Latest news of the domain name industry

Recent Posts

Domain hijack leads to registrar shutdown threat

Kevin Murphy, April 12, 2012, Domain Registrars

ICANN has threatened to terminate Chinese domain name registrar eName Technology after the domain 1111.com was allegedly hijacked.

According to ICANN’s notice of breach (pdf), eName has refused to hand over data documenting the transfer of 1111.com as required by the Registrar Accreditation Agreement.

ICANN claims that when it tried to get eName’s help investigating a hijacking complaint, the company did not return its calls or emails.

The registrar now has 15 days to provide the transfer records as called for by the Inter-Registrar Transfer Policy.

According to historical Whois records, 1111.com was transferred to eName between February 12 and 16 this year. After a complaint, ICANN started chasing eName for the data on February 28.

The domain appears to have been owned by at least four different parties and three different registrars ā€“ Network Solutions, then Joker, then eName ā€“ since the start of 2012.

It’s the second time that ICANN has sent a breach notice to a registrar over an alleged mishandling of a domain name hijacking, and the first time it’s actually named the domain in question.

In February, the organization threatened Turkish registrar Alantron with the suspension of its contract over the botched handling of pricewire.com.

Register.com settles Baidu domain hijacking lawsuit

Kevin Murphy, November 25, 2010, Domain Registrars

Register.com has apologised to Chinese portal company Baidu for allowing its domain, baidu.com, to be hijacked by the Iranian Cyber Army hacker group.

The two companies have announced that the lawsuit, which alleged gross negligence among other things, has now been settled. Terms were not disclosed.

If Baidu’s complaint was to be believed, the hackers took over baidu.com with a trivial social engineering attack that relied upon a Register.com tech support employee being asleep at the wheel.

The company is one of China’s largest internet firms, employing over 6,000 people and turning over well over $600 million a year. But for the period of the hijack, visitors to baidu.com instead just saw the hackers’ defacement message instead.

The registrar had argued in court that its terms and conditions released it from liability, but the judge didn’t buy it.

Register.com, which was acquired by Web.com for $135 million in June, said yesterday:

After an internal investigation, we found that the breach occurred because Register’s security protocols had been compromised. We have worked with United States law enforcement officials and Baidu to address the issue. We sincerely apologize to Baidu for the disruption that occurred to its services as a result of this incident.

Baidu said it accepted the apology. And the check, I imagine.

Domain name hijacker gets jail time

Kevin Murphy, August 10, 2010, Domain Registrars

A man who hijacked Comcast’s domain name, causing hours of outages for the ISP’s customers, has been sentenced to four months in jail.

James Black, who went by the handle “Defiant”, will also have to serve 150 hours of community service, three years of supervised release, and pay Comcast $128,557 in restitution.

Assistant United States Attorney Kathryn Warma told the court:

Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos.

The attack took place over two years ago. Kryogenicks reportedly used a combination of social engineering and technical tricks to take over Comcast’s account at Network Solutions.

During the period of the hijacking, comcast.net redirected to the hacker’s page of choice. All Comcast webmail was unavailable for at least five hours.

  • Page 2 of 2
  • <
  • 1
  • 2