RealTime IT News

Adobe.com Falls Prey to Domain Hijacker

An attacker hijacked Adobe.com from its owner, Adobe Systems Inc. Tuesday, disrupting the big software firm's Web server and e-mail service for most of Wednesday.

Adobe Systems Vice President of Information Systems Gerrard Rutter confirmed Thursday that an as-yet unidentified attacker was able to perform an unauthorized modification of the domain record for adobe.com.

The attacker apparently tricked Network Solutions Inc. into transferring the domain record for adobe.com to Paycenter, an ICANN-accredited registrar in China. Besides altering the domain's contact information, the name servers for the address were also modified.

The DNS changes caused connections Wednesday morning to www.adobe.com to bring up Paycenter's homepage. In addition, Rutter said Adobe employees were unable to receive e-mail from outside the corporate network for most of the day Wednesday. InternetNews confirmed late Wednesday that e-mails to adobe.com addresses bounced with "host unknown" messages, but it wasn't immediately clear whether there was a period when the e-mails to adobe.com were being redirected to Paycenter or another third-party.

According to Rutter, Adobe worked with Network Solutions and Paycenter to correct the domain record after it noticed the problems early Wednesday morning. "The biggest issue is that communication with NSI is well nigh impossible. You end up in voicemail boxes," said Rutter.

Officials from both registrars did not respond to interview requests Thursday.

A look-up on the adobe.com domain Wednesday listed the authorized contact as Hill Lee, of Xiamen, China, with a mail.com e-mail address. Lee is also listed as the webmaster for Xiamen-based Macroscape Computer Network Co., which operates a Web site at msn.net.cn.

In an e-mail to InternetNews Thursday, Lee denied that he had hacked Adobe's domain record, saying instead that he had "misapprehended" it. Lee did not elaborate on that explanation. According to the ICQ member profile for Lee, who also uses the nickname Oldblack, he is 24 years old and lists hacking among his personal interests.

By Thursday morning, the adobe.com record was still not restored to normal, although the DNS entries had been corrected and e-mail to the company was no longer bouncing, according to Rutter.

The hijacking of adobe.com is the latest in a series of domain tamperings involving Network Solutions. In June, internet.com was transferred to a company in Montreal without authorization from Internet.com Corp., the publisher of InternetNews.com. Other recent, high-profile hijacking victims including nike.com and exodus.net.

"I would say that this points out a fairly significant issue with the processes within Network Solutions, that this could be so easily done," said Adobe's Rutter.

In December of 1999, Network Solutions automatically released Microsoft's hotmail.com domain when the big company failed to pay its registration bill on time. Adobe renewed the registration for the adobe.com domain in September for 10 years, according to Kevin Burr, senior director of corporate public relations.

In the recent internet.com hijacking, Network Solutions performed the transfer even though the domain was protected by the highest level of NSI's Guardian domain protection system, which requires a request for transfer be authenticated with a PGP key. In internet.com's case, only contact information but not domain name root records were changed, so traffic to the internet.com site and e-mail to company employees were not affected.