Perl.com theft blamed on social engineering attack: Registrar 'convinced' to alter DNS records by miscreants

2021-03-02 08:25

The short-lived theft of Perl.com in late January is believed to have been the result of a social engineering attack that convinced registrar Network Solutions to alter the domain's records without valid authorization.

The Register wrote about the domain takeover at the time and, as Foy put it, "The Register had spot-on reporting from the start as did Paul Ducklin at Sophos."

"We think part of the attack changed the registration at the same time as the attackers renewed the domain for a couple more years past its original expiration in 2029," he said.

In January, the domain was transferred to Key Systems and its unauthorized registrant tried to sell the domain for $190,000 on domain market Afternic, along with some other domain names.

The timeline of the domain hijacking is documented on the blog of the Perl Network Operations Center, which details how the investigation progressed and ultimately led to the restoration of the domain to its previous owner, Tom Christiansen, in early February.

Foy acknowledges in his post that the recovery of Perl.com was made easier by the fact that the domain and the Perl programming language are well known.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/02/perl_domain_theft/

#attack #DNS #socialengineering

News URL

Related news