[ISN] Hackers Deface Thousands Of Domains Parked At Verisign

From: InfoSec News (isnat_private)
Date: Wed Mar 20 2002 - 23:49:42 PST

  • Next message: InfoSec News: "[ISN] Security UPDATE, March 20, 2002"

    Forwarded from: Elyn Wollensky <elynat_private>
    By Brian McWilliams, Newsbytes
    20 Mar 2002, 12:09 PM CST
    A security breach Tuesday involving Verisign's Network Solutions unit
    disrupted potentially thousands of domain customers, company officials
    confirmed today.
    Attackers compromised a system that hosted thousands of "parked"
    domains that had been registered through Network Solutions and were
    still under construction, according to a Verisign representative.
    Web surfers who typed in the address of any of the affected domains
    were sent to a black page which featured an image of a mutilated rag
    doll and the words, "Did Web Pirates domain your domain?"
    According to its Web server banner, the system was running Microsoft's
    Internet Information Server (IIS) on Windows 2000. The server was
    operated by Atlanta-based hosting firm Interland under an outsourcing
    agreement, according to Verisign spokesperson Pat Burns.
    "At no time were there any issues with Verisign's domain name
    service," said Burns.
    Interland officials said the problem was identified and corrected
    later Tuesday, and the company is working with law enforcement to
    investigate the incident.
    In an online interview Tuesday, a member of Web Pirates, a Brazilian
    Web defacement group, said he only learned of the hacking incident
    after receiving numerous angry e-mails from victims.
    According to the member, who uses the nickname Splash and whose ICQ
    profile said he is 16, he was not aware that anyone from the group had
    defaced the Interland server.
    The security incident came at a bad time for the organizers of an
    upcoming conference for senior executives in Texas' technology
    industry, who planned to launch their homepage at
    Texastechnologyconference.org Tuesday.
    "This is somewhat catastrophic to us, to tell you the truth," said
    conference director Lisa Cohen, who noted that the summit is scheduled
    to begin April 4 and depends heavily on the Web site for publicity.
    Some Verisign customers who were affected by the hacking were
    surprised to learn that the domain registration firm had outsourced
    the hosting of their domains.
    "I wouldn't expect a company like Verisign to farm out domain parking.
    I would think they would want to own that responsibility," said
    Matthew Caldwell, chief security officer for GuardedNet, which owned
    an undeveloped domain affected by the breach.
    Rick Forno, chief security advisor for Shadowlogic and the former head
    of security for Network Solutions, said Verisign has begun relying on
    numerous partners for services it bundles with domain sales.
    While Verisign has the ultimate responsibility to its domain
    customers, the blame for the security breach falls squarely on
    Interland, he said.
    "Verisign may want to re-evaluate the clause in their contract that
    talks about security - if there even is such a clause," said Forno.
    According to its Web site, Verisign's Network Solutions unit is the
    world leader in domain name registration and related identity
    services. The company said it has more than 6.2 million customers with
    over 13.6 million active domains under its management.
    Interland is at http://www.interland.com
    Network Solutions is at http://www.networksolutions.com
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 03:05:34 PST