What would you do if someone stole your identity?

It's perhaps the ultimate horror story in the Information Age -- some crook becomes you, ruins your credit, gives you a police record, cheats on your taxes, etc. It can take years for a victim of identity theft to clear his or her name.

At SNET Internet, it only took us about 18 hours. We discovered at about 9 p.m. Wednesday, June 21, that our identity -- our name, snet.net -- was hijacked. Fortunately, we noticed what was going on in time to avert disaster. We took steps to minimize the damage to ourselves and our customers, and by the end of the day on Thursday we had our name back.

The frustrating part of this is that we are just another victim in a long line of recent victims. Internet.com was hijacked earlier this month. So was web.net. Nike.com was "redirected," to use the technical term, just the other day. There is nothing we can do to further protect ourselves. None of our systems were compromised -- we were not hacked. What happened, in layman's terms, is this.

Someone was able to effect a change to the status of SNET.net in the database of Internet domain names without our permission or authorization. This change would normally require a secure communication between us and our domain registrar, Network Solutions (NSI). All of a sudden, SNET.net wasn't ours anymore. We caught the problem a matter of hours before every computer server on the Internet would have been sending all mail and web traffic meant for our servers in Meriden to some server in Washington state that had our name.

As it was, some mail that was sent on the night of June 21 to SNET.net from outside our network went to Washington state, and was bounced back to the original senders. And some people who tried to access www.snet.net on the web saw a home page at www.mydomain.com instead.

The people who own "mydomain.com" were, if possible, even unhappier than we were. They were not at fault, either. In fact, they told us that this not the first time in recent weeks that they had been victimized in this way.

So whose fault is it? Pointing fingers isn't our style, but there is clearly a need for better security on the part of those entities that have been entrusted with control of the Internet address system.

NSI is the company that has had primary management of this huge system, but they are only one of many companies now handling domain registrations. We're happy that NSI responded to our complaint rapidly. But we hope that all domain registry companies will work on procedures that will help bring to an end the epidemic of domain hijacking.

SNET Internet and our parent company, SBC, will cooperate with law enforcement agencies in every way possible to catch the individuals involved in this stunt. But we're reminded of how fragile the Internet can be -- despite any measures we take, we remain vulnerable to individual mistakes and malign personalities.

This is SNET.net, live from Connecticut ... again.

Links:

Register.com scrambles to close security hole

Domain pirates continue rampage

Please send questions or comments to web.editor@snet.net.

Previous columns are available.