Domain hack hits wireless modem company

Emails sent to users of Metricom's Ricochet bounce back to their senders for about 48 hours, while Web site visitors are steered elsewhere.

2 min read
Metricom's Ricochet.net domain name was allegedly commandeered by hackers Tuesday, causing emails sent to users of the company's wireless modems to bounce back to their senders for about 48 hours, the company confirmed.

Visitors to the Ricochet.net Web site also were redirected to a pornographic site for nearly two days and some incoming emails continued to bounce back until early yesterday, according to Metricom executives. Service returned to normal by yesterday afternoon, executives said.

The culprits, who have not been determined, allegedly forged a fake email address and fooled Net domain name registrar Network Solutions into redirecting Ricochet.net traffic to another site. Metricom, which used the least secure of three security features offered by Network Solutions, has since upgraded to a stronger security service.

The method used in the Metricom hack, often referred to as a "DNS spoof," is fairly common, while the hack itself caps a difficult week for the domain name system (DNS), the technology that directs Internet domain names to their corresponding Internet Protocol address.

Also yesterday, Web hosting firm C I Host had problems with its DNS system, causing outages with as many as 48,000 Web sites. Earlier this week, a Linux programmer thwarted potential problems for Hotmail users by paying a delinquent domain name registration fee.

Metricom executives could not say how many of its 20,000 ISP customers were affected, but said Web surfing and outbound email functions were not affected.

"They didn't hack into the Ricochet service or into any of our servers," said John Wernke, senior vice president of marketing and sales at Metricom. "The hack was really into the general Internet domain name system."

One of the most notorious DNS hacks occurred in 1997 when AlterNic, an upstart domain name registration firm, diverted Web traffic to is own site from the more established InterNic. America Online and even domain name registrar Network Solutions also have been victims, according to Network Solutions spokesman Brian O'Shaughnessy.

"Unfortunately, living in the world that we do, people try to take advantage of the situation," O'Shaughnessy said. "It's an illegal act and it's up to Metricom to pursue it legally."

Metricom's legal department is considering its options and law enforcement agencies are investigating the situation, Wernke said.

Metricom, a wireless communications company based in Los Gatos, Calif., makes the Ricochet wireless modem, which allows mobile users to connect to the Internet at speeds of up to 28.8 kbps (kilobits per second). The company is developing a new high-speed network, expected next year.

Stock in the company has traded as high as 104.5 and as low as 4.5 in the past 52 weeks.

Red Herring Online first reported the Metricom domain name hack.