Alexis Rosen tried to send this to NANOG earlier this evening but it looks like it never made it. Apologies if it's a duplicate; we're both reduced to reading the list via the web interface since the legitimate addresses for panix.com have now timed out of most folks' nameservers and been replaced with the hijacker's records. Note that we contacted VeriSign both directly and through intermediaries well known to their ops staff, in both cases explaining that we suspect a security compromise (technical or human) of the registration systems either at MelbourneIT or at VeriSign itself (we have reasons to suspect this that I won't go into here right now). We noted that after calling every publically available number for MelbourneIT and leaving polite messages, the only response we received was a rather rude brush-off from MelbourneIT's corporate counsel, who was evidently directed to call us by their CEO. We are also told that law enforcement separately contacted VeriSign on our behalf, to no avail. Below please find VeriSign's response to our plea for help. We're rather at a loss as to what to do now; MelbourneIT clearly are beyond reach, VeriSign won't help, and Dotster just claim they still own the domain and that as far as they can tell nothing's wrong. Panix may not survive this if the formal complaint and appeal procedure are the only way forward.
Date: Sun, 16 Jan 2005 00:21:33 -0500 To: <alexis@panix.com>, NOC Supervisor <nocsupervisor@verisign.com> Subject: Re: FW: [alexis@panix.com: Brief summary of panix.com hijacking incident] (KMM2294267V49480L0KM) From: VeriSign Customer Service <info@verisign-grs.com> X-Mailer: KANA Response 7.0.1.127
Dear Alexis,
Thank you for contacting VeriSign Customer Service.
Unfortunately there is little that VeriSign, Inc. can do to rectify this situation. If necessary, Dotster (or Melbourne) is more than welcome to contact us to obtain the specific details as to when the notices were sent and other historical information about the transfer itself.
Dotster can file a Request for Enforcement if Melbourne IT contends that the request was legitimate and we will review the dispute and respond accordingly. Dotster can also contact Melbourne directly and if they come to an agreement that the transfer was fraudulent they can file a Request for Reinstatement and the domain would be reinstated to its original Registrar. Dotster could submit a normal transfer request to Melbourne IT for the domain name and hope that Melbourne IT agrees to transfer the name back to them outside of a dispute having been filed. In order to expedite processing the transfer or submitting a Request for Reinstatement however Dotster will need to contact Melbourne IT directly. If Dotster is unable to get in touch with anyone at Melbourne IT we can assist them directly if necessary.
Best Regards,
Melissa Blythe Customer Service VeriSign, Inc. www.verisign.com info@verisign-grs.com