It all started with three e-mail messages sent during the week of May 30. The missives came from customer-service reps of Herndon (Va.)'s Network Solutions Inc., the world's biggest domain-name registrar, to online computer trade-publishing and e-commerce company Internet.com. The question: Did Internet.com want to transfer administrative control of its domain name, Internet.com, to an unknown individual? Transfer would have allowed that individual to redirect traffic coming to the site to somewhere else on the Internet. In essence, control of the brand name and public face of Internet.com, a publicly traded Connecticut-based company with a market capitalization of $500 million, would be in the hands of an unauthorized operator. Internet.com's tech staff said no. But by Friday, June 2, Internet.com Vice-President Chris Elwell received an e-mail from one of his employees in Wisconsin. The e-mail said that the administrative contact for ISP-list.com -- another of Internet.com's 1,200 registered domain names -- had been changed without authorization. MYSTERY COMPANY. Elwell put two and two together. Someone was apparently making a raid on Internet.com's valuable cache of domain names. Despite Internet.com's three refusals to switch control, "I figured I would take a look at Internet.com to see if this same change had been made to that record in the directory. Much to my horror, I called it up and it was registered to some company in Montreal," says Elwell. A phone call to Network Solutions on Sunday yielded nothing more than a pledge to fix the problems on Monday. Meanwhile, panicked Internet.com executives gathered to formulate a game plan to deal with the worst-case scenario -- what to do if their traffic was redirected to a porn siteIn this case, that wasn't a problem. But there was an even bigger one, Elwell soon found out. On Monday morning, he discovered that a forged fax had persuaded Network Solutions to transfer all 1,200 of Internet.com's domain names from Network Solutions to Open SRS, a competing domain-name registrar in Toronto. Meanwhile, the company's brand name lay at the mercy of a mysterious company that may or may not be located in Montreal. The investigation is continuing. "I felt sick to my stomach. I could not believe this was happening," said Elwell. TWIN CRISES. An isolated case? Hardly. Early Saturday morning that same weekend, a hacker broke into computers at GTE.net, an Internet service provider that has 450,000 dial-up customers and provides Web-hosting and other services to thousands of small and midsize businesses. The hacker forged an e-mail that appeared to come from inside GTE.net, asking NSI to transfer the domain name GTE.net to "Christian Schmidt" at a German address. The NSI system sent an automated e-mail confirmation, which the hacker also picked up, according to GTE spokespeople. By mid-morning, Mr. Schmidt -- or whoever was really behind the attack -- had full control of the GTE.net domain name. The twin crises ended with no real damage. Internet.com and GTE.net alerted NSI in time to lock down the domain names before anything untoward happened -- although Net surfers did lose access to the GTE.net site on Saturday. Both companies and NSI are cooperating with law-enforcement authorities to apprehend the still unknown parties behind the name grab. For their part, NSI says they are moving to fill any security holes. The domain-name keeper insists the weekend's events were an exceedingly rare occurrence. "About 99% of the time, the system works well," says NSI spokesperson Brian A. O'Shaughnessy. But what happened has many big companies doing business on the Internet worried. For years, smaller companies have complained of domain-name hijacking, but the phenomenon has left publicly traded companies and their investors largely unscathed. Many of the top executives at the big companies figured their domain names were simply too obvious to get lifted without attracting attention. DOT-COM CLEARINGHOUSE. Now, they're wondering if they'll be the next targets. And as more and more businesses move their sales channels and branding efforts to the Internet, pressure is mounting on NSI and other domain-name registrars to step up security. "There is obviously a flaw and something radically wrong here. If they don't double-check, there will be major lawsuits down the road," says Alan Meckler, Internet.com's CEO. The stakes are enormous. Many large companies, such as Cisco Systems Inc., rely on the Internet to such a degree that even a short interruption in service due to a domain-name hijacking could cost them tens of millions of dollars. Cisco says it sells 88% of its core router and switching products via the Internet. That's up from 20% three years ago. If Cisco's domain name get hijacked, "the online company becomes an offline company. Sales could be lost. And you could suffer brand erosion or a dramatic embarrassment in the press if someone redirects traffic to a sex site or something like that," says Carl Howe, research director for Cambridge (Mass.) Web consultancy Forrester Research. In its role as guardian of all U.S.-housed domain names, Network Solutions watches over 15 million separate monikers that fall under several now-familiar rubrics. These categories include: .com and .net (which denote commercial entities), .org (which denotes a nonprofit group), .edu (which denotes an educational institution), and .gov (which denotes a governmental body). In other countries, the same domain endings are used, but the Internet addresses also contain a country code -- such as .jp in Japan. LOSING LUSTER? In 1995, the U.S. federal government awarded NSI the right to maintain the root domain registration database that oversees the IP addresses of anyone registered in a U.S. top-level domain (such as .com). The company also won monopoly status as the only domain-name registrar, a lucrative sidelight that continues today. NSI lost the registrar monopoly last year but maintains a market share in excess of 75%. As of March, 2000, the company acts as registrar for 10 million of the domain names registered in the U.S. (in addition to watching over all 15 million). For bare-bones domain-name maintenance service, NSI charges a $70 initial fee and collects $35 per year. The company also offers a variety of other value-added services, including Web-site design, e-mail services, and secure-transaction and credit-card services. That business model has led to sky-high operating margins and a nifty profit -- rare for Internet companies. In the first quarter of 2000, NSI posted net income of $14.7 million, up $9.9 million from the same quarter in 1999. During that period, NSI's revenue more than doubled, to $98.2 million from $38.1 million the year prior, based on the strength of new registrations. These numbers handily beat Wall Street expectations and solidified NSI's spot as a viable dot-com company. But domain-name hijackings are threatening to take some of the shine off Network Solutions. The ease of the recent hijackings astonished observers, who assumed that a request to transfer such prominent domain names as Internet.com and GTE.net would at least raise eyebrows. In fact, Elwell and Meckler of Internet.com say NSI did not make a phone call to confirm the requests. OPTIONS OPEN. Furthermore, the three e-mails the week before should have tipped off NSI that something was brewing with Internet.com's account, Elwell believes. He's still pretty steamed. "They probably have clerks in there working who are making eight bucks an hour.... They didn't notice," says Meckler, who concedes that NSI did bend over backwards to restore the error afterwards. "Apparently, they never double-check. That's the big flaw in the system." For their part, NSI claims its 300 customer-service reps sift through 30,000 requests to alter the status of domain names each day. That averages out to 100 requests per day per employee. "There's an incredible amount of volume that comes into this business," says O'Shaughnessy. Raids such as those conducted on Internet.com and GTE.net are "akin to walking into the bank with someone's fake I.D." Furthermore, O'Shaughnessy says that NSI encourages its customers to adopt rigorous security procedures, including encrypted communication keys, to prevent problems of domain-name theft. "We encourage all of our customers to use the highest level of security, and [for] a lot of our customers, it's not the first thing that comes to mind," he says. For all this, O'Shaughnessy says NSI has less than 20 instances of domain-name hijacking per year. Some suspect that estimate is on the low side. Meckler says he has received nearly a dozen e-mails since the episode, from companies and individuals that have had the same problem with domain-name hijacking in the week after the incident. And he says Internet.com was already using the strongest security levels recommended by NSI. Although Meckler still has his 1,200 domain names housed at NSI, he says he's keeping his options open. Too many Alan Mecklers could spell big trouble for NSI.