I've heard this claim made repeatedly on this site, but I've not heard any details as to what specifically MarkMonitor does to protect domains above and beyond other registrars. Anyone care to chime in?
I think Google actually stand to lose less than a smaller corporation. The registry will not assign Google to another company in any way that passes any eyeballs without seriously questioning it; if it did get re-assigned then they wouldn't have a problem recovering it. It's not likely to be gone for more than a few seconds before it's noticed and customers who were phished, or whatever, wouldn't be that likely to leave Google because of it.
That said I think appeal to authority is quite useful in this situation.
I would agree that any attempt to reassign google.com ought to raise someone's eyebrows.
But I would have said the same about mit.edu and they got reassigned about a year ago. Obviously not for long, but the damage someone well-prepared could do by owning google.com for just 30 minutes is scary.
There's no way anyone could own it for more than a couple of minutes before Google had contacted the managers of the root name servers and ICANN to revert. Like the sibling comment intimates handling the traffic would be nigh impossible - easier to control and perform a localised attack on a nameserver to "own" google.com for a limited subset of users.
The "well prepared" part makes me wonder. What kind of infrastructure would you need to handle google.com's traffic? I don't think any of the cloud providers can scale up to that kind of traffic out of the box, and it's not like someone can just build and staff a dozen data centers in preparation of this hijack attempt.
I have previously worked with MarkMonitor. One big factor is that at the time I had a single dedicated person who oversaw our domains. I knew him and his manager, and they knew me. Everything related to our domains went through them. It's not impossible to fool someone in that situation, of course, but it's a lot harder than fooling some random support person who knows nothing about the business or people involved. We talked on the phone regularly, and I have absolute certainty that if anything unusual came through, they wouldn't hesitate to call me and figure out if it was legitimate.
FWIW I think Apple previously used MarkMonitor. In fact that's currently mentioned on Wiki. However, now Apple.com is controlled by something named "Corporation Service Company".
I think the idea behind these services is, they're not just a registrar. Broadly speaking, their business is "know your customer". They're boutiques. They protect large companies against the vagaries of DNS hacks, expired domain registrations, typosquatting, etc.
E.g. a (long) while ago Microsoft failed to renew hotmail.co.uk, just like they previously forgot to renew passport.com. But today, Microsoft can't forget to renew microsoft.com, because that's now MarkMonitor's job. Similarly, renewing passport.com is now the job of (according to whois '=passport.com'):
Corporation Service Company(c) (CSC)
The Trusted Partner
of More than 50% of the 100 Best Global Brands.
The bad part is if CSC screws up, quite a few companies could be in a world of hurt.
This is different than a registrar lock in that a registrar lock is managed by the registrar (GoDaddy, Tucows, etc) but a registry lock is managed by the registry themselves. It requires personal contact with specific individuals to enable and disable the lock, making attempts to steal domains more difficult (but not impossible since social engineering is still feasible).
I've never used MarkMonitor before, but I did handle the registration for a hugely popular domain at one time. They decided to move to MarkMonitor but in the meantime they requested a registry lock set up on their main domain. This turned out to be very good idea since the registrar at the time was social engineered into changing the credentials for the account (with forged letter head similar to the fastmail.fm attack). The attackers were able to change the nameservers for little used domains but their main domain could not be modified.
