When Internet Service Provider (ISP) Panix had their domain name hijacked over the weekend, no one quite knew exactly how it was done, until now.
Domain registrar Melbourne IT let it happen.
According to a statement released yesterday by Bruce Tonkin, Melbourne IT's CTO, evidence gathered so far indicates that a third party that holds an account with a reseller of Melbourne IT, fraudulently initiated the transfer. The third party appears to have used stolen credit cards to establish this account and pay for the transfer. The reseller is analysing its logs and cooperating with law enforcement agencies.
There was an error in the checking process prior to initiating the transfer, and thus the transfer should never have been initiated. The loophole that led to this error has since been closed.
The domain transfer process has several checks and balances in place that are supposed to prevent fraudulent domain transfers. The common practice is:
1. A person initiates a transfer for a domain name via a reseller or registrar
2. The gaining registrar is responsible for obtaining approval from the registrant. A gaining registrar is not permitted by the policy to initiate a transfer without approval from the registrant
3. The registrar initiates the transfer
4. The registry checks to see if the name is on Registrar-LOCK, if so, the transfer request is rejected
5. The registry will send a message to the losing registrar confirming that a transfer has been initiated
6. If the registry receives no response from the losing registrar after a 5 day period, the transfer will be completed
Despite all these processes put in place by Internet Corporation for Assigned Names and Numbers (ICANN), despite Panix having a Registrar-LOCKED domain name, Melbourne IT still transferred the domain and Panix paid the price.
It is not known if Panix will be filing for compensation.
|
|
Reader Comments: 0
