
<div dir="ltr"><div>Some more details via DomainIncite : <a href="http://domainincite.com/24639-three-letter-com-owned-by-hospital-hijacked">http://domainincite.com/24639-three-letter-com-owned-by-hospital-hijacked</a></div><div><br></div><div>"<strong>A California hospital has seen its three-letter .com domain reportedly hijacked and transferred to a registrar in China.</strong>

<p>Sonoma Valley Hospital, a 75-bed facility north of San Francisco, was

 using <a href="http://svh.com">svh.com</a> as its primary domain until earlier this month, when it 

abruptly stopped working.</p>

<p>The Sonoma Index-Tribune <a href="https://www.sonomanews.com/home/a1/9924307-181/hospital-website-hijacked-by-pirates" rel="noopener noreferrer" target="_blank">reports</a> that the domain was “maliciously acquired”, according to a hospital spokesperson.</p>

<p>It does not seem to be a case of a lapsed registration.</p>

<p>Historical Whois records archived by DomainTools show that <a href="http://svh.com">svh.com</a>, 

which had been registered with Network Solutions, had over a year left 

on its registration when it was transferred to BizCN in early August.</p>

<p>BizCN is based in China and has around 711,000 gTLD domains under 

management, having shrunk by about 300,000 names over the 12 months to 

April."</p><p><br></p><p>Dev Anand<br></p>


</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Aug 23, 2019 at 11:40 AM Jonathan Zuck <<a href="mailto:JZuck@innovatorsnetwork.org">JZuck@innovatorsnetwork.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">


<div>

<div dir="auto" style="direction:ltr;margin:0px;padding:0px;font-family:sans-serif;font-size:11pt;color:black">

Agree. Let's add this to our DNS abuse discussions<br>

<br>

</div>

<div dir="auto" style="direction:ltr;margin:0px;padding:0px;font-family:sans-serif;font-size:11pt;color:black">

<span id="gmail-m_-3817365329097797649OutlookSignature">

<div dir="auto" style="direction:ltr;margin:0px;padding:0px;font-family:sans-serif;font-size:11pt;color:black">

Jonathan Zuck<br>

</div>

<div dir="auto" style="direction:ltr;margin:0px;padding:0px;font-family:sans-serif;font-size:11pt;color:black">

Executive Director<br>

</div>

<div dir="auto" style="direction:ltr;margin:0px;padding:0px;font-family:sans-serif;font-size:11pt;color:black">

Innovators Network Foundation<br>

</div>

<div dir="auto" style="direction:ltr;margin:0px;padding:0px;font-family:sans-serif;font-size:11pt;color:black">

<a href="http://www.Innovatorsnetwork.org" target="_blank">www.Innovatorsnetwork.org</a></div>

</span><br>

</div>

<hr style="display:inline-block;width:98%">

<div id="gmail-m_-3817365329097797649divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> At-Large <<a href="mailto:at-large-bounces@atlarge-lists.icann.org" target="_blank">at-large-bounces@atlarge-lists.icann.org</a>> on behalf of Evan Leibovitch <<a href="mailto:evan@telly.org" target="_blank">evan@telly.org</a>><br>

<b>Sent:</b> Friday, August 23, 2019 11:08:47 AM<br>

<b>To:</b> Olivier MJ Crépin-Leblond <<a href="mailto:ocl@gih.com" target="_blank">ocl@gih.com</a>><br>

<b>Cc:</b> ICANN At-Large list <<a href="mailto:at-large@atlarge-lists.icann.org" target="_blank">at-large@atlarge-lists.icann.org</a>><br>

<b>Subject:</b> Re: [At-Large] Sonoma Valley Hospital loses 3-letter domain name to hijackers</font>

<div> </div>

</div>

<div>

<div dir="ltr">

<div dir="ltr">

<div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(11,83,148)">On Fri, 23 Aug 2019 at 10:59, Olivier MJ Crépin-Leblond <<a href="mailto:ocl@gih.com" target="_blank">ocl@gih.com</a>> wrote:<br>

</div>

</div>

<div class="gmail_quote">

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div bgcolor="#FFFFFF">With all the safeguards in use, that's really surprising.<br>

</div>

</blockquote>

<div><br>

</div>

<div>

<div style="font-family:tahoma,sans-serif;color:rgb(11,83,148)" class="gmail_default">

Surprising? I would say scandalous.</div>

<div style="font-family:tahoma,sans-serif;color:rgb(11,83,148)" class="gmail_default">

And it's an abuse vector that ought to concern At-Large far more than gTLD allocation.</div>

<div style="font-family:tahoma,sans-serif;color:rgb(11,83,148)" class="gmail_default">

<br>

</div>

<div style="font-family:tahoma,sans-serif;color:rgb(11,83,148)" class="gmail_default">

Why doesn't ICANN have an appeals mechanism that allows maliciously redirected gTLDs to be returned to their original owner if malice can be demonstrated? Since we now now that "all the safeguards in use" can still be circumvented, why isn't there an after-the-fact

 remedy?</div>

<div style="font-family:tahoma,sans-serif;color:rgb(11,83,148)" class="gmail_default">

<br>

</div>

<div style="font-family:tahoma,sans-serif;color:rgb(11,83,148)" class="gmail_default">

Yes, it could be messy. But certainly you must all realize that if this goes unchecked it only opens the door to a new form of ransomware along side "we've encrypted your site".<br>

</div>

<div style="font-family:tahoma,sans-serif;color:rgb(11,83,148)" class="gmail_default">

<br>

</div>

<div style="font-family:tahoma,sans-serif;color:rgb(11,83,148)" class="gmail_default">

- Evan</div>

<div style="font-family:tahoma,sans-serif;color:rgb(11,83,148)" class="gmail_default">

</div>

<br>

</div>

<div><br>

</div>

<div><br>

</div>

<div><br>

</div>

<div> </div>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div bgcolor="#FFFFFF">Best,<br>

<br>

Olivier<br>

<br>

<div class="gmail-m_-3817365329097797649gmail-m_8354198719571272498moz-cite-prefix">On 23/08/2019 16:46, Dev Anand Teelucksingh wrote:<br>

</div>

<blockquote type="cite">

<div dir="ltr">

<div><a href="https://www.sonomanews.com/home/a1/9924307-181/hospital-website-hijacked-by-pirates?sba=AAS" target="_blank">https://www.sonomanews.com/home/a1/9924307-181/hospital-website-hijacked-by-pirates?sba=AAS</a></div>

<div><br>

</div>

<div>

<p class="gmail-m_-3817365329097797649gmail-m_8354198719571272498gmail-first-paragraph">Sonoma Valley Hospital’s website was hacked earlier this month, forcing the change of its URL and email addresses, hospital officials announced last week.</p>

<p>On Tuesday, Aug. 6, at 6:30 p.m., the hospital’s domain <a href="http://svh.com" target="_blank">

svh.com</a> was “maliciously acquired,” said Celia Kruse de la Rosa, the hospital’s communications director.</p>

<p>Hospital CEO Kelly Mather added: “The hijacking of our domain name was surprising and we are finding out, not unusual for highly valuable three letter domain names such as ‘svh.com.’”</p>

<p>When it became apparent that the hospital would not get the domain name returned, they “began migrating all internet connectivity to the new and current domain:

<a href="http://sonomavalleyhospital.org" target="_blank">sonomavalleyhospital.org</a> (web) and @<a href="http://sonomavalleyhospital.org" target="_blank">sonomavalleyhospital.org</a> (email),” de la Rosa said.</p>

</div>

</div>

<br>

<fieldset class="gmail-m_-3817365329097797649gmail-m_8354198719571272498mimeAttachmentHeader"></fieldset>

<pre class="gmail-m_-3817365329097797649gmail-m_8354198719571272498moz-quote-pre">_______________________________________________

At-Large mailing list

<a class="gmail-m_-3817365329097797649gmail-m_8354198719571272498moz-txt-link-abbreviated" href="mailto:At-Large@atlarge-lists.icann.org" target="_blank">At-Large@atlarge-lists.icann.org</a>

<a class="gmail-m_-3817365329097797649gmail-m_8354198719571272498moz-txt-link-freetext" href="https://atlarge-lists.icann.org/mailman/listinfo/at-large" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/at-large</a>


At-Large Official Site: <a class="gmail-m_-3817365329097797649gmail-m_8354198719571272498moz-txt-link-freetext" href="http://atlarge.icann.org" target="_blank">http://atlarge.icann.org</a>

_______________________________________________

By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a class="gmail-m_-3817365329097797649gmail-m_8354198719571272498moz-txt-link-freetext" href="https://www.icann.org/privacy/policy" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a class="gmail-m_-3817365329097797649gmail-m_8354198719571272498moz-txt-link-freetext" href="https://www.icann.org/privacy/tos" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</pre>

</blockquote>

<br>

<pre class="gmail-m_-3817365329097797649gmail-m_8354198719571272498moz-signature" cols="72">-- 

Olivier MJ Crépin-Leblond, PhD

<a class="gmail-m_-3817365329097797649gmail-m_8354198719571272498moz-txt-link-freetext" href="http://www.gih.com/ocl.html" target="_blank">http://www.gih.com/ocl.html</a>

</pre>

</div>

_______________________________________________<br>

At-Large mailing list<br>

<a href="mailto:At-Large@atlarge-lists.icann.org" target="_blank">At-Large@atlarge-lists.icann.org</a><br>

<a href="https://atlarge-lists.icann.org/mailman/listinfo/at-large" rel="noreferrer" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/at-large</a><br>

<br>

At-Large Official Site: <a href="http://atlarge.icann.org" rel="noreferrer" target="_blank">

http://atlarge.icann.org</a><br>

_______________________________________________<br>

By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy" rel="noreferrer" target="_blank">https://www.icann.org/privacy/policy</a>)

 and the website Terms of Service (<a href="https://www.icann.org/privacy/tos" rel="noreferrer" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing,

 setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</blockquote>

</div>

<br clear="all">

<br>

-- <br>

<div dir="ltr" class="gmail-m_-3817365329097797649gmail_signature">

<div dir="ltr">

<div>

<div dir="ltr">

<div dir="ltr">

<div style="text-align:center">

<div style="text-align:left">Evan Leibovitch, <span style="font-size:12.8px">Toronto Canada</span></div>

<div style="text-align:left"><span style="font-size:12.8px">@evanleibovitch or </span><span style="font-size:12.8px">@el56</span></div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>


_______________________________________________<br>

At-Large mailing list<br>

<a href="mailto:At-Large@atlarge-lists.icann.org" target="_blank">At-Large@atlarge-lists.icann.org</a><br>

<a href="https://atlarge-lists.icann.org/mailman/listinfo/at-large" rel="noreferrer" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/at-large</a><br>

<br>

At-Large Official Site: <a href="http://atlarge.icann.org" rel="noreferrer" target="_blank">http://atlarge.icann.org</a><br>

_______________________________________________<br>

By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy" rel="noreferrer" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://www.icann.org/privacy/tos" rel="noreferrer" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</blockquote></div>