Comments on “Ankle-biting hackers storm net's overlords, hijack their domains” • Channel Register

Comments on: Ankle-biting hackers storm net's overlords, hijack their domains

Back to the article
Comments on this article are now closed

Worldwide #

By anon Posted Friday 27th June 2008 21:57 GMT

HACK THE PLANET!

Allah a HACK-bah #

By Nate Posted Friday 27th June 2008 23:02 GMT

They stole their mega hurtz!

OMG The guys that have a huge influence over the net/web got their websites hacked!?

To me that is rather surprising.

a clue for law enforcement officials #

By steve of the web Posted Saturday 28th June 2008 00:34 GMT

the perps should be easy to track down, it is obvious from their message that they are involved in the martial arts action movie overdubbing industry.

No more difficult to hack... #

By Anonymous Coward Posted Saturday 28th June 2008 12:23 GMT

... than stealing any other register.com customer's domain.

..and how it was done. #

By Anonymous Coward Posted Saturday 28th June 2008 12:29 GMT

They appear to have omitted to take even the most basic steps to lock the domains down when creating them. Compare

http://216.239.59.104/search?q=cache:Boyyc-xwKPQJ:www.who.is/whois-net/ip-address/icann.net/+whois+icann.net&hl=en&ct=clnk&cd=3&gl=uk&client=firefox-a

with

http://www.who.is/whois-net/ip-address/icann.net/

>>>Before:

Registry Whois

Domain Name: icann.net

Status: clientTransferProhibited

Registrar: REGISTER.COM, INC.

Whois Server: whois.register.com

Referral URL: http://www.register.com

Expiration Date: 2013-12-07

Creation Date: 1998-09-14

Last Update Date: 2008-03-24

Name Servers:

a.iana-servers.net

b.iana-servers.org

c.iana-servers.net

d.iana-servers.net

ns.icann.org

>>>After:

Registry Whois

Domain Name: icann.net

Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited

Registrar: REGISTER.COM, INC.

Whois Server: whois.register.com

Referral URL: http://www.register.com

Expiration Date: 2013-12-07

Creation Date: 1998-09-14

Last Update Date: 2008-06-27

Name Servers:

a.iana-servers.net

b.iana-servers.org

c.iana-servers.net

d.iana-servers.net

ns.icann.org

>>>Note the change in the status line.

Run that past me again? #

By Dave Harris Posted Saturday 28th June 2008 15:44 GMT

It was hacked on the basis of a fraudulent email? No signature on the email? No phone call to verify? For fucking ICANN and IANA?

Can anyone imagine ibm.com's dns registration being moved on the basis of an email? Or apple.com?

FFS, whoever took that action really needs shooting.

Fraudulent Email #

By Anonymous Coward Posted Saturday 28th June 2008 18:32 GMT

First thing I thought, sent by a fraud-star.

Did the email promise additional monetary reward for prompt attention to the modalities of the transaction?

@steve of the web

HAHAHAHAHAHAHAHAHAHAHA, you owe me a keyboard....

So ICAAAAAANNN is vulnerable to.. #

By Steven Raith Posted Saturday 28th June 2008 22:26 GMT

...fraudulent emails?

Christ, the systems I look after are utterly nothing compared to this, but even I don't take the advice of a fucking email to confirm a config change of any kind - I confirm these things in person, or at least on the phone if it really, really can't be done in the flesh.

I'm trying to work out how someone could have put this through without triple checking it - I mean, it's ICANN, not BobsPlumbers.co.uk for gods sake!

Steven R

Social Hacking #

By James Cleveland Posted Monday 30th June 2008 01:07 GMT

Not machine hacking. Yet again, technology is more secure than the people that operate it.

and you think ICANN knows what they are doing? #

By Paul Vail Posted Monday 30th June 2008 03:02 GMT

look as how they coddle the cybersquatter industry. ICANN is a joke.

Customised TLD's eh? #

By Austin Pass Posted Monday 30th June 2008 08:08 GMT

At last, I can register trashbat.cock for my good friend Nathan.

Surprising, to say the least #

By Svein Skogen Posted Monday 30th June 2008 08:48 GMT

So, they moved it on basis of a single email. How did they manage to get the PGP SIGNATURE right?!? If they didn't, shouldn't this registrar be relieved of their duty for NOT using digital signatures?!?

//Svein

Re: martial arts overdubbing. #

By TeeCee Posted Monday 30th June 2008 11:08 GMT

You can't say that without video evidence. They might have delivered those awfully cheesy lines in perfect lip-sync, which would make them far more likely to be American TV mini-series actors.

erm duh! #

By Gordon Grant Posted Monday 30th June 2008 12:23 GMT

I mean come on, honestly the guy who read the e-mail and went yeah that's legit and then processed the request need shooting..

Oh wait maybe.... just maybe he got paid to do it..

I mean a big enough domain like that should have had a verifiable Digital signature on it that and have been verified 1st and not but simply hitting the reply button, but by looking up who registered domain and finding the e-mail address(es) attached to it and using them..

If it's that easy I'm off to redirect Microsoft.com to somewhere nice like itssnafud.com

Come on guys... #

By Anonymous Coward Posted Wednesday 2nd July 2008 14:33 GMT

Lets be realistic. Sending a creative email to a group of obviously retarded engineers to change DNS pointers for the domain is no feat, just proof that some of our key infrastructure people are not taking their jobs seriously or should be fired for incompetence. Give me the job and I'll make sure any retarded attempt like this is triple verified with top management before implementation.

By the way, anybody notice these hackers can't spell? "Everybody knows wrong" should be "Everyone knows better". They're obviously using Google Translator.

And come on, SQL Injection? Yet another example of newby coders implementing systems from script kitty code without fully understanding the fundemantal security checks for any interactive sql system. Anyone hear of escaping single quotes for input strings?

SomeSQL = SELECT FROM table WHERE column = ' " + variable.Replace(" ' "," ' ' ") + " '