moniker Moniker helped in domain theft...

[David G]

Perhaps he's subject to a gag order.

Maybe so but he could at least have the courtesy to say he is unable to give more information on this issue. By saying that can't see how it could violate a possible gag order.

 

[Poohnix]

I'm sorry, I haven't been very active in the forum the last few years; It was pure luck I saw this update here now, and had missed the earlier ones.
I'm not completely at liberty do discuss details, but in general terms, and what I think of it all.

I did get the domain back, eventually. It took a few months, but I have no info on how Moniker managed to get it back.
Neither do I know if their system is safer now or not; I haven't used it since this happened.
One thing I remember from this incident and communicating with Moniker/Snapnames/Oversee was the lack of security thinking and -awareness that seemed to exist throughout their whole operation. It was like they had somehow convinced themselves that they were as secure as they've always claimed to be, while in fact every comment and action showed exactly the opposite. They were so certain they were secure, that they didn't want to see the very obvious holes in the security, and that the emperor in fact was naked...
They had launched their "integrated" moniker/snapnames system way too early, without doing any kind of testing, much less any security audit... when they said they had "locked down" the domain, that was in fact what the operator thought, and the system told him... but it wasn't the case. So the culprit could transfer the domain out anyway. And they didn't believe me when I told them, since their system said it was locked down... And that's just the tip of the iceberg of it all.
That they at all considered it a good idea to give the buyer full control of the domain immediately, the second the "payment" was processed, (no matter which payment method was used), says quite a lot of their safety thinking...
While the seller had to wait a week to get access to the money... Yes, that's safe for Moniker/Snapnames/Oversee, and the buyer... but not for any seller, and the system was pretty much asking for this kind of thing to happen, the second it was launched.

--Pooh

 

[erdinc]

The reason I'm very annoyed is the stupidity of snapnames/moniker. This is not how you provide any service. There was nobody in charge at their end. Nobody had thought things through.

Before you provide such a service you plan things and write down procedures. For instance you write down:
1) What happens if buyer doesn't pay.
2) What happens if the buyer is responding but asking for more time. How long do you wait? How do you respond? How long has the seller to wait.
3) What happens if the seller does not or can not sell his domain because of ... a) a legal case, b) there is an issue with ownership c) ...
4) What happens if the payment is reversed a) during the transaction b) between 1 and 3 days after the transaction has completed c) 4 or more days after the transaction
5) What happens if there are signs the buyer and seller might be connected or the same person and this is spotted a) during the transaction b) 1-3 days...
...
...
This is how you do things. You put together a team of smart people and write down things that could possible go wrong and what you do if this happens. You don't just jump into the shallow water and hope for the best.

Why are these people so useless? If you guys don't know what you are doing why are you providing any service at all? Just shut your doors and stop annoying people.

When the transaction was cancelled and the domain was put back into sellers account they knew very well the domain had been in buyers account for a while. Even if they didn't plan ahead and had no procedures to follow, why did nobody think at that moment that the domain is at the risk of transferred away? Why did nobody change the EPP code, lock the domain and monitor it for a week for possible transfer requests that might have gone through? Why did they not act with a sense of responsibility of anything that might go wrong?

 

[Poohnix]

When the transaction was cancelled and the domain was put back into sellers account...

Even worse.

1. The payment was reversed - but they did not notify me about it.
2. The domain was not returned to my account - it was left in the buyers account, even after the payment was reversed!

--P

 

[erdinc]

This is pathetic. Whoever was responsible of managing this service should be fired. Snapnames should publicly apologise for being so stupid and should compensate you for the stress they caused for months.

 

[Poohnix]

I was pure luck I found out the payment had been reversed; It wasn't very obvious at all... The system still said I had sold domains for that much, (whatever the figure was), and I had to go into transaction details to see it... last time I logged into their system, over a year later, (pure curiosity) it still said I had sold domains for that much... Now I can't check - I tried logging in, and the system says my account is suspended, and I have to add a valid CC to get anywhere aside from the add CC screen... but I don't intend to do that.

 

[sellingonline]

I was just reading about this disaster and looking at the following response, shows me why moniker went to a no-no for me and many others:

We will also do whatever is necessary to prevent anyone from questioning our ability to protect our client assets. There is nothing more important to us.

Nobody really mentioned it, but this is just arrogant. Moniker wants us to "shut up" and promises to "do whatever is necessary" to get us to stay silent, but if it comes to what they should care about, they don't "do whatever is necessary" at all..

And especially the part where he says "There is nothing more important to us", could as well be read as "nothing is more important than brushing this under the table." Oh well, they say the truth always gets revealed, and it did, didn't it...

Just really sad that moniker went this way, they once, in the past, were my favourite registrar. But I guess it was because Monte cared.

Good to read you finally got your domain back though, it sounds like it was a painful journey.

Summary of my opinion, based on readings and own experience (a senior rep. just lied to me the other day, so nothing has changed):

"Moniker != trusted" (in plain, non-geek English: Moniker is not to be trusted, ever - no exception allowed)