Australian Firm Takes Blame for U.S. Domain Name Hijack

Domain registrar admits approving unauthorized domain transfer.

Paul Roberts, IDG News Service

Tuesday, January 18, 2005

An Australian company that manages Internet domain name registrations acknowledged that it was partially responsible for a Web domain hijacking that left Public Access Networks, a New York Internet hosting company, without an Internet address over the weekend.

An error by Melbourne IT allowed fraudsters using stolen credit cards to take control of Panix.com, Public Access Networks’ Internet domain, early Saturday, according to Ed Ravin, a Panix system administrator. The hijacking deprived some Panix customers of e-mail access for two days, and shone a light on what some contend are holes in the system for managing Internet domain transfers, according to Ravin and others.

Panix regained control of its Internet domain Monday, after Melbourne IT reversed the registration change that transferred ownership of Panix.com to an unknown party Saturday night. However, some customers were still experiencing problems Tuesday as the transfer changes worked their way through the worldwide network of Domain Name System servers that manage requests for Internet addresses, Ravin said.

The hijackers somehow exploited a loophole in the process used to verify requests for domain transfers with the party that owns a Web domain, according to an e-mail message sent to Panix’s founder and President Alexis Rosen from Bruce Tonkin, chief technology officer at Melbourne IT. About 5,000 customers were affected and some of them may have lost 100 or more e-mail messages over the weekend, Rosen said in an interview.

Permission Not Granted

According to a recently updated policy from the Internet Corporation for Assigned Names and Numbers, requests to transfer domains between two domain registrars require the registrar who will be taking over control of an Internet domain to receive approval for the transfer from an administrator at the “losing” registrar–the organization that will be ceding control of a domain. ICANN also requires an e-mail to be sent to both registrars involved in the transfer and allows five days for the losing registrar to cancel the transfer.

However, an error at Melbourne IT allowed an individual or individuals to use an account at Melbourne IT reseller Fibranet Services, a U.K.-based Internet service provider, to gain control of the Panix.com domain without the permission of Panix staff or Panix.com’s domain registrar, Dotster of Vancouver, Washington, Tonkin wrote.

The administrative contact for the Panix domain at Dotster, the company’s registrar, was not contacted before the transfer went through, as required by ICANN. Panix also was left in the dark about the transfer and only realized what was going on when it lost control of its domain Saturday, Ravin said.

Furthermore, an investigation by Fibranet revealed that the account to which ownership of the Panix.com domain was transferred was fraudulent and set up with stolen credit cards, Tonkin said.

The loophole that led to the unauthorized transfer has been closed, and Australian authorities are investigating the fraudulent account. Some security features do exist to prevent hijacking, including a domain-registration locking feature that automatically denies transfer requests. However, such a feature was not used for the Panix domain, he wrote.

For Panix customers like Andrew Ross of Brooklyn, New York, the mistake at Melbourne IT meant a weekend without e-mail, as Panix staff struggled to get through to their counterparts at Melbourne IT to reverse the changes.

While the domain hijacking wasn’t a big inconvenience for Ross, who only uses Panix for e-mail, the loss of almost two days of e-mail messages does raise concerns about identity theft, if the hijackers mined the misdirected e-mail traffic for personal information, he said.

System Broken?

There is no evidence that misdirected e-mail and Web traffic were being harvested for information. The hijacking is probably an instance of Internet “vandalism” that was intended to make a point, rather than siphon off sensitive information, Ravin said.

However, the success of the ploy points out a serious vulnerability in the Internet’s domain management system, said Rosen, Panix’s president.

The system is obviously broken,” said Rosen, who expects to lose customers and “a bundle of money” as a result of the hijacking.

Rosen said he didn’t know the motivation for the hijacking, but speculated that it may have been retaliation for his company’s cooperation in identifying spammers, or an attempt to call attention to problems with the domain transfer system, as ICANN is in the midst of a comment period on domain transfer policies.

ICANN is looking into the domain transfer system to see if there are ways to improve the security of domain transfers or provide more protection against erroneous transfers, wrote Steve Crocker, chairman of the group’s Security and Stability Advisory Committee.

ICANN will be studying the interactions across organizations regarding domain transfers and considering ways to improve the system. But those recommendations and changes “may take a little while,” he said.

(Grant Gross in Washington, D.C., contributed to this report.)

Dinosaur Eater Is a Lot To Digest

Discovery Rewrites History of Mammals

By Joel Achenbach

Washington Post Staff Writer

Thursday, January 13, 2005; Page C01

Every single mammal learns from an early age that we used to get gobbled up by dinosaurs, that we were just a meaty little snack for the truly important animals of the Mesozoic, that we were small and meek and pathetic and cringing and whimpering and sniveling, locked into an extremely marginal evolutionary niche marked “Losers.”

It’s part of our mammalian heritage to pass this story on from generation to generation. Inevitably, our ancestors are described as mousy. “The size of a shrew” is a typical description. We came out only at night. Meanwhile the dinosaurs gallivanted all over the landscape, swinging their spiny tails around like they owned the place. We finally got our big break 65 million years ago when, luckily, a rock from space killed off the dinosaurs and much of life on Earth.

That story got amended yesterday, dramatically. Scientists at the American Museum of Natural History in New York announced that they’d found a 130-million-year-old mammal fossil that contains, in the remnants of the stomach contents, the tiny bones of a baby dinosaur.

Sometimes, we ate them.

“This is the first direct evidence that mammals fed on dinosaurs. Now we can say that dinosaurs could be very tasty, which is good news,” said Jin Meng, a paleontologist at the museum and co-author of the paper, published in the journal Nature, announcing the discovery.

The dino-gulping mammal is Repenomamus robustus. It looked a bit like a very scary possum. Low to the ground, big teeth. Not the cuddliest thing you ever saw.

The baby dinosaur inside its belly is a psittacosaur, a humble plant-eater that when full grown was about six feet long. Actually there are just some fragmentary remains of the animal, including a couple of legs and some teeth. When you’re someone’s dinner you don’t tend to look so good 130 million years later.

This dino-eating Repe (we can call it that for sake of ease, but don’t try this in science class) was only about the size of a cat. But the scientists also announced the discovery of a remarkably complete fossilized skeleton of a much larger, related mammal, Repenomamus giganticus, which grew at least as large as a medium-size dog, more than three feet from nose to tip of tail. That’s not shrewish.

Meng said the smaller Repe fossil, with the stomach contents, was dug up by a farmer two years ago in northeastern China, a country that has in recent years given the world some stunning fossils, including ones of dinosaurs with feathers. At first Meng believed that this fossil showed a mother and her baby, carried inside the womb. That by itself would make it a fascinating specimen.

But his colleagues, including one of his students, Yaoming Hu, the lead author on the Nature paper, discovered something tantalizing during a microscopic examination of the teeth of the smaller animal: They were dinosaur teeth. This was a belly full of baby dinosaur.

Some call it cold-blooded murder; others call it payback time.

The discovery is “a huge story,” said Hans Sues, a Smithsonian paleontologist. “We really didn’t think there were big mammals like that around in the Mesozoic . . . We’re not dealing with some meek little insectivore. This is a major player in the ecosystem.”

Meng said that mammals should no longer be seen as supporting actors in a drama dominated by dinosaurs: “Some of these mammals could be very nasty, and go out and maybe chase some of the small dinosaurs.”

There are still a lot of uncertainties. It’s not clear whether the Repe was a predator or a scavenger. Meng thinks there’s good reason to vote for predator. It’s three times the size of the baby psittacosaur, he noted, which fits into the typical predator-to-prey size ratio. Also, true scavengers (such as hyenas) are relatively rare.

There is wear on the teeth of the psittacosaur, suggesting that it wasn’t an embryo but rather a hatchling. Meng was also intrigued by the fact that some of the bones of the dinosaur remain intact. The Repe didn’t chew, but gulped. That’s rather primitive for a mammal, Meng said. “It’s more like a crocodile behavior.”

Perhaps the Repe hunted in packs. The museum provided an illustration of the scene 130 million years ago, showing a group of them hanging out together, one feeding on the little dino. In the background is the requisite smoking volcano. Perched on a tree branch is a mysterious winged creature that may be the ancestor of the flying monkeys of Oz, and it seems to be serving as the lookout for the Repes. The Mesozoic must have been a lovely time, what with all those animals working as a team, like in “Ocean’s Twelve.”

Finally we must ask the obligatory question: What did dinosaur taste like? The current thinking among scientists is that birds are the evolutionary descendants of dinosaurs, and that probably tells us all we need to know about dinosaur meat. Tastes like chicken.

washington.post