Wednesday, November 26, 2003

Domain Theft is Still a Little Too Easy:
"Do you ever get spam offering to sell you fake IDs? Here's one reason why some people want to buy one: a fake ID, a fax machine, and an absence of morals are all that's needed to hijack any domain name. "

Yes, stealing a domain name from its rightful owners still appears to be child's play. A reader contacted me about his case involving the domain name DVDMovies.com. Several weeks ago Arnold Jones of Visionario Inc., a storage consulting firm and owner of dvdmovies.com, discovered that this domain had been transferred to someone else.

This person had sent in to Network Solutions, the registrar holding the registry of dvdmovies.com, a request by fax to change the e-mail contacts on the registration to a free yahoo.com address. Even though his identification information had been forged, including a copy of a fake Florida drivers license with Jones's work address on it, Network Solutions happily obliged and did not scrutinize the license.

Once the e-mail contact had been changed, the domain pirate simply sent a request to reset the password on the account, and he replied from the new address. Now that he had control over the account, he could transfer the registration to another registrar.

However, according to Jones' account, there were many other glaring red flags that should have alerted Network Solutions to a possible hijacking:

The fax requesting the e-mail change came from area code 530, in California, but all registrant information was for Florida.
The key administrative contact e-mail address was changed to a free, untraceable yahoo.com address.
The fake Florida drivers license lacked all the major characteristics of a legitimate Florida drivers license.

Jones required two weeks of time and effort before he got his domain back. If he was less sophisticated about these matters, it might have taken him much longer to take control of the domain. To compensate him for the two weeks of time and the lack of his domain, Network Solutions extended his registration by a year, a $35 value. Gosh, I hope he declares this on his taxes.…

http://www.eweek.com/article2/0,4149,1384450,00.asp
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)