January 25, 2001, 10:13 AM — Microsoft Corp. is not saying much yet, but hackers are not being ruled out as the cause of domain name system (DNS) problems that have left some of Microsoft's most popular sites inaccessible for the past day.
Hard evidence of sabotage is slim. Nevertheless, some security experts and a PC World investigation suggest that domain name system tampering could have redirected traffic from popular Microsoft sites like Hotmail, MSN, bCentral, and Microsoft.com, making them essentially unreachable.
Microsoft confirms it's a DNS problem, but the cause is unknown.
"We are not ruling anything out or anything in as to the cause at this time," says Adam Sohn, a Microsoft spokesperson. "We have not issued an all-clear."
Servers Lose Direction
The domain name system is name resolution software that lets users find computers on the Internet by name rather than a number. Microsoft's site domains failed to call their corresponding Web pages starting Tuesday night, and continuing sporadically across the Web through Wednesday afternoon. Microsoft contends the problem is a temporary DNS issue and not a security breach.
But investigating the domain trail through a Whois request produces some interesting results. Whois tells you the owner of any second-level domain name, according to who has registered it with Network Solutions, the most widely used Internet registrar for .com names.
Inputting "microsoft.com" at the site BetterWhois.com returns a list of colorful but bogus domain names. Among them:
But could these fake domain names really lead to traffic being misdirected away from genuine Microsoft sites? Security experts say it's possible, but evidence is scant. Oddly, late Wednesday afternoon, the BetterWhois.com site began to show error messages when queried about Microsoft.
Graffiti, Not Vandalism
Domain names alone wouldn't cause the sites' blackout, says Martin Fong, a senior software engineer at research institute SRI International.
"These are domain names no one will ever type in," Fong says. "This is not DNS poisoning but just junk in the DNS record."
When you type in a domain name, the name calls up the IP address with which it's associated, Fong explains. If it can't find the address, the site won't appear on your screen. But changing the domain name won't alter the IP address, he says.