New York's Oldest ISP Gets Domain-Jacked

Howard Roark writes "Panix, the oldest commercial Internet provider in New York, had its domain name 'panix.com' hijacked by persons unknown. The main effect on users is that mail sent to panix's customers is being routed to a bogus mail server run by the hijackers."

Re:Total Hypocrisy, Michael

> Mike Sims was obliging enough to register the domain

In other words he owned the name from the beginning, hence could not 'hijack it'.

I'm going for a drive in my car. Can my neighbour report the car stolen? well sure, if they're stupid.

That's what this is.

Re:Total Hypocrisy, Michael

[Black+Is+Beautiful]

Note that he never said that Michael shouldn't post such things. But one must remember that a person should practice what they preach, lest they become a hypocrite.

If michael doesn't want to be scrutinized over such things, then he shouldn't hijack domains.

Re:Total Hypocrisy, Michael

[martinoforum]

It's certainly ironic, I must say. But judging by most of my reading, the sole requirement of being an editor on a Linux or Open Source related news site is to be as insufferable an asshole as possible and refuse to resign, ever, regardless.

If it wasn't for the fact that I read Slashdot purely to be reminded of the fact that being a geek does not make you smart - something I feel it is good to remind oneself of on a regular basis - I would probably have stopped reading in horror.

But really, it would only matter if Michael had a good job. "He hijacked their domain! And now he's a success!" they cry. A success? Jesus, by what standards!? He reads hoax stories about fish washed up by tsunamis, doesn't bother to check any facts and just posts them regardless. And that doesn't even constitute doing a bad job, by Slashdot standards. So if that's the standards they require, I can't imagine it is too hard to get qualified "journalists" to work for them, and they doubtless pay a rate commensurate to his boundless skills.

Just get back to your Neal Stephenson books and consider him Andrew Loeb, everybody. He'll doubtless get shot in the end anyway...

Re:Total Hypocrisy, Michael

Mike Sims was obliging enough to register the domain

Because you didn't have any formal orginazation, he screwed you.

That's the problem with relying on donated resources, thay can go away at any time. Mike donated the domain name and webserver, then chose not to.

What he did next shows that he's not an honorable person, but then we knew that from his editorializing here on /..

MelbourneIT Criminals

[Doc+Ruby]

As this post points out, having hijacked panix.com, MelbourneIT could be logging all userID/password logins to shell.panix.com . So Panix customers should all login to the "temporary" replacement, shell.panix.net , and change their passwords ASAP. Then fly to Melbourne with baseball bats.

pent-up anger

[Trepidity]

Michael has irritated a lot of people over the years, so when an opportunity comes up to complain, there's a lot of people who do, and a lot more people who smile and say "finally!"

(Whether this is a good or bad phenomenon is left as an exercise to the reader.)

Re:Password Recovery

[Legion303]

"cause they're involved in what could be considered an act of international terrorism, and I'm not being sarcastic."

Maybe not, but you're sure diluting the living fuck out of the word "terrorism."

Re:Password Recovery

[dbIII]

they're involved in what could be considered an act of international terrorism

Terrorists kill people - lets keep some perspective here.

that's true

[Trepidity]

But the inverse isn't necessarily true.

panix rules

note how alexis keeps his cool in this message:

Hi, all.

I hate to pop my head up after years of lurking, only when things are going bad, but probably better that than remaining silent.

First of all, I'm going to be bounced from this list once its cache of my DNS times out, which will probably be in about 2-3 hours, so if you have anything to say that you'd like me to see, please copy me. We're temporarily accepting mail at panix.net in addition to panix.com, so use alexis (at) panix.net.

A few points to respond to:

First, Eric, thanks for contacting Bruce and Eric on my behalf. While nothing has happened so far, I hope that it will soon, and in any case I appreciate your efforts to help a total stranger.

Someone asked if we had registrar-lock set. It's not clear to me what happened. Our understanding is that we had locks on all of our domains. However, when we looked, locks were off on panix.net and panix.org, which we own but don't normally use. It's not clear how that happened; dotster has yet to contact us with any information about, well, anything at all. They did answer a call this morning; they're apprently in the middle of an ice storm. All I was able to larn from them is that according to the person I talked to, they had no records of any transfer requests on our domain from today back through last October.

Someone suggested invoking a dispute procedure. We'll do that, as soon as we can get someone to actually accept the dispute, but if it goes through that process to completion, many people will suffer, and Panix itself will be tremendously damaged. How long do you think even our customers will stay loyal? (Forever, for many of them, but that doesn't mean the won't be forced to start using a different service.)

While it's true that MelbourneIT won't do anything before (their) Monday morning, I don't want to paint them as bad guys in this drama. I don't know how they're organized and I don't know how difficult it is for them logistically. Of course I want them to move faster. Much faster. But I'll take what I can get.

And speaking of MIT, I don't intend to send them "nastygrams" - nor NSI either. Neither of them owes me anything (at least directly) and being heavyhanded would not be a good way to get what I want (restoral of the panix.com domain to dotster) even if I thought they deserved it. I expect that there will be criminal prosecutions arising out of this, but the time for that sort of thing is later, when things are back to normal, and we've fixed any systemic vulnerabilities that can be fixed before they're used to wreak mass havoc. And it's anyone's guess who the target of those prosecutions will be, but I doubt MIT or NSI will be among them.

Lastly, someone expressed surprise that I'd call MIT's lawyer directly. I didn't. I spent *hours* trying to find working contact info for MIT and Dotster. I didn't find useful 24-hour NOC-type info anywhere. (Someone obviously has this info; I expect it's restricted to a list of registrars.) I reached Dotster's customer support when they opened for business Saturday morning; the guy was polite, and did what he could, but I saw no evidence whatsoever of the promised attempt to assist me after he got off the phone. MIT apparently has no weekend support at all; I finally located their CEO's cellphone in an investor-relations web page. I caled him, and he had his lawyer call me back. That was his choice. FWIW, she's not "just" a lawyer; she's apparently the person who has to make decisions about reverting control of the domain. So she at least needs to be aware of our position. My impression is that she didn't fully grasp the gravity of the situation, and so treated us like she'd treat any other annoying customer who managed to track her down on her day off. This is somewhat understandable (though infuriating) which is why I'd hoped to talk to someone on their tech side first. No luck there, but if any of this reaches them, maybe that will start things going.

Thanks again to everyone who has tried to help us today.

/a

Is *your* company's DNS registered with VeriSign?

[philgross]

Verisign has spent big $$$ to advertise its brand as the choice for heavyweight corporate customers. It boggles my mind that they're letting a high-visibility ISP twist in the wind. Talk about brand devaluation.

Any slashdot reader in coroporate IT should be writing a memo on this and sending it to the CIO/CTO and Legal teams. What will *your* company's registrar do if someone jacks your domain on a weekend? If you're paying the bucks for Verisign, the answer seems to be nada, or maybe they'll write you an infuriating not-out-problem e-mail.

I think the marketing/sales task for Verisign's competitors just got a notch easier too. Nothing like a good horror story...

Re:it's worse than that...

I'm just a paralegal, so this isn't legal advice. But I've worked on these cases enough to know what that letter is telling you. First, you need to hire a lawyer to handle this. Second, the letter is telling you the precise steps to take. Follow them like you would command line instructions and you will get the best results.

Only the new registrar can help. That is your target. Get Dotster to send the Request for Enforcement. Call up and get to know someone at Dotster (and Melbourne) and call and call and call. Be friendly and do all they ask, step by step. Give them all the info you can find about the new person claiming ownership. Look up in Betterwhois and find out who is the new owner. I'm betting dollars to doughnuts, you will find it isn't a real address. Try to contact the new owner by the address, email, phone listed. If you get no response, tell Dotster. Point that out. Find out if the new place is spamming, porn, whatever. That is almost certainly what is happening to your customers. Make clear to the new registrar that they got the domain through lying, trickery, however they got it. Details and proof.

This is a standard hustle, and usually names change as well as registrars. They generally use more than one hop because it is harder to get it back, harder to trace. Verizon is the worst, in my experience, and they won't help you, but if you can get Dotster and Melbourne on this, they will have to. Make a note of who didn't help you and make future decisions about who you want as your registrar.

You should be able to get it back, but it may take time.

Again, the key to it all is get a lawyer. They know exactly how this dance goes. A lawyer who does UDRP. That is what you ask for. It's called domain name hijacking.

Hey, my domain was stolen the other week too

[maugt]

This does happen a lot more than you think. I started a blog to document it at Orangelimey.blogs.com

NSI is currently claiming that the transfer was legitimate - somehow the hijacker got into the administrative contact's email and compromised the accounts - how we still don't know. However, the person that ended up with the domain seems to be willing to give it back.

Really, the whole domain security thing is ridiculous. For a domain (which is considered property under a ruling from the appeals court in the sex.com case) to be transfered with such lax legal proceedings is pathetic. Can I steal your car or your house by simply faking email and guessing passwords? Of course not.

Maybe panix can make enough of a stink about this to get someone to stand up and take notice - although who can do this I don't know. ICANN is toothless and only cares about trademark disputes.

Someone told me as a result of this that 40,000 domains were hijacked in the last year. I don't know where this data comes from, but really, obviously something is wrong.

Feel sorry for panix, I used them when I lived in NYC