Mike O’Connor bought the domain name corp.com in 1994. He is now interested in selling it, but has concerns that someone working with organized cybercriminals, or state-funded hacking groups, will buy it. If that happens, it could be devastating to corporations failed to update the name of their active directory path.
Krebs on Security has a detailed blog about exactly what the problem is. In short, the issue is a problem known as “namespace collision”. It is a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.
If I’m understanding this correctly, it appears that the instructions that Microsoft gave years ago were not entirely understood by people who set up a corporation’s IT system.
Krebs states that for early versions of Windows that supported Active Directory, the instructions gave the default example of a Active Directory path as “corp”. Unfortunately, many corporations quite literally named their Active Directory “corp” – and never bothered to change it to a domain name that they controlled. Then, these corporations built upon it – without renaming “corp” to something more secure.
I recommend that you read the article on Krebs on Security for full details. Tests were done to see what kind of traffic corp.com would receive. More than 375,000 Windows PCs tried to send corp.com information that it “had no business receiving”. Another test allowed corp.com to receive email, and the result of the experiment showed it was soon “raining credentials”.
The big concern right now is that “the bad guys” could buy corp.com and start harvesting the data that countless corporations unwittingly send to it.