Hackers Deface Thousands Of Domains Parked At Verisign

[InfoSec News <isn () c4i org>]

Forwarded from: Elyn Wollensky <elyn () consect com>

http://www.newsbytes.com/news/02/175343.html

By Brian McWilliams, Newsbytes
HERNDON, VIRGINIA, U.S.A.,
20 Mar 2002, 12:09 PM CST

A security breach Tuesday involving Verisign's Network Solutions unit
disrupted potentially thousands of domain customers, company officials
confirmed today.

Attackers compromised a system that hosted thousands of "parked"
domains that had been registered through Network Solutions and were
still under construction, according to a Verisign representative.

Web surfers who typed in the address of any of the affected domains
were sent to a black page which featured an image of a mutilated rag
doll and the words, "Did Web Pirates domain your domain?"

According to its Web server banner, the system was running Microsoft's
Internet Information Server (IIS) on Windows 2000. The server was
operated by Atlanta-based hosting firm Interland under an outsourcing
agreement, according to Verisign spokesperson Pat Burns.

"At no time were there any issues with Verisign's domain name
service," said Burns.

Interland officials said the problem was identified and corrected
later Tuesday, and the company is working with law enforcement to
investigate the incident.

In an online interview Tuesday, a member of Web Pirates, a Brazilian
Web defacement group, said he only learned of the hacking incident
after receiving numerous angry e-mails from victims.

According to the member, who uses the nickname Splash and whose ICQ
profile said he is 16, he was not aware that anyone from the group had
defaced the Interland server.

The security incident came at a bad time for the organizers of an
upcoming conference for senior executives in Texas' technology
industry, who planned to launch their homepage at
Texastechnologyconference.org Tuesday.

"This is somewhat catastrophic to us, to tell you the truth," said
conference director Lisa Cohen, who noted that the summit is scheduled
to begin April 4 and depends heavily on the Web site for publicity.

Some Verisign customers who were affected by the hacking were
surprised to learn that the domain registration firm had outsourced
the hosting of their domains.

"I wouldn't expect a company like Verisign to farm out domain parking.
I would think they would want to own that responsibility," said
Matthew Caldwell, chief security officer for GuardedNet, which owned
an undeveloped domain affected by the breach.

Rick Forno, chief security advisor for Shadowlogic and the former head
of security for Network Solutions, said Verisign has begun relying on
numerous partners for services it bundles with domain sales.

While Verisign has the ultimate responsibility to its domain
customers, the blame for the security breach falls squarely on
Interland, he said.

"Verisign may want to re-evaluate the clause in their contract that
talks about security - if there even is such a clause," said Forno.

According to its Web site, Verisign's Network Solutions unit is the
world leader in domain name registration and related identity
services. The company said it has more than 6.2 million customers with
over 13.6 million active domains under its management.

Interland is at http://www.interland.com

Network Solutions is at http://www.networksolutions.com



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.