Re: panix.com hijacked (VeriSign refuses to help)

[Thor Lancelot Simon <tls () NetBSD org>]

Alexis Rosen tried to send this to NANOG earlier this evening but it
looks like it never made it.  Apologies if it's a duplicate; we're
both reduced to reading the list via the web interface since the
legitimate addresses for panix.com have now timed out of most folks'
nameservers and been replaced with the hijacker's records.

Note that we contacted VeriSign both directly and through intermediaries
well known to their ops staff, in both cases explaining that we suspect
a security compromise (technical or human) of the registration systems
either at MelbourneIT or at VeriSign itself (we have reasons to suspect
this that I won't go into here right now).  We noted that after calling
every publically available number for MelbourneIT and leaving polite
messages, the only response we received was a rather rude brush-off from
MelbourneIT's corporate counsel, who was evidently directed to call us
by their CEO.

We are also told that law enforcement separately contacted VeriSign on
our behalf, to no avail.

Below please find VeriSign's response to our plea for help.  We're rather
at a loss as to what to do now; MelbourneIT clearly are beyond reach,
VeriSign won't help, and Dotster just claim they still own the domain and
that as far as they can tell nothing's wrong.  Panix may not survive this
if the formal complaint and appeal procedure are the only way forward.

> Date: Sun, 16 Jan 2005 00:21:33 -0500
> To: <alexis () panix com>, NOC Supervisor <nocsupervisor () verisign com>
> Subject: Re: FW: [alexis () panix com: Brief summary of panix.com hijacking incident]  (KMM2294267V49480L0KM)
> From: VeriSign Customer Service <info () verisign-grs com>
> X-Mailer: KANA Response 7.0.1.127
>
> Dear Alexis,
>
> Thank you for contacting VeriSign Customer Service.
>
> Unfortunately there is little that VeriSign, Inc. can do to rectify this
> situation.  If necessary, Dotster (or Melbourne) is more than welcome to
> contact us to obtain the specific details as to when the notices were
> sent and other historical information about the transfer itself.
>
> Dotster can file a Request for Enforcement if Melbourne IT contends that
> the request was legitimate and we will review the dispute and respond
> accordingly.  Dotster can also contact Melbourne directly and if they
> come to an agreement that the transfer was fraudulent they can file a
> Request for Reinstatement and the domain would be reinstated to its
> original Registrar.  Dotster could submit a normal transfer request to 
> Melbourne IT for the domain name and hope that Melbourne IT agrees to
> transfer the name back to them outside of a dispute having been filed. 
> In order to expedite processing the transfer or submitting a Request for
> Reinstatement however Dotster will need to contact Melbourne IT
> directly.  If Dotster is unable to get in touch with anyone at Melbourne
> IT we can assist them directly if necessary.
>
> Best Regards,
>
> Melissa Blythe
> Customer Service
> VeriSign, Inc.
> www.verisign.com
> info () verisign-grs com