Hack rumored to be related to other recent domain takeovers


UPDATED The domain registration belonging to Perl.com, the popular source of news and information about the Perl programming language, has reportedly been stolen.

Brian Foy, a Perl expert who has written several books on the subject, revealed today (January 28) that the domain has been taken over by an unknown actor.

He wrote on Reddit: “We’re still trying to unravel this and I can’t get into details. However, it looks like there was an account hack.

“I don’t know how long that would take to rewind.”

Foy added: “The perl.org and perl.com domains are unrelated and have different rightful registrants, so this doesn’t affect perl.org.”

(Not) past its sell by date

A message on the website claims that the domain is for sale and lists contact details for the registrar.

This suggests that the registration has expired – however the domain, which is listed as being owned by Tom Christiansen, isn’t due to expire until 2030.

It isn’t clear exactly how the malicious hacker was able to gain access to the account, though there is speculation online that the takeover is related to a number of other domain takeover attacks.

The domains patterns.com, chip.com, neurologist.com, and piracy.com have all reportedly been taken over in similar circumstances, according to Twitter users.


Read more of the latest DNS security news

Multiple attackers

Foy, who is leading the domain recovering coordination with Christiansen, the rightful registrant, told The Daily Swig that “multiple actors” are behind the attack, which first began in September.

“This domain was hijacked in September but they didn’t change the DNS, which is why nobody noticed immediately,” Foy said.

They have not yet regained control of the domain, which has been locked by the registrar.

Foy added: “We are evaluating all options for better domain security. In particular, we are instituting backup email address for contacts so that the loss of a domain does not prevent communication.

“Additionally, we are setting up systems to monitor the registrar so that we can notice unauthorized transfers.”

Call for help

Foy has also reached out to the cybersecurity community asking for help in regaining access to the domain.

“We’re looking for people who have actual experience dealing with that situation so we can dispute the transfer. If you’ve actually gone through that process, please get in touch,” he wrote on Reddit.

He added: “If you know how to fix this sort of thing, we’d like your help.”


YOU MAY ALSO LIKE Blind TCP/IP hijacking is resurrected for Windows 7


This article has been updated to include comments from Brian Foy. An earlier version of this article incorrectly stated that Tom Christiansen is the author of Perl, this has been clarified.