The aftermath of a domain name hijack
Panix picks up the pieces
The industry needs to find a way to establish stronger trust in registrars if it is to avoid a repeat of last weekend's hijacking of the Panix.com domain name, says Alexis Rosen, Panix president.
He sees a problem in a system where so many entities are able to act as registrars, when that same system bases its stability on registrars being trustworthy. He argues that unless that trust can be strengthened, stronger penalties are needed for those who violate it.
New York based ISP Panix.com was the victim of a domain name hijack last weekend when Australian registrar Melbourne IT failed to properly confirm a transfer request for the domain name. The registrar says the loophole that caused the problem has been closed, now.
The rules governing domain name transfers were changed last November, in an effort to simplify a very bureaucratic process. However, some in the industry warned that the new rules - under which the domain owner must intervene within five days to stop an inter-registry transfer request - would make it easier for people to hijack domains.
Rosen suspects that the Panix.com name was hijacked to make just that point, but says there are other possible motives too. "Several have been suggested. I don't find any of them much more strongly compelling than the others."
So far, he says, the following scenarios seem plausible: that it was an attempt to hurt Panix - "We've made many enemies in the black-hat community over the years"; that it was an attempt to point out problems in the domain transfer process; it was done for publicity, and so serve as a warning to others, or that it was for direct financial gain.
This last possibility is become less likely as time passes: "Nobody's written to threaten us with another transfer if we don't pay up, or anything like that," Rosen says.
But how to stop it happening again? "This is an incredibly difficult subject, because certain operational requirements must be met," Rosen says. "But political interests control the process."
This is something of an understatement. Trying to persuade anyone to take final responsibility for the domain name system and domain name registration is a bit like trying to persuade Microsoft to show us a bit of source code. A system designed by consensus does not lend itself to top-down regulation.
Network Solutions has locked its customers' domain names, which means they need to approve any transfer requests. There have been suggestions that Panix's domain was locked, but that it was transferred anyway. Rosen says he is investigating this still, and doesn't have all the information he needs, yet.
As for Melbourne IT's statement on the hijack, he says it is a reasonably accurate reflection of his own assessment. But he would have appreciated an apology:
"I have no argument with it, except for the way he so carefully distances himself and MelbourneIT from it even while eventually admitting culpability. It takes an entire large paragraph to do that, and not once do we see 'We were responsible', much less 'We're sorry'. I think the thousands of people involved would have liked to see some sort of apology."
Apologies aside, Rosen says Panix's priorities right now are to deal with customer queries, try to straighten out the perception of what actually happened, and to "work with law enforcement agencies to try to catch the people responsible". ®
Sponsored: 2016 Cyberthreat defense report