A Canadian man temporarily gained unauthorized control of more than 10,000 Internet addresses following a glitch that struck a database maintained by Internic, which manages the plumbing for roughly 70 percent of the Internet.
The problem occurred when the "handle" for domain registrar Register.com was reassigned to a radio
producer in Ottawa, Ontario. Handles are used as a sort of short hand in Internic's WHOIS database to designate who is responsible for administrative and technical upkeep of a given address, or domain name.
Early this morning when RI52-ORG, Register.com's handle for more than a year, was inexplicably reassigned, the new owner had control of more than 10,000 Internet sites that have authorized Register.com to provide technical oversight of the addresses. The reassignment briefly granted the Ottawa man technical control, potentially allowing him to reroute the direction of traffic to a server when a user types in a specific address.
"We were aware of this problem this morning and it was corrected immediately," said Register.com chief executive Richard Forman, who added that Internic's internal database had been updated even though the WHOIS database still showed the incorrect information as of 4 p.m. PT today.
"Nobody's sure what happened here," Forman said. "What we think happened is
that the Internic database transposed the administration [contact]
information with technical [contact] information."
Forman, who says his company has registered more than 200,000 domain names, said it is impossible to know exactly how many sites were affected by the glitch, but that the number was more than 10,000. None of the sites suffered harm, he added.
The problem comes as Internic, which is administered by Network Solutions, is experiencing performance problems in processing orders. NSI customers complain, for instance, that NSI is taking weeks to process orders and in some cases is losing the requests.
Forman said it would be "premature to say [the glitch] is an Internic mistake" but could not rule out the possibility.
NSI spokesman Chris Clough said the problem "could have come from virtually anywhere," adding that the company would begin investigating the problem tomorrow.
Forman acknowledged that his RI52-ORG handle was not protected by either a password or encryption, a factor that could have allowed an unscrupulous third party to send Internic a fraudulent order requesting the handle reassignment. Register.com is in the process of changing its handle so that requests for changes must be authorized by a password, Forman said, adding that the protection would not have made a difference if the problem was caused by an internal error at NSI.
Dennis Willardt Zewillis, an author and consultant in Denmark who first
alerted Register.com to the glitch, said the problem demonstrates just how
important security is to domain name owners.
"I always recommend that my clients make sure that they are both
administrative, technical, and billing contact and that they use the
InterNIC contact methods of either choosing a PASSWORD that must follow
every email request to InterNIC" or use encryption protections, he wrote
in an email message to CNET News.com.
Separately, an official with the Commerce
Department confirmed that the agency, which grants NSI sole authority to administer addresses ending in .com, .org, and .net, is investigating a complaint that the company is giving priority to registration requests made through its own retail service. Such favoritism would severely disadvantage competing registrars, such as Register.com, and would breach NSI's contract with the government.
"We've asked NSI to respond to the complaint and we will pursue it if we think there's anything to it," the official said.
NSI's Clough said he had yet to hear of the investigation and maintained that the company adheres to a strict first-come, first-serve policy in almost all cases. "[Favoritism] has happened once in over 3 million regiatrations we've had," Clough said. The single instance, he added, was a mistake that the company quickly corrected.