January 22, 2005

Don't Panix! Lessons Learned from Domain Name Hijacking

InternetWeek has a good article chronicling the recent hijacking of the Panix.com domain name, and the lessons learned.

It shows how the recent ICANN changes to domain transfer rules to make transfers easier and quicker has made the system more vulnerable to abuse. Apparently Panix, the New York ISP, took all the appropriate precautions in advance to protect themselves, but the hijacking occurred anyway. The amazing thing is that even with a domain lockdown in place, the "hacker took the domain with a very unsophisticated attack. The attacker simply used normal registration procedures and a stolen credit card to claim panix.com with a MelbourneIT registrar reseller."

It's a good read and offers some suggestions to protect yourself. But as this illustrates, it's still a fragile system. Even with precautions in place, I wouldn't be surprised to see this happen again.

Topic(s):   Privacy & Security
Posted by Jeff Beard