Hack puts AOL off limits
By Janet Kornblum
Staff Writer, CNET News.com
October 16, 1998, 2:40 p.m. PT
URL: http://www.news.com/News/Item/0,4,27655,00.html
Internet users trying to send email to America Online users or get to the
online giant's site have been plagued by problems due to a major glitch
with the Internet's domain naming system.
As reported earlier, instead of being routed directly to AOL, some users
from the Net trying to send email to the company's 13 million members or
trying to get to the company's portal were instead redirected to the
servers of a company called Autonet.net, AOL spokeswoman Ann Brackbill has
confirmed.
The problem was caused when someone forged an email message to the
InterNIC, run by Network Solutions, requesting that Network Solutions
change AOL's designated name server. AOL had designated the lowest
security clearance for changing its InterNIC records, which made it easier
for a hacker to wreak havoc.
The records were altered for several hours and have now been fixed.
Because different ISPs update their name server records at different
times, it is not clear how widespread the problem was. But systems
administrators began noticing bounced email messages and problems
resolving requests to get to the AOL site mid-morning.
When Net surfers try to reach an address on the Net, they type it in their
Web browsers or in an email message. In order to reach their destinations,
the names are routed through the Net and sent to the domain name server.
If the server is wrong, the surfer will not reach the proper destination
and neither will his or her email.
Most Internet access providers cache their domain name server records, so
not everyone on the Internet would have instantly known there was a
problem. There also may be continuing problems throughout the day due to
caching and latency.
A spokesperson for Autonet.net could not be reached for comment.
NSI changes between 10 and 15,000 records every day, said Christopher
Clough, a spokesman for NSI. Some are done automatically; others are done
by people. Records requests are handled according to the security options
designated by the registrar, Clough said.
AOL had chosen the least secure option--which is also the default--in
which the registrant states that Network Solutions is authorized to change
the registration with a simple email message from the correct person. The
most secure option requires the requesting party to use key encryption.
It is fairly rudimentary to forge an email address.
As a result, Network Solutions changed the records between 11 p.m. and 1
a.m. PT, Clough said. The InterNIC record was changed at 1:27 a.m. PT. The
records were changed back to AOL's servers this afternoon, both Clough and
Brackbill said.
Brackbill said that AOL and Network Solutions have been working all
morning to first correct the problem and then prevent it from reoccurring.
It may take a while for systems throughout the Net to catch up with the
corrected domain name server.
"We've worked with them immediately to make sure this never happens
again," Brackbill said.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Oct 27 09:57:54 1998