In effect, the hijackers managed to transfer the administration of the domain to a different ISP, on which they had set up their own web site.
According to a report by The Register, the hijackers also attempted to take control over the Google.com, Web.de and Amazon.com domains, but were unsuccessful.
Names ending .de are controlled by German domain name registry DENIC, which has safeguards to prevent the unauthorised transfers. Unfortunately these do not appear to have worked last weekend, and investigations into what went wrong are continuing.
According to DENIC, when a domain name holder wishes to transfer the administration of his site to a different provider it must submit a request to DENIC. The Registry's automatic system then asks the existing provider for confirmation of the change.
The existing ISP has a duty to reject the change if it is not certain that the domain holder wants the transfer. On this occasion there was no response - which the system interpreted as consent.
The system also requires the new ISP to check that the data of the person asking for the change and that of the domain name holder, or his authorised representative, are identical.
According to DENIC, the change in the address referring to eBay.de was not reflected on the internet until early on Saturday morning. It was quickly spotted, and DENIC informed immediately. The Registry reversed the transfer as quickly as it could, and is investigating, together with both providers involved in the transfer, why the unauthorised change went through.
DENIC is also considering legal action against the person, or persons behind the hijacking.
Such unauthorised transfers are not unknown. In 2001 the domain name owned by US software firm Optima Technology was transferred without permission to a former employee of the company by domain registry Network Solutions, now owned by VeriSign.
In October last year Optima Technology sued VeriSign, claiming $3 million in damages. And In April this year, VeriSign settled a notorious unauthorised domain transfer dispute, relating to the ownership of sex.com.
Sex.com was originally registered by Gary Kremen of San Francisco in 1994. The following year, Stephen Cohen, an ex-convict, took the name from Kremen by sending a forged letter of transfer to Network Solutions (which subsequently became part of VeriSign).
Then followed a long-running court battle over the ownership of the domain, which was eventually awarded to Kremen, along with damages of £65 million – none of which has been paid. Kremen sued VeriSign for damages and, according to reports, eventually settled for over $15 million.