re: Med Network DNS Hijack (moved from ATSNN)

I referred the Med Network story to an Internet expert. His reply is below.



Much ado about nothing.

Looks like 1) yet another Windoze virus, and/or 2) a simple observation that if someone hacks the 13 central whois servers that run the internet, they can hijack all or part of the worldwide DNS system; however, I see no support for any worry that that is actually happening here, as evidenced by the fact that after he did a clean reinstall, everything worked fine for 5 minutes, demonstrating that the problem was his computer, not the global DNS system.

It is also possible to steal (temporarily) someone's domain registration. The most common way is if the owner accidentally forgets to renew it. However there are some ways to do it by fraud as well -- either impersonation, or by hacking into the controlling registrar's sytem (unlikely), they could of course modify individual records there, as well, but there would obviously be a trail indicating the true owner of the domain and it could be restored. Things like this happen from time to time (aka domain hijacking) but they're always caught and fixed within a day.

But yes, Internet access, or more precisely, DNS access could be taken away globally if someone took down the central whois servers. The internet would still work -- it might just be hard to look up any addresses, effectively shutting down most e-mail and web service, and most others, too. IP addresses could sometimes be substituted; however many services have come to rely on being reached by name. For example most web sites and e-mail delivery now uses "virtual" hosting rather than assigning a unique IP address to each domain.

I'm not even sure there is a single entity that could take down all the root whois servers; probably not any more.