By Ingrid Marson, 7 September 2004 08:50
NEWS German police said on Saturday that a 19-year-old from Helmstedt, Lower Saxony, has admitted to hijacking the domain of the eBay Germany website and is likely to face charges of computer sabotage, according to ZDNet Germany.
The domain hijack attack happened at the end of August when visitors to the eBay.de site were redirected to a different domain name server (DNS), meaning that they could not access auctions.
According to Frank Federau, a spokesman for the Lower Saxony police, the 19-year-old is not a computer expert. The boy claims to have merely stumbled across websites which described how to do a DNS transfer.
He claimed that "just for fun" he requested a DNS transfer for several sites including Google.de, Web.de, Amazon.de and eBay.de. Most of these transfers were denied, but the transfer for eBay went ahead. It is unclear how the domain could have been transferred without the consent of the owner.
The teenager said he did not want to cause damage. Indeed, according to Federau, he was shocked when he was told that he had become the new owner of the eBay.de web address. The domain has now been returned to its rightful owner.
Ebay stated that user data was not endangered by the domain hijacking.
In May this year another teenager from Lower Saxony was arrested on suspicion of creating the Sasser computer worm that infected millions of computers worldwide. The case against the Sasser suspect is due to start soon.
The full news report (in German) on the eBay domain hijacking can be found here.
Ingrid Marson writes for ZDNet UK
Comments
There are 3 comments. Join the discussion
1. Brian Burkill
Hmmm,
Makes you wonder just how safe your data is with Ebay. They actively encourage online payment via paypal (do they own paypal?).
If a simple attempt like this can get through, what other holes are there??
No doubt, after this revelation, the mischief makers will be looking for the holes now.
Think I will leave Ebay alone for a while, until they sort themselves out.
2. Craig
No user data was at risk, Brian. All the kid did was redirect requests to eBay.de to a different IP. This 'crime' is similar to a child trying to buy booze from the off-license. What should happen is the owner says 'sling your hook kiddo', but what the domain registrar did was say 'sure, take as much as you like'. The 19 year old shouldn't be the only one to end up in the dock for this.
3. Raymond
"Do they own PayPal?"
Yep. In fact PayPal's main office is located here in my home town. Was a great company before ebay took over.
Don't get me wrong, they are still a great company, but problems have trickled down the line from ebay and a lot of PayPal workers are unhappy. Though management would have you believe its fine.. =/