North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: panix.com hijacked
Apologies for what may be another duplicate message, probably with broken threading. This is Alexis Rosen's original posting to this thread; we think the mail chaos caused by the hijacking of panix.com kept it from ever reaching the list (but, flying mostly-blind, we aren't sure). > On Sat, Jan 15, 2005 at 10:27:31PM -0500, Steven M. Bellovin said: > > panix.com has apparently been hijacked. It's now associated with a > > different registrar -- melbourneit instead of dotster -- and a > > different owner. Can anyone suggest appropriate people to contact to > > try to get this straightened out? > > Hi, all. > > I hate to pop my head up after years of lurking, only when things are > going bad, but probably better that than remaining silent. > > First of all, I'm going to be bounced from this list once its cache of > my DNS times out, which will probably be in about 2-3 hours, so if you have > anything to say that you'd like me to see, please copy me. We're temporarily > accepting mail at panix.net in addition to panix.com, so use alexis (at) > panix.net. > > A few points to respond to: > First, Eric, thanks for contacting Bruce and Eric on my behalf. While > nothing has happened so far, I hope that it will soon, and in any case > I appreciate your efforts to help a total stranger. > > Someone asked if we had registrar-lock set. It's not clear to me what > happened. Our understanding is that we had locks on all of our domains. > However, when we looked, locks were off on panix.net and panix.org, which > we own but don't normally use. It's not clear how that happened; dotster > has yet to contact us with any information about, well, anything at all. > They did answer a call this morning; they're apprently in the middle of > an ice storm. All I was able to larn from them is that according to the > person I talked to, they had no records of any transfer requests on our > domain from today back through last October. > > Someone suggested invoking a dispute procedure. We'll do that, as soon as > we can get someone to actually accept the dispute, but if it goes through > that process to completion, many people will suffer, and Panix itself will > be tremendously damaged. How long do you think even our customers will > stay loyal? (Forever, for many of them, but that doesn't mean the won't be > forced to start using a different service.) > > While it's true that MelbourneIT won't do anything before (their) Monday > morning, I don't want to paint them as bad guys in this drama. I don't > know how they're organized and I don't know how difficult it is for them > logistically. Of course I want them to move faster. Much faster. But I'll > take what I can get. > > And speaking of MIT, I don't intend to send them "nastygrams" - nor NSI > either. Neither of them owes me anything (at least directly) and being > heavyhanded would not be a good way to get what I want (restoral of the > panix.com domain to dotster) even if I thought they deserved it. I expect > that there will be criminal prosecutions arising out of this, but the time > for that sort of thing is later, when things are back to normal, and we've > fixed any systemic vulnerabilities that can be fixed before they're used > to wreak mass havoc. And it's anyone's guess who the target of those > prosecutions will be, but I doubt MIT or NSI will be among them. > > Lastly, someone expressed surprise that I'd call MIT's lawyer directly. > I didn't. I spent *hours* trying to find working contact info for MIT and > Dotster. I didn't find useful 24-hour NOC-type info anywhere. (Someone > obviously has this info; I expect it's restricted to a list of registrars.) > I reached Dotster's customer support when they opened for business Saturday > morning; the guy was polite, and did what he could, but I saw no evidence > whatsoever of the promised attempt to assist me after he got off the phone. > MIT apparently has no weekend support at all; I finally located their CEO's > cellphone in an investor-relations web page. I caled him, and he had his > lawyer call me back. That was his choice. FWIW, she's not "just" a lawyer; > she's apparently the person who has to make decisions about reverting > control of the domain. So she at least needs to be aware of our position. > My impression is that she didn't fully grasp the gravity of the situation, > and so treated us like she'd treat any other annoying customer who managed > to track her down on her day off. This is somewhat understandable (though > infuriating) which is why I'd hoped to talk to someone on their tech side > first. No luck there, but if any of this reaches them, maybe that will > start things going. > > Thanks again to everyone who has tried to help us today. > > /a
|