Has anyone here ever had a domain name hijacked?

[chris]

I'm trying to compile some case studies on domain name hijacking and I was wondering if any of you could tell me of one that's happened to you or someone you know.

sex.com is the most famous so far that I've been able to find. Are there any other high-valued names that have been hijacked that I'm missing?

Thanks,
Chris

 

Chris, yes I have one such personal experience with a secondary domain I had with Network Solutions, 2 1/2 years ago. They exploited the predictable confirmation emails - for change of admin contact, took control of my handle and the domain.

It was done by a self-proclaimed Russian guy in Turkey. I contacted the FBI (didn't care less). I was able to chat with the guy on ICQ and convince him that what he was doing was not nice. He put everything back (he hijacked lots more domains with the same method). Thank you, Network Solutions!

 

[chris]

Were you using a free e-mail address service or what? How did he get control of your e-mail address?

Thanks

 

Chris,

Seems it still happens a lot, though I've never had it happen to me ( says something about my names )

Perhaps try and get in contact with some people with lots of one word names. I know web.org was hijacked a while back.

http://www.canadacomputes.com/v3/story/1,1017,1063,00.html?tag=81&sb=121

 

People have tried countless times to hijack names from me over the past few years - luckily I get a notificatoin from my registrar about the attempts. I also use Watch My Domains Pro from SoftNik to monitor my domains.

The problem with domain theft is its so easy to do, there are all kinds of weaknesses - human error (forged email addresses/typo email addresses/fake faxes etc), poor losing registrar security (like where they don't inform you a transfer request is going through) and poor registrar controls.

The current system whereby the gaining registrar is responsible for security is just plain stupid as we won't have any contract with the gaining registrar in a hijack attempt.

In theory it should be easy to get the domain back citing the ICANN registrar accreditation agreements provision for correcting registrar mistakes - but in reality, hijackers tend to cute and delete the domain once transferred and rereg it via another registrar so that its not a transfer any more - its a new registration. Thats makes the whole audit trail extemely hard to follow.

 

Originally posted by chris
Were you using a free e-mail address service or what? How did he get control of your e-mail address?

Thanks

They never took control of my email address. This was a HUGE HOLE of Network Solutions.

The way it was done, was to send a spoofed email from the legitimate owner's email to NetSol, asking for a change in the handle. Then, immediately they'd send to NetSol a spoofed confirmation. Because NetSol's bot forms were SO predictable, all they did was bet on the almost sure fact that the legitimate owner would catch that email too late. In my case, it happened within minutes; I actually declined the changes but it was too late.

This was only a flaw of NetSol, until at least mid-2000. The solution was to use password protection instead of email.

 

Mine was an early one BTW, January of 2000.

 

[DnPowerful]

Snoopy, it was actually web.net, not .org where there was an attempt. I know the parties involved, and it was really frightening.

New registrar locks are happening fast amongst registrars, and that will help.

Once again, NSI got away with murder for years. Imagine your local bank saying "Yes, someone broke into your account and stole $200,000 (the value of some names that have been hijacked or had attempts)." Sorry, read the disclaimer, not our problem. Again and again, the ubiquitous Cheryl Regan/NSI spin machine went into action and allowed them to wriggle out of ALL the thefts that happened over the years.

I myself have had dozens of attempts over the years. One guy tried to steal it every week for months. I even contacted him and said: "You really are a fool--why don't you just make me an offer." Of course, that's not the point for these characters.I contacted the local FBI where he was, and they arrested him. He was a candidate for 'Stupid Criminal Videos'.

 

[DnPowerful]

...tracking whois changes automatically goes a long way towards averting disaster.

 

Originally posted by DnPowerful
Snoopy, it was actually web.net, not .org where there was an attempt. I know the parties involved, and it was really frightening.

New registrar locks are happening fast amongst registrars, and that will help.

Once again, NSI got away with murder for years. Imagine your local bank saying "Yes, someone broke into your account and stole $200,000 (the value of some names that have been hijacked or had attempts)." Sorry, read the disclaimer, not our problem. Again and again, the ubiquitous Cheryl Regan/NSI spin machine went into action and allowed them to wriggle out of ALL the thefts that happened over the years.

I myself have had dozens of attempts over the years. One guy tried to steal it every week for months. I even contacted him and said: "You really are a fool--why don't you just make me an offer." Of course, that's not the point for these characters.I contacted the local FBI where he was, and they arrested him. He was a candidate for 'Stupid Criminal Videos'.

In my case the FBI agent asked what the damage was, and in order for the FBI to jump in they had to deal with a loss of $5,000 and more. Plus the guy was in Turkey.

 

[chris]

Originally posted by timechange

This was only a flaw of NetSol, until at least mid-2000. The solution was to use password protection instead of email.

Very interesting, timechange...

But what about people who still allow e-mail authentication and don't use CRYPT-PW or PGP to authenticate changes to their Verisign domains... aren't these people still at risk to this vulnerability?

Thanks

 

[DnPowerful]

Hard to say Chris. I'm not sure whether NSI is using register lock, but if so, then this kind of theft is preventable.

Used to be a site that actually showed you how to steal a domain. It was a security site, and it scared the **** out of me. From then on, Crypt-PW at minimum for me.

 

I am not sure and I could care less; not using NetSol anymore.