[At-Large] Sonoma Valley Hospital loses 3-letter domain name to hijackers

Dev Anand Teelucksingh devtee at gmail.com
Fri Aug 23 17:02:49 UTC 2019


Some more details via DomainIncite :
http://domainincite.com/24639-three-letter-com-owned-by-hospital-hijacked

"*A California hospital has seen its three-letter .com domain reportedly
hijacked and transferred to a registrar in China.*

Sonoma Valley Hospital, a 75-bed facility north of San Francisco, was using
svh.com as its primary domain until earlier this month, when it abruptly
stopped working.

The Sonoma Index-Tribune reports
<https://www.sonomanews.com/home/a1/9924307-181/hospital-website-hijacked-by-pirates>
that the domain was “maliciously acquired”, according to a hospital
spokesperson.

It does not seem to be a case of a lapsed registration.

Historical Whois records archived by DomainTools show that svh.com, which
had been registered with Network Solutions, had over a year left on its
registration when it was transferred to BizCN in early August.

BizCN is based in China and has around 711,000 gTLD domains under
management, having shrunk by about 300,000 names over the 12 months to
April."


Dev Anand

On Fri, Aug 23, 2019 at 11:40 AM Jonathan Zuck <JZuck at innovatorsnetwork.org>
wrote:

> Agree. Let's add this to our DNS abuse discussions
>
> Jonathan Zuck
> Executive Director
> Innovators Network Foundation
> www.Innovatorsnetwork.org
>
> ------------------------------
> *From:* At-Large <at-large-bounces at atlarge-lists.icann.org> on behalf of
> Evan Leibovitch <evan at telly.org>
> *Sent:* Friday, August 23, 2019 11:08:47 AM
> *To:* Olivier MJ Crépin-Leblond <ocl at gih.com>
> *Cc:* ICANN At-Large list <at-large at atlarge-lists.icann.org>
> *Subject:* Re: [At-Large] Sonoma Valley Hospital loses 3-letter domain
> name to hijackers
>
> On Fri, 23 Aug 2019 at 10:59, Olivier MJ Crépin-Leblond <ocl at gih.com>
> wrote:
>
>> With all the safeguards in use, that's really surprising.
>>
>
> Surprising? I would say scandalous.
> And it's an abuse vector that ought to concern At-Large far more than gTLD
> allocation.
>
> Why doesn't ICANN have an appeals mechanism that allows maliciously
> redirected gTLDs to be returned to their original owner if malice can be
> demonstrated? Since we now now that "all the safeguards in use" can still
> be circumvented, why isn't there an after-the-fact remedy?
>
> Yes, it could be messy. But certainly you must all realize that if this
> goes unchecked it only opens the door to a new form of ransomware along
> side "we've encrypted your site".
>
> - Evan
>
>
>
>
>
>
>> Best,
>>
>> Olivier
>>
>> On 23/08/2019 16:46, Dev Anand Teelucksingh wrote:
>>
>>
>> https://www.sonomanews.com/home/a1/9924307-181/hospital-website-hijacked-by-pirates?sba=AAS
>>
>> Sonoma Valley Hospital’s website was hacked earlier this month, forcing
>> the change of its URL and email addresses, hospital officials announced
>> last week.
>>
>> On Tuesday, Aug. 6, at 6:30 p.m., the hospital’s domain svh.com was
>> “maliciously acquired,” said Celia Kruse de la Rosa, the hospital’s
>> communications director.
>>
>> Hospital CEO Kelly Mather added: “The hijacking of our domain name was
>> surprising and we are finding out, not unusual for highly valuable three
>> letter domain names such as ‘svh.com.’”
>>
>> When it became apparent that the hospital would not get the domain name
>> returned, they “began migrating all internet connectivity to the new and
>> current domain: sonomavalleyhospital.org (web) and @
>> sonomavalleyhospital.org (email),” de la Rosa said.
>>
>> _______________________________________________
>> At-Large mailing listAt-Large at atlarge-lists.icann.orghttps://atlarge-lists.icann.org/mailman/listinfo/at-large
>>
>> At-Large Official Site: http://atlarge.icann.org
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
>>
>>
>> --
>> Olivier MJ Crépin-Leblond, PhDhttp://www.gih.com/ocl.html
>>
>> _______________________________________________
>> At-Large mailing list
>> At-Large at atlarge-lists.icann.org
>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>>
>> At-Large Official Site: http://atlarge.icann.org
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your
>> personal data for purposes of subscribing to this mailing list accordance
>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
>> the website Terms of Service (https://www.icann.org/privacy/tos). You
>> can visit the Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style delivery or
>> disabling delivery altogether (e.g., for a vacation), and so on.
>
>
>
> --
> Evan Leibovitch, Toronto Canada
> @evanleibovitch or @el56
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>
> At-Large Official Site: http://atlarge.icann.org
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/at-large/attachments/20190823/aea09317/attachment-0001.html>


More information about the At-Large mailing list