Widespread domain hack hits Emory University, others

[mea culpa <jericho () DIMENSIONAL COM>]

Forwarded From: darek.milewski () us pwcglobal com

Widespread domain hack hits Emory University, others
By Patricia Jacobus
Staff Writer, CNET News.com
January 11, 2000, 4:00 a.m. PT

http://news.cnet.com/category/0-1005-200-1519750.html

A hacker hijacked several Internet addresses over the weekend, confusing
computer users and inconveniencing the organizations involved.

All but two of the domain names, which were redirected to another
company's Web site, were restored by yesterday afternoon. But some
organizations, like Emory University in Atlanta, were still struggling to
get their Web sites back in order, they said.

Somehow, someone tapped into the universal registry operated by Network
Solutions (NSI) and changed at least nine Net addresses redirecting users
to the Web site of a New Jersey company called HighSpeedNet.net, said Jan
Gleason, vice president of communications at Emory University.

NSI representatives could not immediately be reached for comment.

The operator of HighSpeedNet, a 19-year-old software technician, explained
he was not the culprit, but a victim.

"There's no reason for anyone to believe me," Ralph Hughes said in an
interview yesterday afternoon. "But somebody got a hold of my password and
authorized all these changes. There really wasn't anything I could do
about it."

This is the third time in a month that there have been major problems
surrounding domain names.

In late December, consumers complained that the universal software used to
reserve Net names occasionally went on the blink, causing some people to
lose out on a sought-after name.

And last week, several registrars had to recall hundreds of domain names
sold over the past few months with trailing or leading hyphens in the
addresses. The hyphens were not allowable, but somehow NSI's registry
accepted the domains anyway.

Other companies affected by the hacker's weekend work included Exodus
Communications, Colorado University, Corecomm and Dreamcast.

Hughes said he first learned of the problem Saturday morning when he
reported to work and checked his email.

"There was a notice that all these domains were transferred to me," he
said, somewhat exasperated.

Shortly thereafter he discovered that the high traffic being redirected to
HighSpeedNet was causing problems for his viewers, who couldn't get into
chat rooms or click around the Web site.

Hughes said he quickly called all the companies affected in an attempt to
repair the problem.

The universities had to wait until today to get help. NSI provides service
for ".edu" domains only during the week.

For Emory University, that meant faculty members and administrators
couldn't use email, and prospective students weren't able to check out the
school's site.

"We're not in classes right now, so for us it was just a few minor
headaches,"  Gleason said. "But we're told it's going to take until
tomorrow to fix the problem, which has been going on for 60 hours now. On
the Internet 60 hours is a lifetime."

The incident has sparked a renewed interest by college advocates to demand
better service for ".edu" domains. Universities don't pay a fee for the
Internet addresses and in turn don't get seven-day-a-week service.

Last year, a group called Educause, which represents college network
administrators, vowed to jump into the Internet deregulation game, hoping
to gain control of the names reserved for universities.

Their efforts are still in the works.

ISN is sponsored by Security-Focus.COM