the panix hijacking and icann's transfer policy

Frannie Wellings wellings at EPIC.ORG
Mon Jan 17 22:19:39 CET 2005


[Important:  "...As Panix offers shell access from anywhere, the
person or people who hijacked could theoretically have collected the
usernames and passwords of those who logged in during the period when
the domain was hijacked..."  Still not a lot of news coverage about
the Panix incident, but I thought this was quite a good article.]

New York ISP's domain hijacked
By Sam Varghese
January 17, 2005
http://www.theage.com.au/news/Breaking/New-York-ISPs-domain-hijacked/2005/01/17/1105810810053.html?oneclick=true

The domain name of Panix, the oldest commercial internet service
provider in New York, was hijacked on Friday evening US time and the
company is in the process of recovering the same.

In a statement on its website, the company said the ownership of
panix.com was moved to a company in Australia, the actual DNS records
were moved to a company in the United Kingdom, and panix.com's mail
has been redirected to yet another company in Canada.

The Australian company, MelbourneIT, "has reverted the domain back to
us, and the global internet registry and domain name servers are now
showing the correct information," Panix said.

"However, due to the distributed nature of the internet domain name
system, it will take four to 24 more hours before the false data from
the hijacking expires and is discarded by the various name servers."

As Panix offers shell access from anywhere, the person or people who
hijacked could theoretically have collected the usernames and
passwords of those who logged in during the period when the domain
was hijacked, according to one post to the mailing list of the North
American Network Operators Group.

The panix.com domain was registered with Dotster. According to
postings to the NANOG mailing list, Panix contacted Verisign which
serves as the definitive registry for .com and .net domain names.

However, Verisign replied that there was little it could do to
rectify the situation. "If necessary, Dotster (or Melbourne) is more
than welcome to contact us to obtain the specific details as to when
the notices were sent and other historical information about the
transfer itself," a customer service representative replied to Panix.

"Dotster can file a Request for Enforcement if Melbourne IT contends
that the request was legitimate and we will review the dispute and
respond accordingly. Dotster can also contact Melbourne directly and
if they come to an agreement that the transfer was fraudulent they
can file a Request for Reinstatement and the domain would be
reinstated to its original Registrar," the Verisign customer service
representative wrote.

"Dotster could submit a normal transfer request to Melbourne IT for
the domain name and hope that Melbourne IT agrees to transfer the
name back to them outside of a dispute having been filed. In order to
expedite processing the transfer or submitting a Request for
Reinstatement however Dotster will need to contact Melbourne IT
directly. If Dotster is unable to get in touch with anyone at
Melbourne IT we can assist them directly if necessary."

In the interim, Panix set up a panix.net domain for its subscribers
to utilise as a temporary solution.

Several network admins who posted to the NANOG list were critical of
Melbourne IT, claiming that the company was slow to react to the
situation.

However Theo Hnarakis, chief executive officer and managing director
of the company, denied Melbourne IT had been slow to act. "Alex Rosen
contacted me at midday Sunday and within 24 hours we ascertained that
his complaint was genuine and transferred the domain back," he said.

"I indicated to Alex that it would take some time to ascertain the
autenticity of the charge and that we would act as soon as possible."

Hnarakis said a transfer could not be done until procedures were gone
through to ascertain whether the complaint was genuine.

"We ourselves were not involved in the transfer of panix.com; it was
done by one of our authorised resellers. We are now trying to
ascertain the how and why of things and as soon as we have a clear
picture we will be able to provide more details publicly if the other
parties involved have no objection," he said.

In a posting to the NANOG list, Melbourne IT's chief technology
officer Bruce Tonkin said: "We are... investigating the chain of
events that led to the problem in the first place. This will take
longer, due to the various timezones and parties involved. In this
case one of the parties was an ISP in the United Kingdom, which is a
reseller of Melbourne IT."

New rules for transferring domains came into effect on November 12
and under these rules requests for transferring a domain are
automatically approved in five days unless they are denied by the
owner of the domain.

However in the case of Panix, this does not appear to be the case.

According to the old rules, the ownership of a domain and the
nameservers allotted stayed as such if a request for a transfer
evoked no response.

Shortly before the rules took effect, the network services provider
Netcraft had warned that domain owner who did not manage their
records carefully would face problems under the new regime.

If the contact addresses given in the records were incorrect then a
request for transfer would go to a wrong address and after five days
of no response, the transfer would become effective, it said.

No reply becomes the equivalent of saying "yes" to a transfer
request, according to the new ICANN policy. ICANN recently put up a
page seeking public comment on experiences with inter-registrar
transfer.
--

~~~
Frannie Wellings
Policy Fellow, the Electronic Privacy Information Center   ~
http://www.epic.org
Director, The Public Voice    ~   http://www.thepublicvoice.org

1718 Connecticut Ave. N.W., Suite 200
Washington, D.C.  20009
USA

wellings at epic.org

+1 202 483 1140 x 107 (telephone)
+1 202 483 1248 (fax)
~~~


More information about the Ncuc-discuss mailing list