Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Domain summit 2024

Has anyone here ever had a domain name hijacked?

Status
Not open for further replies.

chris

Level 4
Legacy Platinum Member
Joined
Apr 8, 2002
Messages
198
Reaction score
0
Feedback: 9 / 0 / 0
I'm trying to compile some case studies on domain name hijacking and I was wondering if any of you could tell me of one that's happened to you or someone you know.

sex.com is the most famous so far that I've been able to find. Are there any other high-valued names that have been hijacked that I'm missing?

Thanks,
Chris
 
Domain summit 2024

Guest
Chris, yes I have one such personal experience with a secondary domain I had with Network Solutions, 2 1/2 years ago. They exploited the predictable confirmation emails - for change of admin contact, took control of my handle and the domain.

It was done by a self-proclaimed Russian guy in Turkey. I contacted the FBI (didn't care less). I was able to chat with the guy on ICQ and convince him that what he was doing was not nice. He put everything back (he hijacked lots more domains with the same method). Thank you, Network Solutions!
 

chris

Level 4
Legacy Platinum Member
Joined
Apr 8, 2002
Messages
198
Reaction score
0
Feedback: 9 / 0 / 0
Were you using a free e-mail address service or what? How did he get control of your e-mail address?

Thanks
 

Guest
People have tried countless times to hijack names from me over the past few years - luckily I get a notificatoin from my registrar about the attempts. I also use Watch My Domains Pro from SoftNik to monitor my domains.

The problem with domain theft is its so easy to do, there are all kinds of weaknesses - human error (forged email addresses/typo email addresses/fake faxes etc), poor losing registrar security (like where they don't inform you a transfer request is going through) and poor registrar controls.

The current system whereby the gaining registrar is responsible for security is just plain stupid as we won't have any contract with the gaining registrar in a hijack attempt.

In theory it should be easy to get the domain back citing the ICANN registrar accreditation agreements provision for correcting registrar mistakes - but in reality, hijackers tend to cute and delete the domain once transferred and rereg it via another registrar so that its not a transfer any more - its a new registration. Thats makes the whole audit trail extemely hard to follow.
 

Guest
Originally posted by chris
Were you using a free e-mail address service or what? How did he get control of your e-mail address?

Thanks


They never took control of my email address. This was a HUGE HOLE of Network Solutions.

The way it was done, was to send a spoofed email from the legitimate owner's email to NetSol, asking for a change in the handle. Then, immediately they'd send to NetSol a spoofed confirmation. Because NetSol's bot forms were SO predictable, all they did was bet on the almost sure fact that the legitimate owner would catch that email too late. In my case, it happened within minutes; I actually declined the changes but it was too late.

This was only a flaw of NetSol, until at least mid-2000. The solution was to use password protection instead of email.
 

DnPowerful

Level 5
Legacy Platinum Member
Joined
Apr 5, 2002
Messages
351
Reaction score
0
Feedback: 0 / 0 / 0
Snoopy, it was actually web.net, not .org where there was an attempt. I know the parties involved, and it was really frightening.

New registrar locks are happening fast amongst registrars, and that will help.

Once again, NSI got away with murder for years. Imagine your local bank saying "Yes, someone broke into your account and stole $200,000 (the value of some names that have been hijacked or had attempts)." Sorry, read the disclaimer, not our problem. Again and again, the ubiquitous Cheryl Regan/NSI spin machine went into action and allowed them to wriggle out of ALL the thefts that happened over the years.

I myself have had dozens of attempts over the years. One guy tried to steal it every week for months. I even contacted him and said: "You really are a fool--why don't you just make me an offer." Of course, that's not the point for these characters.I contacted the local FBI where he was, and they arrested him. He was a candidate for 'Stupid Criminal Videos'.
 

DnPowerful

Level 5
Legacy Platinum Member
Joined
Apr 5, 2002
Messages
351
Reaction score
0
Feedback: 0 / 0 / 0
...tracking whois changes automatically goes a long way towards averting disaster.
 

Guest
Originally posted by DnPowerful
Snoopy, it was actually web.net, not .org where there was an attempt. I know the parties involved, and it was really frightening.

New registrar locks are happening fast amongst registrars, and that will help.

Once again, NSI got away with murder for years. Imagine your local bank saying "Yes, someone broke into your account and stole $200,000 (the value of some names that have been hijacked or had attempts)." Sorry, read the disclaimer, not our problem. Again and again, the ubiquitous Cheryl Regan/NSI spin machine went into action and allowed them to wriggle out of ALL the thefts that happened over the years.

I myself have had dozens of attempts over the years. One guy tried to steal it every week for months. I even contacted him and said: "You really are a fool--why don't you just make me an offer." Of course, that's not the point for these characters.I contacted the local FBI where he was, and they arrested him. He was a candidate for 'Stupid Criminal Videos'.


In my case the FBI agent asked what the damage was, and in order for the FBI to jump in they had to deal with a loss of $5,000 and more. Plus the guy was in Turkey.
 

chris

Level 4
Legacy Platinum Member
Joined
Apr 8, 2002
Messages
198
Reaction score
0
Feedback: 9 / 0 / 0
Originally posted by timechange

This was only a flaw of NetSol, until at least mid-2000. The solution was to use password protection instead of email.

Very interesting, timechange...

But what about people who still allow e-mail authentication and don't use CRYPT-PW or PGP to authenticate changes to their Verisign domains... aren't these people still at risk to this vulnerability?

Thanks
 

DnPowerful

Level 5
Legacy Platinum Member
Joined
Apr 5, 2002
Messages
351
Reaction score
0
Feedback: 0 / 0 / 0
Hard to say Chris. I'm not sure whether NSI is using register lock, but if so, then this kind of theft is preventable.

Used to be a site that actually showed you how to steal a domain. It was a security site, and it scared the **** out of me. From then on, Crypt-PW at minimum for me. :eek:
 
Status
Not open for further replies.

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Be a Squirrel
MariaBuy

New Threads

Our Mods' Businesses

UrlPick.com
Free QR Code Generator by MerchArts

*the exceptional businesses of our esteemed moderators

Top Bottom