Lapse at Melbourne IT Enabled Panix.com Hijacking
March 17, 2005
In its findings on the panix.com hijacking, ICANN said it is "very concerned" that Australian registrar Melbourne IT relied upon a reseller to confirm the transfer request, and will "review the appropriateness of these arrangements." Panix was never conta
Domain registrar Melbourne IT today acknowledged that it failed to properly confirm a transfer request for Panix.com , allowing the domain for the New York ISP to be hijacked for most of the weekend. The Panix incident has focused attention on recent ICANN rule changes that allow domains to be transferred more easily, which some registrars warned would also make it easier to hjack domains .
The hijacking disabled all email and Internet access for thousands of Panix customers, and persisted despite active efforts by the North American Network Operators Group (NANOG) to assist Panix in recovering the domain. The delays were blamed on unresponsiveness by several providers within the domain management system, but especially Melbourne IT, which appears to have no readily-accessible support on weekends. The Panix.com hijacking was not reversed until Melbourne IT's offices opened in Australia Monday morning (late Sunday in New York).
"There was an error in the checking process prior to initiating the transfer, and thus the transfer should never have been initiated," Bruce Tonkin, the chief technology officer of Melbourne IT wrote in a message to the NANOG mailing list. "The loophole that led to this error has been closed." Tonkin did not describe the "loophole" but said the transfer of the domain from Dotster to Melbourne IT was initiated through an account at a Melbourne IT reseller, which was set up using stolen credit cards. "That reseller is analysing its logs and cooperating with law enforcement," he wrote.