Nike Web Hijacking Sparks Finger-Pointing

Company trades blame with NSI and host

The hijacking of Nike Inc.'s Web site last month has sparked an international argument over whether the footwear company or Internet domain-name registrar Network Solutions Inc. (NSI) should bear responsibility for the temporary theft of www.nike.com.

On June 21, a group calling itself S-11 redirected traffic from www.nike.com to servers at a Web hosting company in a slap at both Nike and the World Economic Forum. Now, the hosting firm is threatening legal action against Nike.

Greg Lloyd Smith, director of FirstNet Online (Management) Ltd. in Edinburgh, said the wayward Nike traffic swamped his company's Web servers and impaired service to its real customers. After unsuccessfully trying to bill Nike for use of his company's servers, Smith said he's preparing to sue the Beaverton, Ore.-based company for neglecting to secure its Internet domain.

Blame-Shifting

Nike, in turn, said responsibility lies with NSI in Herndon, Va. Changes to the status of Nike's domain name are supposed to be made only via NSI's security system, said Nike spokesman Corby Casler. But NSI allowed S-11's spoofed e-mail to change Nike's registry without requiring a password, she claimed.

Casler added that Nike has locked down any further changes to its registration information at NSI. Nike is also working with the FBI and local police in Oregon "to see exactly what happened and who is liable," she said.

Smith disputed the claim by Nike that it had access to the Crypt-PW encryption system through NSI, and he charged that the footwear maker subscribed to a level of security that lets changes to its information be made from an approved e-mail address. "A responsible company would not deny the fact that their domain was stolen because they did not have satisfactory security in place," Smith said via e-mail.

However, Casler insisted that Smith's claims are inaccurate and said Nike doesn't consider itself liable for the unintended usage of FirstNet's Web servers. Smith "did try to bill us for it, and our response is we are both victims and the real problem is [with] whoever it was who hacked into the system," Casler said.

Smith got into a legal battle with Amazon.com Inc. last year after the company won an injunction against him for using the Amazon.gr domain name in Greece in an alleged attempt to coerce a partnership. But Smith rejected any suggestion of complicity against Nike. "Our involvement was as an injured party," he said.

NSI, which declined to comment on the circumstances surrounding the Nike domain theft, has been criticized for similar thefts, including the heist of 1,300 domains from New York-based Internet.com in May. Alan Meckler, chairman and CEO of Internet.com, said NSI told his company that its information had been changed by forged documents sent via fax.

NSI officials "deny that it's their fault," Meckler said. "But the fact is that if you pay [NSI], you are presuming that in the morning the last thing you have to worry about is whether you own your domains."

But Connie Ellerbach, a partner at Fenwick and West, a law firm in Palo Alto, Calif., said past case law indicates that NSI wouldn't be liable for the theft because it's merely a conduit for domains and takes no responsibility for their validity or for changes in domain-name registrations. A recent domain theft suit brought against NSI by Sex.com was settled in favor of the registrar, she said.

Ellerbach added, though, that it would also be difficult for FirstNet to prove that Nike was negligent. "How is Nike going to police registration of a domain and keep them from spoofing or fooling NSI?"

Copyright © 2000 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon