In effect, the hijackers managed to transfer the administration
of the domain to a different ISP, on which they had set up their
own web site.
According to a report by The Register, the hijackers also
attempted to take control over the Google.com, Web.de and
Amazon.com domains, but were unsuccessful.
Names ending .de are controlled by German domain name registry
DENIC, which has safeguards to prevent the unauthorised transfers.
Unfortunately these do not appear to have worked last weekend, and
investigations into what went wrong are continuing.
According to DENIC, when a domain name holder wishes to transfer
the administration of his site to a different provider it must
submit a request to DENIC. The Registry's automatic system then
asks the existing provider for confirmation of the change.
The existing ISP has a duty to reject the change if it is not
certain that the domain holder wants the transfer. On this occasion
there was no response - which the system interpreted as
consent.
The system also requires the new ISP to check that the data of
the person asking for the change and that of the domain name
holder, or his authorised representative, are identical.
According to DENIC, the change in the address referring to
eBay.de was not reflected on the internet until early on Saturday
morning. It was quickly spotted, and DENIC informed immediately.
The Registry reversed the transfer as quickly as it could, and is
investigating, together with both providers involved in the
transfer, why the unauthorised change went through.
DENIC is also considering legal action against the person, or
persons behind the hijacking.
Such unauthorised transfers are not unknown. In 2001 the domain
name owned by US software firm Optima Technology was transferred
without permission to a former employee of the company by domain
registry Network Solutions, now owned by VeriSign.
In October last year Optima Technology sued VeriSign, claiming
$3 million in damages. And In April this year, VeriSign settled a
notorious unauthorised domain transfer dispute, relating to the
ownership of sex.com.
Sex.com was originally registered by Gary Kremen of San
Francisco in 1994. The following year, Stephen Cohen, an
ex-convict, took the name from Kremen by sending a forged letter of
transfer to Network Solutions (which subsequently became part of
VeriSign).
Then followed a long-running court battle over the ownership of
the domain, which was eventually awarded to Kremen, along with
damages of £65 million – none of which has been paid. Kremen sued
VeriSign for damages and, according to reports, eventually settled
for over $15 million.
