Nicholas Bolton banned from selling domain names for 'serious breach'
THE company that administers the .au domain may ban all three of Nicholas Bolton's active registry businesses from trading in domain names.
Today it banned one company, Bottle Domains, for a 'serious breach of its obligations'.
In a statement, Domain Administration (auDA), said it had "terminated the registrar accreditation of Australian Style Pty Ltd trading as Bottle Domains".
Mr Bolton, who has come to attention as a central player in the BrisConnections fiasco, denied that his company had done anything improper.
The ban stems from an Australian Federal Police investigation into a 'security incident' in February at Bottle Domains.
The Sydney Morning Herald is reporting that the personal account and credit card numbers of up to 60,000 Bottle Domain customers were posted for sale at an online hacker forum.
The paper reported that a Australian Federal Police have arrested a 22-year-old Perth man over the theft and charged with dishonestly dealing in personal financial information.
he chief executive of auDA, Chris Disspain, told news.com.au: "We view this as being extraordinarily serious. Someone broke into their system. They did nothing other than apply a patch as far as we know."
He said the timing of the ban was a coincidence.
Mr Disspain said that his company is investigating two of Mr Boltonâs other registry businesses.
"We are currently considering what, if any, action to take in respect to those two (other) registrars bearing in mind there is a continuity of management between them and Bottle Domains," Mr Disspain said.
About 11,000 customers, with 20,000 domain names, have been transferred to auDA today, he said.
"These customers are no longer at any risk," Mr Disspain said. "Bottle Domains can basically no longer act as a registrar."
A fourth domain name company owned by Mr Bolton does not actively sell domains at all at this time.
A statement from auDA statement read: "auDA has since discovered that Bottle Domains was the subject of an earlier security incident in April 2007, which auDA believes may have caused or contributed to the security incident in February 2009."
"Information recently provided to auDA by Bottle Domains about the April 2007 incident revealed that it did not reset customer passwords or alert its customers to the possibility that their account information had been accessed by third parties.
"Bottle Domains also failed to conduct an independent security audit to verify that the security vulnerability had been fixed, and that there was no other unauthorised access to its systems."
Mr Disspain said in the statement: "In our view, Bottle Domainsâ failure to deal properly with the security incident in April 2007 demonstrated an alarming disregard of the potential risks to its own customers, and to the overall stability and integrity of the Australian DNS."
"Given the seriousness of the matter, it is appropriate that auDA terminate Bottle Domainsâ registrar accreditation."
Speaking from his Melbourne office, Mr Bolton denied that his company had committed any wrongdoing.
"We are in state of disagreement with the position (of the) registrar and are taking measures to remedy the matter," he said. "We deny that there was a breach."
This is the third registrar that has been terminated by auDA since 2002. There are about two-dozen registrars allowed to register .au domain names.
