Widespread domain hack hits Emory University, others

A hacker hijacks several Internet addresses, confusing computer users and inconveniencing the organizations involved.

3 min read
A hacker hijacked several Internet addresses over the weekend, confusing computer users and inconveniencing the organizations involved.

All but two of the domain names, which were redirected to another company's Web site, were restored by yesterday afternoon. But some organizations, like Emory University in Atlanta, were still struggling to get their Web sites back in order, they said.

Somehow, someone tapped into the universal registry operated by Network Solutions (NSI) and changed at least nine Net addresses redirecting users to the Web site of a New Jersey company called HighSpeedNet.net, said Jan Gleason, vice president of communications at Emory University.

NSI representatives could not immediately be reached for comment.

The operator of HighSpeedNet, a 19-year-old software technician, explained he was not the culprit, but a victim.

"There's no reason for anyone to believe me," Ralph Hughes said in an interview yesterday afternoon. "But somebody got a hold of my password and authorized all these changes. There really wasn't anything I could do about it."

This is the third time in a month that there have been major problems surrounding domain names.

In late December, consumers complained that the universal software used to reserve Net names occasionally went on the blink, causing some people to lose out on a sought-after name.

And last week, several registrars had to recall hundreds of domain names sold over the past few months with trailing or leading hyphens in the addresses. The hyphens were not allowable, but somehow NSI's registry accepted the domains anyway.

Other companies affected by the hacker's weekend work included Exodus Communications, Colorado University, Corecomm and Dreamcast.

Hughes said he first learned of the problem Saturday morning when he reported to work and checked his email.

"There was a notice that all these domains were transferred to me," he said, somewhat exasperated.

Shortly thereafter he discovered that the high traffic being redirected to HighSpeedNet was causing problems for his viewers, who couldn't get into chat rooms or click around the Web site.

Hughes said he quickly called all the companies affected in an attempt to repair the problem.

The universities had to wait until today to get help. NSI provides service for ".edu" domains only during the week.

For Emory University, that meant faculty members and administrators couldn't use email, and prospective students weren't able to check out the school's site.

"We're not in classes right now, so for us it was just a few minor headaches," Gleason said. "But we're told it's going to take until tomorrow to fix the problem, which has been going on for 60 hours now. On the Internet 60 hours is a lifetime."

The incident has sparked a renewed interest by college advocates to demand better service for ".edu" domains. Universities don't pay a fee for the Internet addresses and in turn don't get seven-day-a-week service.

Last year, a group called Educause, which represents college network administrators, vowed to jump into the Internet deregulation game, hoping to gain control of the names reserved for universities.

Their efforts are still in the works.