panix hijack press

Darrell Greenwood nanog at
Wed Jan 19 23:20:12 UTC 2005 hijack: Aussie firm shoulders blame
By Lucy Sherriff
Published Wednesday 19th January 2005 16:49 GMT

An Australian domain registrar has admitted to its part in last
weekend's domain name hijack. of a New York ISP. Melbourne IT says it
failed to properly confirm a transfer request for the

Ed Ravin, a Panix system administrator, says the Melbourne IT error
enabled fraudsters using stolen credit cards to assume control of the
domain. Thousands of customers lost email access for the
duration of the occupation, and many emails will never be recovered.

The mistake was compounded by the unavailability of Melbourne IT
staff over the weekend - the company rectified its mistake late on
Sunday evening, US time. Speaking to ComputerWorld Ravin said he was
unable to contact anyone in support at Melbourne IT until the
company's offices opened on Monday morning.

Bruce Tonkin, Melbourne IT's CTO, offered the following explanation:

"In the case of, evidence so far indicates that a third
party that holds an account with a reseller [UK based Fibranet] of
Melbourne IT, fraudulently initiated the transfer. The third party
appears to have used stolen credit cards to establish this account
and pay for the transfer. That reseller is analysing its logs and
cooperating with law enforcement."

A loophole that allowed the error, that caused the problem has now
been closed, he added.

The roots of the affair lie in new rules governing the transfer of
domain name ownership. These rules, which came into effect last
November, mean that inter-registry transfer requests are
automatically approved after five days unless countermanded by the
owner of a domain.

When ICANN proposed the new procedures, many in the industry warned
that as well as making it easier to move domains around, the change
would make it easier for people to hijack domains. Network Solutions,
for example, took the precautionary step of locking all its
customers' domains. says its domain name was locked, and
that despite this, it was still transferred. ®

More information about the NANOG mailing list