Feeds

The aftermath of a domain name hijack

Panix picks up the pieces

  • alert
  • submit to reddit

Business security measures using SSL

The industry needs to find a way to establish stronger trust in registrars if it is to avoid a repeat of last weekend's hijacking of the Panix.com domain name, says Alexis Rosen, Panix president.

He sees a problem in a system where so many entities are able to act as registrars, when that same system bases its stability on registrars being trustworthy. He argues that unless that trust can be strengthened, stronger penalties are needed for those who violate it.

New York based ISP Panix.com was the victim of a domain name hijack last weekend when Australian registrar Melbourne IT failed to properly confirm a transfer request for the domain name. The registrar says the loophole that caused the problem has been closed, now.

The rules governing domain name transfers were changed last November, in an effort to simplify a very bureaucratic process. However, some in the industry warned that the new rules - under which the domain owner must intervene within five days to stop an inter-registry transfer request - would make it easier for people to hijack domains.

Rosen suspects that the Panix.com name was hijacked to make just that point, but says there are other possible motives too. "Several have been suggested. I don't find any of them much more strongly compelling than the others."

So far, he says, the following scenarios seem plausible: that it was an attempt to hurt Panix - "We've made many enemies in the black-hat community over the years"; that it was an attempt to point out problems in the domain transfer process; it was done for publicity, and so serve as a warning to others, or that it was for direct financial gain.

This last possibility is become less likely as time passes: "Nobody's written to threaten us with another transfer if we don't pay up, or anything like that," Rosen says.

But how to stop it happening again? "This is an incredibly difficult subject, because certain operational requirements must be met," Rosen says. "But political interests control the process."

This is something of an understatement. Trying to persuade anyone to take final responsibility for the domain name system and domain name registration is a bit like trying to persuade Microsoft to show us a bit of source code. A system designed by consensus does not lend itself to top-down regulation.

Network Solutions has locked its customers' domain names, which means they need to approve any transfer requests. There have been suggestions that Panix's domain was locked, but that it was transferred anyway. Rosen says he is investigating this still, and doesn't have all the information he needs, yet.

As for Melbourne IT's statement on the hijack, he says it is a reasonably accurate reflection of his own assessment. But he would have appreciated an apology:

"I have no argument with it, except for the way he so carefully distances himself and MelbourneIT from it even while eventually admitting culpability. It takes an entire large paragraph to do that, and not once do we see 'We were responsible', much less 'We're sorry'. I think the thousands of people involved would have liked to see some sort of apology."

Apologies aside, Rosen says Panix's priorities right now are to deal with customer queries, try to straighten out the perception of what actually happened, and to "work with law enforcement agencies to try to catch the people responsible". ®

Related stories

Panix.com hijack: Aussie firm shoulders blame
Panix recovers from domain hijack
ICANN goes domain crazy
ICANN selects its wardens
ICANN pitches the internet's future

Providing a secure and efficient Helpdesk

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.