دعوة إلى نقاش فنّي حول ما يحدث لموقعنا الحبيب Sudaneseonline.com

Domain Theft is a crime that is hard for a police officer to understand and equally as hard to doing anything about. This high tech crime can span international boundaries and go undetected until months after it has happened. By the time the victim realizes it the real thief is no where to be found. The new owner of the domain name may have thought they were getting a really good deal but will soon understand why the price was so low. The thief steals the domain and prices the domain low enough so that any domainer that understands the value of that domain would appear stupid if they didn’t buy the domain at that price.

This is the case of Raven.com. A man named Don Teske in Minneapolis started a company called Raven Computer Systems and in 1992 he registered the generic domain name, Raven.com. Several years went by and everything was fine for Raven Computer Systems. Don eventually died in October 3, 2005. That would seem like a pretty normal story if the story was to end at this point. However the story doesn’t end there. The widow of Mr. Teske had her email address at the domain and used it daily. One day her email stopped working and an IT person who was problem solving it for her let her know that she no longer controlled the domain. The domain was originally set to expire in 2008. So the obvious answer would have been that the domain had expired and she failed to pay the bill. This was not the case. She was clearly within her ownership window and didn’t need to renew the domain for another year.

This June the whois changed at Network Solutions. The dead man’s email address changed from [email protected] to “Kushaiah Gostowski”. A new guy was on the record and his email address said, Don Teske at Yahoo.com. Someone had tricked Network Solutions to change the whois record. Kushaiah was now the person controlling the domain, Kushaiah quickly used his new ownership status to transfer the domain away from Network Solutions before Network Solutions could figure out they had been tricked. Domain theft 101, once you gain control of the domain, move it away from the current registrar.

The domain was moved to DirectNic 7 days later, with the fake address now listed on the whois record as 123 Main St. Fresno, CA 94205. The address changed again to the new fake address of One Wilshire Blvd, Los angeles, CA 90010 and was listed for sale on Sedo. Mark Colton with the email address of [email protected] then profited $3,500 from the sale on July 3rd 2007. The winner of the Sedo auction is unknown because they transfered the domain to GoDaddy on July 12th and hid behind a proxy service of GoDaddy. Did the thief launder the domain and make it look like it was sold to someone? Or did someone truly buy the domain for $3,500. The reason this theft was spotted was because the domain Raven.com should be worth $75,000 to $200,000. The quick sale at Sedo makes it look like the theft got quick cash for the domain or it was a fake transaction. But why did the domain go up for sale on eBay after the move to GoDaddy. Yes, it was once again listed for sale however this time no one bid.

Resolution. There currently isn’t one. The domain remains at GoDaddy in a hidden ownership state. Directnic and GoDaddy both have the email addresses and payment information of the people involved with the transaction. Something must be done and more information is needed on this case. I would like to see Mrs. Teske with her domain back as quickly as possible. I am shocked that it has taken this long and I still see no progress.

I am considering setting up a public note system on whois records at DomainTools. It would allow anyone to post a note about a domain. Checking the Title on a domain is very important before a sale, the history records we keep are some of the only public documents that allow people to track down crime. Buying a stolen domains is easy if there are no historical whois records. I wish we could do more to help and I am brainstorming ways right now.

How to recover a stolen domain namet

This happened to many sites, and recently to the webrankinfo.com forum for webmasters (Alexa rank 2300). The regulars on board were surprised to see a parking page displayed rather that the website. The domains was suddenly moved from the original registrar to Godaddy!

How to have its domain name hijacked

The technique is to crack the password for the email address of the administrative contact. It is simplified if this e-mail is a Gmail or Hotmail or similar account.
The hacker installed a filter based on the words "domain", "DNS". When mail containing these words were received they weres redirected to another e-mail address, perhaps temporarily, so that the legitimate owner is not aware of the messages that pass on the account.

Then the hacker requested a change of registrar. It seems that Godaddy is preferred by hackers probably because it allows for free accounts (no payment, no identity). Note that only the registrar and DNS was changed and not the owner, in this case a payment is made and the identify of the perpetrator of the abuse unveiled.

The hacker, as evidenced by exchanging messages with a victim, suggests him that he could recover control over domain only after a lengthy judicial process and ask him a few hundred dollars for the domain returned to it. We will see farther than paying money to the thief is not only immoral but unnecessary.

How not to have a domain name stolen

Unless the hacker have chosen your email by chance, the task is made more difficult if the contact emails are hidden in the whois.

We must also avoid to use for contacts e-mail accounts which offer an opportunity to redirect emails according to a filter, to another e-mail account, as happened in this case. Verify in the panel of the account.

Avoid also to use as a contact, an email address displayed on the site or easy to guess, such as the name of the site associated with the name of the service as [email protected] or [email protected].

We must never to stay connected on an e-mail account and load a Web page. This rule applies more generally to any service that requires a login and a password.

Do not install the GreaseMonkey plug-in for Firefox which allows scripts to run directly in the browser.

The use of webmail (managed on the server) could facilitate piracy. The use of software such as Thunderbird in secure mode (SSH) would be more secure.

You can also use a POP account that is offered by most hosts and registrars for contacts.

How to recover a hijacked domain

As David Airey shows, it may take a few days, but it is quite possible to recover control on a domain which is hijacked while you remain the owner.

Sign up on the registrar which now holds the domain, Godaddy in our example (you could be liable for the account).
Download and fill out a paper form Undo of Change. Sign the form.
Make a copy of your identity card or driving licence.
Scan and send them as attachments via e-mail.
This document allows to cancel the transfer of registrar if it is under way, or to give control on the domain otherwise. Note that it will take longer if the transfer is complete rather than under way.

If the cracker has managed to become owner of the domain, a procedure with ICANN will be necessary, it is longer.

How to recover a stolen email account

This is made by a claim to the host, but more easily by taking certain precautions. On a sheet of paper, note the following information:

The date of the creation of the account.
The addresses of your most important correspondents.
The personal labels created on your account.
The similar information on your other accounts with the same organization.
And if your account is on Gmail, be sure to check often the IP address in footnote, which should always be yours: change the password otherwise.

More

Hijacking. Avoid consulting webpages while a connection to an email account is still open. This is not only for Gmail, in 2003, researchers claimed that 8,000 Hotmail accounts were pirated per day.