Some more details via DomainIncite : http://domainincite.com/24639-three-letter-com-owned-by-hospital-hijacked "*A California hospital has seen its three-letter .com domain reportedly hijacked and transferred to a registrar in China.* Sonoma Valley Hospital, a 75-bed facility north of San Francisco, was using svh.com as its primary domain until earlier this month, when it abruptly stopped working. The Sonoma Index-Tribune reports <https://www.sonomanews.com/home/a1/9924307-181/hospital-website-hijacked-by-...> that the domain was “maliciously acquired”, according to a hospital spokesperson. It does not seem to be a case of a lapsed registration. Historical Whois records archived by DomainTools show that svh.com, which had been registered with Network Solutions, had over a year left on its registration when it was transferred to BizCN in early August. BizCN is based in China and has around 711,000 gTLD domains under management, having shrunk by about 300,000 names over the 12 months to April." Dev Anand On Fri, Aug 23, 2019 at 11:40 AM Jonathan Zuck <JZuck@innovatorsnetwork.org> wrote:
Agree. Let's add this to our DNS abuse discussions
Jonathan Zuck Executive Director Innovators Network Foundation www.Innovatorsnetwork.org
------------------------------ *From:* At-Large <at-large-bounces@atlarge-lists.icann.org> on behalf of Evan Leibovitch <evan@telly.org> *Sent:* Friday, August 23, 2019 11:08:47 AM *To:* Olivier MJ Crépin-Leblond <ocl@gih.com> *Cc:* ICANN At-Large list <at-large@atlarge-lists.icann.org> *Subject:* Re: [At-Large] Sonoma Valley Hospital loses 3-letter domain name to hijackers
On Fri, 23 Aug 2019 at 10:59, Olivier MJ Crépin-Leblond <ocl@gih.com> wrote:
With all the safeguards in use, that's really surprising.
Surprising? I would say scandalous. And it's an abuse vector that ought to concern At-Large far more than gTLD allocation.
Why doesn't ICANN have an appeals mechanism that allows maliciously redirected gTLDs to be returned to their original owner if malice can be demonstrated? Since we now now that "all the safeguards in use" can still be circumvented, why isn't there an after-the-fact remedy?
Yes, it could be messy. But certainly you must all realize that if this goes unchecked it only opens the door to a new form of ransomware along side "we've encrypted your site".
- Evan
Best,
Olivier
On 23/08/2019 16:46, Dev Anand Teelucksingh wrote:
https://www.sonomanews.com/home/a1/9924307-181/hospital-website-hijacked-by-...
Sonoma Valley Hospital’s website was hacked earlier this month, forcing the change of its URL and email addresses, hospital officials announced last week.
On Tuesday, Aug. 6, at 6:30 p.m., the hospital’s domain svh.com was “maliciously acquired,” said Celia Kruse de la Rosa, the hospital’s communications director.
Hospital CEO Kelly Mather added: “The hijacking of our domain name was surprising and we are finding out, not unusual for highly valuable three letter domain names such as ‘svh.com.’”
When it became apparent that the hospital would not get the domain name returned, they “began migrating all internet connectivity to the new and current domain: sonomavalleyhospital.org (web) and @ sonomavalleyhospital.org (email),” de la Rosa said.
_______________________________________________ At-Large mailing listAt-Large@atlarge-lists.icann.orghttps://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- Olivier MJ Crépin-Leblond, PhDhttp://www.gih.com/ocl.html
_______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- Evan Leibovitch, Toronto Canada @evanleibovitch or @el56 _______________________________________________ At-Large mailing list At-Large@atlarge-lists.icann.org https://atlarge-lists.icann.org/mailman/listinfo/at-large
At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.