Hackers Deface Thousands Of Domains Parked At Verisign
by Brian McWilliams
A security breach Tuesday involving Verisign's Network Solutions unit disrupted potentially thousands of domain customers, company officials confirmed today.
Attackers compromised a system that hosted thousands of "parked" domains that had been registered through Network Solutions and were still under construction, according to a Verisign representative.
Web surfers who typed in the address of any of the affected domains were sent to a black page which featured an image of a mutilated rag doll and the words, "Did Web Pirates domain your domain?"
The system, which was running Microsoft's Internet Information Server (IIS) on Windows 2000, was operated by Atlanta-based hosting firm Interland under an outsourcing agreement, according to Verisign spokesperson Pat Burns.
"At no time were there any issues with Verisign's domain name service," said Burns.
Interland officials said the problem was identified and corrected later Tuesday, and the company is working with law enforcement to investigate the incident.
In an online interview Tuesday, a member of Web Pirates, a Brazilian Web defacement group, said he only learned of the hacking incident after receiving numerous angry e-mails from victims.
According to the member, who uses the nickname Splash and whose ICQ profile said he is 16, he was not aware that anyone from the group had defaced the Interland server.
The security incident came at a bad time for the organizers of an upcoming conference for senior executives in Texas' technology industry, who planned to launch their homepage at Texastechnologyconference.org Tuesday.
"This is somewhat catastrophic to us, to tell you the truth," said conference director Lisa Cohen, who noted that the summit is scheduled to begin April 4 and depends heavily on the Web site for publicity.
Some Verisign customers who were affected by the hacking were surprised to learn that the domain registration firm had outsourced the hosting of their domains.
"I wouldn't expect a company like Verisign to farm out domain parking. I would think they would want to own that responsibility," said Matthew Caldwell, chief security officer for GuardedNet, which owned an undeveloped domain affected by the breach.
Rick Forno, chief technology officer for Shadowlogic and the former head of security for Network Solutions, said Verisign has begun relying on numerous partners for services it bundles with domain sales.
While Verisign has the ultimate responsibility to its domain customers, the blame for the security breach falls squarely on Interland, he said.
"Verisign may want to re-evaluate the clause in their contract that talks about security - if there even is such a clause," said Forno.
According to its Web site, Verisign's Network Solutions unit is the world leader in domain name registration and related identity services. The company said it has more than 6.2 million customers with over 13.6 million active domains under its management.
Interland is at http://www.interland.com. Network Solutions is at http://www.networksolutions.com.