MoD structures may repeatedly request to lock the domain name. Such a scenario can continue until the security incident is resolved.