RealTime IT News

2600.com Domain Hijacked Due to Mix-up at NSI

As the Department of Commerce Monday prepares to rule on a deal between the Internet Corp. for Assigned Names and Numbers (ICANN) and VeriSign which would allow that company to hold onto both its registrar and registry businesses, reports of a high-profile foul-up related to the company's Network Solutions Inc. registrar business have surfaced on the Web.

On Friday, 2600 Magazine, a quarterly hacker magazine, discovered that its 2600.com domain had been hijacked.

"Imagine our surprise when we were told by readers that 2600.com no longer belongs to 2600.com!" the company said Friday. "That's the nightmare that we were greeted with on Friday due to a bizarre foul-up with Network Solutions."

NSI has since fixed the problem and the site is now back in 2600's hands.

The domain had been snapped up by a registrant known as NB Productions when the 2600.com domain expired. But 2600 was never notified of the impending expiration. Why? According to 2600, its registration information never found its way onto NSI's internal cosmetic database.

The magazine said the whole story began in June 2000, when someone managed to transfer its domain records to NSI rival register.com using forged e-mail. 2600 said it acted quickly and had register.com transfer the records back to NSI, but something went wrong on NSI's end.

According to WHOIS output from December, NSI was listed as the registrar, but it also kicked back the error: "Domain not found locally, but Registry points back to local DB. Local whois DB must be out of date."

"Initially, NSI told us they had no record of our even being registered with them, despite the information above," 2600 said. "From the explanation we eventually got from the techies at NSI, we had been entered into the registry database but not into NSI's internal cosmetic database. This resulted in our site both existing and not existing at the same time. We never got any notification when the domain was set to expire since we didn't exist in the billing section."

While 2600 noted that the foul-up occurred on NSI's end, it also credited the company with moving quickly to resolve the situation.

"We have to acknowledge that NSI did a great job fixing the problem once it became clear to the right people what the problem was," the magazine said. "We suggest keeping an eye out for this weird condition which could strike any site, particularly when domains are being transferred to different registrars. If your site appears to exist and not exist at the same time, you can be sure trouble is on the horizon."

Calls to VeriSign were not returned as of this writing.

This is not the first time a mix-up on NSI's end has affected a domain holder. Last October, an attacker apparently tricked the company into transferring the domain record for adobe.com -- owned by Adobe Systems Inc. -- to Paycenter, an ICANN-accredited registrar in China. adobe.com's contact information and the name servers for the address were modified.

And last June, InternetNews.com's publisher, internet.com Corp., was one of a number of companies whose domains were hija cked in a spoofing attack. The attackers were apparently able to get through NSI's security to force a change in the public Internic record for the company.