An attacker hijacked Adobe.com from its owner, Adobe Systems Inc. Tuesday, disrupting the
big software firm’s Web server and e-mail service for most of Wednesday.
Adobe Systems Vice President of Information Systems Gerrard Rutter confirmed
Thursday that an as-yet unidentified attacker was able to perform an
unauthorized modification of the domain record for adobe.com.
The attacker apparently tricked Network
Solutions Inc. into transferring the domain record for adobe.com to Paycenter, an ICANN-accredited
registrar in China. Besides altering the domain’s contact information, the
name servers for the address were also modified.
The DNS changes caused connections Wednesday morning to www.adobe.com to
bring up Paycenter’s homepage. In addition, Rutter said Adobe employees were
unable to receive e-mail from outside the corporate network for most of the
day Wednesday. InternetNews confirmed late Wednesday that e-mails to
adobe.com addresses bounced with “host unknown” messages, but it wasn’t
immediately clear whether there was a period when the e-mails to adobe.com
were being redirected to Paycenter or another third-party.
According to Rutter, Adobe worked with Network Solutions and Paycenter to
correct the domain record after it noticed the problems early Wednesday
morning. “The biggest issue is that communication with NSI is well nigh
impossible. You end up in voicemail boxes,” said Rutter.
Officials from both registrars did not respond to interview requests
Thursday.
A
look-up on the adobe.com domain Wednesday listed the authorized contact
as Hill Lee, of Xiamen, China, with a mail.com e-mail address. Lee is also
listed as the webmaster for Xiamen-based Macroscape Computer Network Co., which
operates a Web site at msn.net.cn.
In an e-mail to InternetNews Thursday, Lee denied that he had hacked Adobe’s
domain record, saying instead that he had “misapprehended” it. Lee did not
elaborate on that explanation. According to the ICQ member profile for Lee,
who also uses the nickname Oldblack, he is 24 years old and lists hacking
among his personal interests.
By Thursday morning, the adobe.com record was still not restored to normal,
although the DNS entries had been corrected and e-mail to the company was no
longer bouncing, according to Rutter.
The hijacking of adobe.com is the latest in a series of domain tamperings
involving Network Solutions. In June, internet.com was transferred to a
company in Montreal without authorization from Internet.com Corp., the
publisher of InternetNews.com. Other recent, high-profile hijacking victims
including nike.com and exodus.net.
“I would say that this points out a fairly significant issue with the
processes within Network Solutions, that this could be so easily done,” said
Adobe’s Rutter.
In December of 1999, Network Solutions automatically released Microsoft’s
hotmail.com domain when the big company failed to pay its registration bill
on time. Adobe renewed the registration for the adobe.com domain in
September for 10 years, according to Kevin Burr, senior director of
corporate public relations.
In the recent internet.com hijacking, Network Solutions performed the
transfer even though the domain was protected by the highest level of NSI’s
Guardian
domain protection system, which requires a request for transfer be
authenticated with a PGP key. In internet.com’s case, only contact
information but not domain name root records were changed, so traffic to the
internet.com site and e-mail to company employees were not affected.
