Perl.com editors tell the truth about the Perl.com domain hijacking case



On January 27, 2021, it was

discovered that someone had hijacked the domain of Perl.com , a long-established information site for the programming language Perl. Perl.com is already back at the time of writing, but Perl.com editor Brian d Foy said it had a lot of effort and help from many people. The background is summarized.

The Hijacking of Perl.com
https://www.perl.com/article/the-hijacking-of-perl-com/



Early in the morning of January 27, 2021, after Foy noticed a problem with the domain, readers immediately reported that 'Perl.com had disappeared.' The number of reports has increased as DNS updates have been made around the world.

And on the same day, Foy announced on Twitter about the takeover of Perl.com and asked for help.



A lot of information was sent to Mr. Foy, but what was difficult was that this information ranged from 'just rumor' level content to 'expert opinions'. To scrutinize the information, Foy created a Google Doc and invited stakeholders to 'green' reliable information, 'yellow' unconfirmed information, just rumor and quality. I started to color code bad information with 'red'. Information that is color coded in green includes, for example, information obtained by interacting directly with the registrar. Foy, who categorized the information, said that the more rumored and speculative information was, the more 'interesting' it was.

Based on the information written in this document, various people have investigated their areas of expertise. Perl NOC's Robert Spear conducted a survey from a network and timeline perspective, and

Rick Signe , CTO of email service Topicbox, helped through its own service. With so many people helping, Mr. Foy's job is not to 'do what others can do for himself,' but to 'coordinate the work that each good person has done.' It seems that it was.

Foy is not the owner of Perl.com, but an editor, but the collaboration is smooth, partly because he was programming in collaboration with Perl.com domain registrant programmer Tom Christiansen. It is stated that it was.

Mr. Foy's tweet and Reddit's post attracted a lot of attention, and he said that he was able to connect with domain registrar Network Solutions and Key Systems at a relatively early stage. In this way, things went smoothly because Perl was loved and the community helped a lot, Foy said.

And Foy et al. Published the updated information as one article at The Perl NOC. As various media have disseminated rumors and uncertain information, this article has helped people avoid crossing information on the Internet and get the right information.

The Perl NOC: perl.com hijacked
https://log.perl.org/2021/01/perlcom-hijacked.html



One week after the domain hijacking, Foy calculated that it could take weeks to unravel the hijacking. It seems that the pace slowed down because the problem involved multiple countries with various laws and regulations.

After that, in early February, he got the 'green' information that 'the domain can be regained in a few days'. Meanwhile, a number of security products blacklisted Perl.com during the domain hijacking period, and some DNS servers made Perl.com a sinkhole. 'I wasn't happy right away,' Foy said, as these issues remained to be resolved, but as of February 28, he was 'completely revived.'

And Foy noted that Perl.com wasn't the only victim of the Perl.com hijacking case. There was a social engineering attack via Network Solutions, including using fake documents, Foy said.

Also, as intellectual property lawyer John Berryhill points out, Perl.com was actually stolen on September 28, 2020, after which the domain was transferred to Chinese registrar BizCN in December. However, the name server was not changed at this time. And it is believed that the domain was moved to Key Systems again in January. By transferring the domain to multiple registrars and setting an incubation period in this way, it seems that the detection of anomalies will be delayed and recovery will be more difficult.



The long initial incubation period from September to December is due to ICANN's rule that domain names cannot be transferred until 60 days have passed. When the domain was transferred to Key Systems in January, new domain registrants launched Perl.com on the domain marketplace Afternic. 'If you had $ 190,000, you could have bought Perl.com,' Foy said. After that, Perl.com was removed from Afternic in response to a registrar inquiry.

Foy describes domain hijacking as 'not unusual.' He said that he learned the importance of 'disseminating and communicating information from one place' in response to this incident. On the Internet where information is mixed, even if the contents are the same, different messages may cause confusion for the recipients of the information. He added that 'building good relationships with people who help me' is always helpful.

in Security, Posted by darkhorse_log