Melbourne IT accepts blame for domain hijack

Melbourne IT has acknowledged that it was partially responsible for a Web domain hijacking that left a New York Internet hosting company without an Internet address over the weekend.

The company, which manages Internet domain name registrations, allowed fraudsters using stolen credit cards to take control of Panix.com, Public Access Networks' Internet domain, early Saturday, according to Ed Ravin, a Panix system administrator. The hijacking deprived some Panix customers of e-mail access for two days, and shone a light on what some contend are holes in the system for managing Internet domain transfers, according to Ravin and others.

Panix regained control of its Internet domain Monday, after Melbourne IT reversed the registration change that transferred ownership of Panix.com to an unknown party Saturday night . However, some customers were still experiencing problems Tuesday as the transfer changes worked their way through the worldwide network of DNS (Domain Name System) servers that manage requests for Internet addresses, Ravin said.

The hijackers somehow exploited a "loophole" in the process used to verify requests for domain transfers with the party that owns a Web domain, according to an e-mail message sent to Panix's founder and President Alexis Rosen from Bruce Tonkin, chief technology officer at Melbourne IT. About 5,000 customers were affected and some of them may have lost 100 or more e-mail messages over the weekend, Rosen said in an interview.

According to a recently updated policy from the Internet Corporation for Assigned Names and Numbers (ICANN), requests to transfer domains between two domain registrars require the registrar who will be taking over control of an Internet domain to receive approval for the transfer from an administrator at the "losing" registrar-- the organization that will be ceding control of a domain. ICANN also requires an e-mail to be sent to both registrars involved in the transfer and allows five days for the losing registrar to cancel the transfer. (See: http://www.icann.org/transfers/policy-12jul04.htm.)

However, an error at Melbourne IT allowed an individual or individuals to use an account at Melbourne IT reseller Fibranet Services, a U.K.-based ISP (Internet service provider), to gain control of the Panix.com domain without the permission of Panix staff or Panix.com's domain registrar, Dotster of Vancouver, Washington, Tonkin wrote.

The administrative contact for the Panix domain at Dotster, the company's registrar, was not contacted before the transfer went through, as required by ICANN. Panix also was left in the dark about the transfer and only realized what was going on when it lost control of its domain Saturday, Ravin said.

Furthermore, an investigation by Fibranet revealed that the account to which ownership of the Panix.com domain was transferred was fraudulent and set up with stolen credit cards, Tonkin said.

The loophole that led to the unauthorized transfer has been closed and Australian authorities are investigating the fraudulent account. Some security features do exist to prevent hijacking, including a domain registration locking feature that automatically denies transfer requests. However, such a feature was not used for the Panix domain, he wrote.

For Panix customers like Andrew Ross, the mistake at Melbourne IT meant a weekend without e-mail, as Panix staff struggled to get through to their counterparts at Melbourne IT to reverse the changes.

Ross, of Brooklyn, New York, noticed there was a problem on Saturday morning, when he woke up to find an error message from his e-mail program.

While the domain hijacking wasn't a big inconvenience for Ross, who only uses Panix for e-mail, the loss of almost two days of e-mail messages does raise concerns about identity theft, if the hijackers mined the misdirected e-mail traffic for personal information, he said.

Ross contacted his bank and credit card companies to change the e-mail address connected to his account, he said.

There is no evidence that misdirected e-mail and Web traffic were being harvested for information. The hijacking is probably an instance of Internet "vandalism" that was intended to make a point, rather than siphon off sensitive information, Ravin said.

However, the success of the ploy points out a serious vulnerability in the Internet's domain management system, said Rosen, Panix's president.

The system is obviously broken," said Rosen, who expects to lose customers and "a bundle of money" as a result of the hijacking.

Rosen said he didn't know the motivation for the hijacking, but speculated that it may have been retaliation for his company's cooperation in identifying spammers, or an attempt to call attention to problems with the domain transfer system, as ICANN is in the midst of a comment period on domain transfer policies.

The involvement of Melbourne IT and Tonkin in the incident lends credence to the latter theory. Tonkin has been an active participant in discussions of domain transfer policy and has acted as chairman of the Names Council for the Domain Name Supporting Organization at ICANN.

ICANN is looking into the domain transfer system to see if there are ways to improve the security of domain transfers or provide more protection against erroneous transfers, wrote Steve Crocker, chairman of the group's Security and Stability Advisory Committee.

ICANN will be studying the interactions across organizations regarding domain transfers and considering ways to improve the system. But those recommendations and changes "may take a little while," he said.

As life returned to normal at Panix.com, the company was not making immediate changes, but was looking at ways to fix problems it encountered this weekend -- including a lack of 24-hour contact numbers at its own Internet registrar, Dotster, Ravin said.

Still, a permanent fix for the domain hijacking problem won't come without larger changes and cooperation from domain registrars, he said.

"Vandalism is common on the Internet. People break things because they can. And, as far as we can tell, there's nothing anyone can do to stop (hijacking) as long as there are registrars like Melbourne IT with loopholes that can be exploited," he said.

(Grant Gross in Washington, D.C., contributed to this report.)

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?