New York's Oldest ISP Gets Domain-Jacked

Howard Roark writes "Panix, the oldest commercial Internet provider in New York, had its domain name 'panix.com' hijacked by persons unknown. The main effect on users is that mail sent to panix's customers is being routed to a bogus mail server run by the hijackers."

Re:Total Hypocrisy, Michael

> Mike Sims was obliging enough to register the domain

In other words he owned the name from the beginning, hence could not 'hijack it'.

I'm going for a drive in my car. Can my neighbour report the car stolen? well sure, if they're stupid.

That's what this is.

Re:whois

Ah yes, Only on Slashdot will you hear the same people bemoan their inbox being filled with spam but at the same time suggesting that spamming is a legitimate way of getting back at people you don't like.

Have you ever thought that the email addresses listed could be of innocent people that the person responsible wants to get in trouble?

No, of course you didn't.

Re:Total Hypocrisy, Michael

[Black+Is+Beautiful]

Note that he never said that Michael shouldn't post such things. But one must remember that a person should practice what they preach, lest they become a hypocrite.

If michael doesn't want to be scrutinized over such things, then he shouldn't hijack domains.

Re:Total Hypocrisy, Michael

[martinoforum]

It's certainly ironic, I must say. But judging by most of my reading, the sole requirement of being an editor on a Linux or Open Source related news site is to be as insufferable an asshole as possible and refuse to resign, ever, regardless.

If it wasn't for the fact that I read Slashdot purely to be reminded of the fact that being a geek does not make you smart - something I feel it is good to remind oneself of on a regular basis - I would probably have stopped reading in horror.

But really, it would only matter if Michael had a good job. "He hijacked their domain! And now he's a success!" they cry. A success? Jesus, by what standards!? He reads hoax stories about fish washed up by tsunamis, doesn't bother to check any facts and just posts them regardless. And that doesn't even constitute doing a bad job, by Slashdot standards. So if that's the standards they require, I can't imagine it is too hard to get qualified "journalists" to work for them, and they doubtless pay a rate commensurate to his boundless skills.

Just get back to your Neal Stephenson books and consider him Andrew Loeb, everybody. He'll doubtless get shot in the end anyway...

Re:Total Hypocrisy, Michael

Mike Sims was obliging enough to register the domain

Because you didn't have any formal orginazation, he screwed you.

That's the problem with relying on donated resources, thay can go away at any time. Mike donated the domain name and webserver, then chose not to.

What he did next shows that he's not an honorable person, but then we knew that from his editorializing here on /..

Re:This happens quite a bit...

[ErichTheWebGuy]

Well, with a name like eviljim, I'm not surprised they wound up under your control [grin]

Re:Total Hypocrisy, Michael

[barc0001]

Yes. Should pedophiles be allowed to work with children? Should a rapist be allowed to work in a women's shelter?

Of course not. But your analogy is very flawed, because that's not what Micheal is doing here. Let me fix it for you:

Should a rapist be allowed to call the cops on another? Should a pedophile be able to blow the whistle on another pedophile cruising the schoolyard?

What do YOU think the answer to those two questions should be?

Now, if this was a story about how Michael was registering another domain for another website he'd offered to "help", then your analogy would hold.
And if you are truly not involved with that project, might I suggest you take that chip off your shoulder? Maybe Micheal isn't the nicest guy, who knows? Maybe he had a reason to do what he did, maybe not. All I read in that essay is one person's version of the facts, and as is usually the case, it's all a screed of "We did nothing wrong, he went nuts". Such things are rarely black and white, I am sure there is a lot more to the story than one person's writeup.

MelbourneIT Criminals

[Doc+Ruby]

As this post points out, having hijacked panix.com, MelbourneIT could be logging all userID/password logins to shell.panix.com . So Panix customers should all login to the "temporary" replacement, shell.panix.net , and change their passwords ASAP. Then fly to Melbourne with baseball bats.

pent-up anger

[Trepidity]

Michael has irritated a lot of people over the years, so when an opportunity comes up to complain, there's a lot of people who do, and a lot more people who smile and say "finally!"

(Whether this is a good or bad phenomenon is left as an exercise to the reader.)

frontier justice

I have to post this as an AC but ....

This is an issue like spam. Frankly, and I doupt Alexis Rosen et all will go this route, but what should happen now is gunshot wounds to the head. My guess is this is a scam to clean out the paypal accounts of panix customers and/or steal domains that are hosted by panix.

Re:If they forgot to renew the domain

[BJH]

Nice post - don't bother looking into the facts yourself, just start spouting wild speculation and slander.

If you'd actually got off your fat ass and done some research, you'd know that the domain did NOT expire, and in fact the registrar still thinks it's registered with them (when it obviously isn't).

Re:Rogue registrars?

[Aurix]

What's particularly scary is that melbourneIT.com isn't open on the weekends, period

Perhaps you might like to check their site before you make such comments. They have 24/7 support.

Re:If they forgot to renew the domain

[BJH]

Sorry for the thermite reply, but suggesting the oldest ISP on the East Coast can't find their own asses with a flashlight and a map is a bit insulting.

In any case, I apologise for overreacting.

Re:Password Recovery

[Legion303]

"cause they're involved in what could be considered an act of international terrorism, and I'm not being sarcastic."

Maybe not, but you're sure diluting the living fuck out of the word "terrorism."

Re:Rogue registrars?

I've seen this stuff about Melb IT being a "willing party" to hijackings a couple of times in this post now, and nobody's given a specific example. Got one? I'm honestly curious.

What the hell do they have to gain out of this?

Not Hypocricy, but Irony

[TFGeditor]

This is a superb example of "irony," oft-misapplied on Slashdot, not hypocricy.

Re:Rogue registrars?

as has go daddy... enom, nsi...

name me ONE larger registrar who *hasnt* been involved in a domain hijack? go on... i dare you...

Re:Password Recovery

[dbIII]

they're involved in what could be considered an act of international terrorism

Terrorists kill people - lets keep some perspective here.

that's true

[Trepidity]

But the inverse isn't necessarily true.

Re:Rogue registrars?

I'm anonymous because I choose to be. Fuck - you're talking about "vigilante justice" at the drop of a hat without knowing half the facts about a situation, and you're wondering why I want to stay anonymous?

As for your points, as has been mentioned in one or two of the more rational posts here, transfers are conducted by the top-level registry. That's Verisign, for .com domains, if you didn't know. VERISIGN.

Under the new transfer rules, brought to us recently by the ever-lovable ICANN, transfers go ahead FIVE DAYS after they are requested unless the domain is LOCKED BY THE CURRENT REGISTRAR, or the admin contact for the domain EXPLICITLY REJECTS IT.

Melbourne IT has no control over what's transferred in. If Verisign says "hey, you manage this domain now", even on a Sunday morning - they get it. Five days after the admin contact has failed to reject it.

A registrar can't touch a domain until Verisign assigns control to them. They don't have special powers to magically shuffle the things around. Melbourne IT gets calls all the time from people wanting their domains transferred in with a magic transfer button, but if the current registrar has a lock on it, there's nothing that can be done.

panix rules

note how alexis keeps his cool in this message:

Hi, all.

I hate to pop my head up after years of lurking, only when things are going bad, but probably better that than remaining silent.

First of all, I'm going to be bounced from this list once its cache of my DNS times out, which will probably be in about 2-3 hours, so if you have anything to say that you'd like me to see, please copy me. We're temporarily accepting mail at panix.net in addition to panix.com, so use alexis (at) panix.net.

A few points to respond to:

First, Eric, thanks for contacting Bruce and Eric on my behalf. While nothing has happened so far, I hope that it will soon, and in any case I appreciate your efforts to help a total stranger.

Someone asked if we had registrar-lock set. It's not clear to me what happened. Our understanding is that we had locks on all of our domains. However, when we looked, locks were off on panix.net and panix.org, which we own but don't normally use. It's not clear how that happened; dotster has yet to contact us with any information about, well, anything at all. They did answer a call this morning; they're apprently in the middle of an ice storm. All I was able to larn from them is that according to the person I talked to, they had no records of any transfer requests on our domain from today back through last October.

Someone suggested invoking a dispute procedure. We'll do that, as soon as we can get someone to actually accept the dispute, but if it goes through that process to completion, many people will suffer, and Panix itself will be tremendously damaged. How long do you think even our customers will stay loyal? (Forever, for many of them, but that doesn't mean the won't be forced to start using a different service.)

While it's true that MelbourneIT won't do anything before (their) Monday morning, I don't want to paint them as bad guys in this drama. I don't know how they're organized and I don't know how difficult it is for them logistically. Of course I want them to move faster. Much faster. But I'll take what I can get.

And speaking of MIT, I don't intend to send them "nastygrams" - nor NSI either. Neither of them owes me anything (at least directly) and being heavyhanded would not be a good way to get what I want (restoral of the panix.com domain to dotster) even if I thought they deserved it. I expect that there will be criminal prosecutions arising out of this, but the time for that sort of thing is later, when things are back to normal, and we've fixed any systemic vulnerabilities that can be fixed before they're used to wreak mass havoc. And it's anyone's guess who the target of those prosecutions will be, but I doubt MIT or NSI will be among them.

Lastly, someone expressed surprise that I'd call MIT's lawyer directly. I didn't. I spent *hours* trying to find working contact info for MIT and Dotster. I didn't find useful 24-hour NOC-type info anywhere. (Someone obviously has this info; I expect it's restricted to a list of registrars.) I reached Dotster's customer support when they opened for business Saturday morning; the guy was polite, and did what he could, but I saw no evidence whatsoever of the promised attempt to assist me after he got off the phone. MIT apparently has no weekend support at all; I finally located their CEO's cellphone in an investor-relations web page. I caled him, and he had his lawyer call me back. That was his choice. FWIW, she's not "just" a lawyer; she's apparently the person who has to make decisions about reverting control of the domain. So she at least needs to be aware of our position. My impression is that she didn't fully grasp the gravity of the situation, and so treated us like she'd treat any other annoying customer who managed to track her down on her day off. This is somewhat understandable (though infuriating) which is why I'd hoped to talk to someone on their tech side first. No luck there, but if any of this reaches them, maybe that will start things going.

Thanks again to everyone who has tried to help us today.

/a

Main effect = bad

[nurb432]

Pretty bad when your mail doesnt come to you..

Espcially if you are business taking orders.. or have the potential for confidential or personal info being in your emails..

Good thing we all encrypt our mail.. right?

Is *your* company's DNS registered with VeriSign?

[philgross]

Verisign has spent big $$$ to advertise its brand as the choice for heavyweight corporate customers. It boggles my mind that they're letting a high-visibility ISP twist in the wind. Talk about brand devaluation.

Any slashdot reader in coroporate IT should be writing a memo on this and sending it to the CIO/CTO and Legal teams. What will *your* company's registrar do if someone jacks your domain on a weekend? If you're paying the bucks for Verisign, the answer seems to be nada, or maybe they'll write you an infuriating not-out-problem e-mail.

I think the marketing/sales task for Verisign's competitors just got a notch easier too. Nothing like a good horror story...

preventable

[john_uy]

if we use dnssec. i read an article just this week about the integrity of the dns. initially, i thought that why would you need this type of implementation - here comes the reason. we can see it happen more. by using dnssec, in theory it should be able to "legitimize" dns requests and verify their authenticity before changes are being made to dns records. in this case, 3rd party will not be able to change the records because they will not have the private key from panix, for example.

this technology is new but this type of scenarios should speed things up in making it a requirement for dns deployments.

Re:Panix

[canuck57]

but this may take until Monday, due to the time differences and difficulties in reaching responsible parties over the weekend.

I smell a law suit a happening. But given the lack of response from this registrar their registration should be pulled if they don't have it fixed with 30 minutes notice.

And maybe ISPs will lean on ICANN to remove the registrar. It is easy to protest. If the top ten ISPs blocked this registrars DNS servers this would in fact make it worth their while to get their act together. If I worked for Earthlink, RR, Sprint, Simpatico, Telus, ATT and others, and had the authority to do this I would participate. As there has to be NO DNS registrar that is fradulent. As it could have been my domain that was hyjacked.

Re:it's worse than that...

I'm just a paralegal, so this isn't legal advice. But I've worked on these cases enough to know what that letter is telling you. First, you need to hire a lawyer to handle this. Second, the letter is telling you the precise steps to take. Follow them like you would command line instructions and you will get the best results.

Only the new registrar can help. That is your target. Get Dotster to send the Request for Enforcement. Call up and get to know someone at Dotster (and Melbourne) and call and call and call. Be friendly and do all they ask, step by step. Give them all the info you can find about the new person claiming ownership. Look up in Betterwhois and find out who is the new owner. I'm betting dollars to doughnuts, you will find it isn't a real address. Try to contact the new owner by the address, email, phone listed. If you get no response, tell Dotster. Point that out. Find out if the new place is spamming, porn, whatever. That is almost certainly what is happening to your customers. Make clear to the new registrar that they got the domain through lying, trickery, however they got it. Details and proof.

This is a standard hustle, and usually names change as well as registrars. They generally use more than one hop because it is harder to get it back, harder to trace. Verizon is the worst, in my experience, and they won't help you, but if you can get Dotster and Melbourne on this, they will have to. Make a note of who didn't help you and make future decisions about who you want as your registrar.

You should be able to get it back, but it may take time.

Again, the key to it all is get a lawyer. They know exactly how this dance goes. A lawyer who does UDRP. That is what you ask for. It's called domain name hijacking.

.net domain usage

.net is not just for internet infrastructure companies. It is also for a company's own network infrastructure.

Besides when has .net .com & .org been used correctly in the past umpteen years?

Hey, my domain was stolen the other week too

[maugt]

This does happen a lot more than you think. I started a blog to document it at Orangelimey.blogs.com

NSI is currently claiming that the transfer was legitimate - somehow the hijacker got into the administrative contact's email and compromised the accounts - how we still don't know. However, the person that ended up with the domain seems to be willing to give it back.

Really, the whole domain security thing is ridiculous. For a domain (which is considered property under a ruling from the appeals court in the sex.com case) to be transfered with such lax legal proceedings is pathetic. Can I steal your car or your house by simply faking email and guessing passwords? Of course not.

Maybe panix can make enough of a stink about this to get someone to stand up and take notice - although who can do this I don't know. ICANN is toothless and only cares about trademark disputes.

Someone told me as a result of this that 40,000 domains were hijacked in the last year. I don't know where this data comes from, but really, obviously something is wrong.

Feel sorry for panix, I used them when I lived in NYC

Re:Hey, my domain was stolen the other week too

[HiThere]

I'm not sure that ICANN is toothless at all. I suspect their interests just lie elsewhere.

Whatever happened to the election of the ICANN board? Trust them? For anything? After that?

ICANN: a slow moving parody of itself.

[rs79]

Exsqueeze me? One of the biggest registrars that a lot of poeple have had trouble with is CLOSED for the weekend?

I run a bunch of (free) mailing lists and DNS for a variety of stupid things like cars, tropical fish, dns etc. I'm open 24/7 and get calls at 4:30 am, not happily, but I do fix stuff. That MIT as a multimillion dollar organization thinks it's ok to take the weekend off critical internet infrastructure should be enough to get their precious ICANN accreditation yanked. But given how much money MIT pays ICANN this will never happen.

Expect fully a press release from ICANN saying how responsive MIT was in this situation.

Welcome to the modern internet.

no, it's a good thing

[frovingslosh]

what a sad state of affairs when it's trivial to hijack a domain, but it takes an act of god to return it to its rightful owner. apparently, even law enforcement can't get verisign or melbourneit to do squat:>/I>

I think it's good that the response was what it was. After the lawsuits service providers like verisign will have learned an important lesson. Had they just put things back and said "opps" the chance to teach them them the importance of not letting this happen in the first place might have been lost.