Feeds

The aftermath of a domain name hijack

Panix picks up the pieces

  • alert
  • submit to reddit

Boost IT visibility and business value

The industry needs to find a way to establish stronger trust in registrars if it is to avoid a repeat of last weekend's hijacking of the Panix.com domain name, says Alexis Rosen, Panix president.

He sees a problem in a system where so many entities are able to act as registrars, when that same system bases its stability on registrars being trustworthy. He argues that unless that trust can be strengthened, stronger penalties are needed for those who violate it.

New York based ISP Panix.com was the victim of a domain name hijack last weekend when Australian registrar Melbourne IT failed to properly confirm a transfer request for the domain name. The registrar says the loophole that caused the problem has been closed, now.

The rules governing domain name transfers were changed last November, in an effort to simplify a very bureaucratic process. However, some in the industry warned that the new rules - under which the domain owner must intervene within five days to stop an inter-registry transfer request - would make it easier for people to hijack domains.

Rosen suspects that the Panix.com name was hijacked to make just that point, but says there are other possible motives too. "Several have been suggested. I don't find any of them much more strongly compelling than the others."

So far, he says, the following scenarios seem plausible: that it was an attempt to hurt Panix - "We've made many enemies in the black-hat community over the years"; that it was an attempt to point out problems in the domain transfer process; it was done for publicity, and so serve as a warning to others, or that it was for direct financial gain.

This last possibility is become less likely as time passes: "Nobody's written to threaten us with another transfer if we don't pay up, or anything like that," Rosen says.

But how to stop it happening again? "This is an incredibly difficult subject, because certain operational requirements must be met," Rosen says. "But political interests control the process."

This is something of an understatement. Trying to persuade anyone to take final responsibility for the domain name system and domain name registration is a bit like trying to persuade Microsoft to show us a bit of source code. A system designed by consensus does not lend itself to top-down regulation.

Network Solutions has locked its customers' domain names, which means they need to approve any transfer requests. There have been suggestions that Panix's domain was locked, but that it was transferred anyway. Rosen says he is investigating this still, and doesn't have all the information he needs, yet.

As for Melbourne IT's statement on the hijack, he says it is a reasonably accurate reflection of his own assessment. But he would have appreciated an apology:

"I have no argument with it, except for the way he so carefully distances himself and MelbourneIT from it even while eventually admitting culpability. It takes an entire large paragraph to do that, and not once do we see 'We were responsible', much less 'We're sorry'. I think the thousands of people involved would have liked to see some sort of apology."

Apologies aside, Rosen says Panix's priorities right now are to deal with customer queries, try to straighten out the perception of what actually happened, and to "work with law enforcement agencies to try to catch the people responsible". ®

Related stories

Panix.com hijack: Aussie firm shoulders blame
Panix recovers from domain hijack
ICANN goes domain crazy
ICANN selects its wardens
ICANN pitches the internet's future

Boost IT visibility and business value

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Trying to sell your house? It'd better have KILLER mobile coverage
More NB than transport links to next-gen buyers - study
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.