When we think about the most dangerous places online, chances are, phrases like the “dark web” might bubble to the top of those conversations. But it turns out that one of the most dastardly domains isn’t full of literal garbage and porn—it’s just... a domain. And now you can buy it for yourself.
“Corp.com” is just one of the many innocuous-sounding domains that were bought out by entrepreneur Mike O’Connor in the mid-1990s. Around this time, O’Connor had co-founded his own ISP (Go-fast.net) and was snatching basic domain names left and right, including basics like bar.com, pub.com, and place.com, which have all become “pretty valuable” over the years, in his own words.
Per the cyber-centric blog Krebs On Security, the one domain O’Connor refused to auction off was Corp.com—at least, until now. The owner of this domain, Krebs went on, would be able to tap into an “unending” stream of sensitive intel, including email addresses, passwords, and more, from major corporations worldwide. It’s a pretty good pitch that more than justifies O’Connor’s initial asking price of $1.7 million.
On a simple level, the way the intel interception works is like this: When a gaggle of Windows computers are hooked up to the same internal corporate network, one way that they’re able to validate other devices on that network is through a proprietary Windows services called Active Directory. In the early versions of Windows that supported the Active Directory, the default path through these validation services was called—you guessed it—“corp.”
Krebs explains it like this:
At issue is a problem known as “namespace collision,” a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet.
Apparently, back in the early aughts, not many companies bothered to modify this setting to redirect the flow of information to include a domain they controlled. As Krebs points out, this means an employee of this company who tries to access this internal “corp” domain, say, in a Starbucks, will naturally have their computer try to pull the data it needs from “corp.com,” rather than their company’s own internal systems.
Naturally, anyone who owns this particular domain can completely intercept these very private communications from countless computers around the world, Krebs warns—which is why O’Connor stressed to Krebs that he hopes Microsoft will be the one to buy it, since the brunt of this shitshow will exclusively be hitting Windows products. But if you’re a hacker with money to burn, this may be a criminally good deal.