Subscribe
Raven.com: The case of a stolen domain
August 30th, 2007 by 
Jay Westerdal
Domain Theft is a crime that is hard for a police officer to understand and equally as hard to doing anything about. This high tech crime can span international boundaries and go undetected until months after it has happened. By the time the victim realizes it the real thief is no where to be found. The new owner of the domain name may have thought they were getting a really good deal but will soon understand why the price was so low. The thief steals the domain and prices the domain low enough so that any domainer that understands the value of that domain would appear stupid if they didn’t buy the domain at that price.
This is the case of Raven.com. A man named Don Teske in Minneapolis started a company called Raven Computer Systems and in 1992 he registered the generic domain name, Raven.com. Several years went by and everything was fine for Raven Computer Systems. Don eventually died in October 3, 2005. That would seem like a pretty normal story if the story was to end at this point. However the story doesn’t end there. The widow of Mr. Teske had her email address at the domain and used it daily. One day her email stopped working and an IT person who was problem solving it for her let her know that she no longer controlled the domain. The domain was originally set to expire in 2008. So the obvious answer would have been that the domain had expired and she failed to pay the bill. This was not the case. She was clearly within her ownership window and didn’t need to renew the domain for another year.
This June the whois changed at Network Solutions. The dead man’s email address changed from dwt@Raven.com to “Kushaiah Gostowski<don_teske@yahoo.com>”. A new guy was on the record and his email address said, Don Teske at Yahoo.com. Someone had tricked Network Solutions to change the whois record. Kushaiah was now the person controlling the domain, Kushaiah quickly used his new ownership status to transfer the domain away from Network Solutions before Network Solutions could figure out they had been tricked. Domain theft 101, once you gain control of the domain, move it away from the current registrar.
The domain was moved to DirectNic 7 days later, with the fake address now listed on the whois record as 123 Main St. Fresno, CA 94205. The address changed again to the new fake address of One Wilshire Blvd, Los angeles, CA 90010 and was listed for sale on Sedo. Mark Colton with the email address of ravenheadinc@gmail.com then profited $3,500 from the sale on July 3rd 2007. The winner of the Sedo auction is unknown because they transfered the domain to GoDaddy on July 12th and hid behind a proxy service of GoDaddy. Did the thief launder the domain and make it look like it was sold to someone? Or did someone truly buy the domain for $3,500. The reason this theft was spotted was because the domain Raven.com should be worth $75,000 to $200,000. The quick sale at Sedo makes it look like the theft got quick cash for the domain or it was a fake transaction. But why did the domain go up for sale on eBay after the move to GoDaddy. Yes, it was once again listed for sale however this time no one bid.
Resolution. There currently isn’t one. The domain remains at GoDaddy in a hidden ownership state. Directnic and GoDaddy both have the email addresses and payment information of the people involved with the transaction. Something must be done and more information is needed on this case. I would like to see Mrs. Teske with her domain back as quickly as possible. I am shocked that it has taken this long and I still see no progress.
I am considering setting up a public note system on whois records at DomainTools. It would allow anyone to post a note about a domain. Checking the Title on a domain is very important before a sale, the history records we keep are some of the only public documents that allow people to track down crime. Buying a stolen domains is easy if there are no historical whois records. I wish we could do more to help and I am brainstorming ways right now.
« Newer Post Older Post »
Posted in Stolen Domain |
August 31st, 2007 at 2:32 am
Where’s ICANN?
Another example of their uselessness.
It shouldn’t be up to DomainTools to protect and police the integrity of the domain name system.
Someone please tell me why all domain owners are paying a levy to keep ICANN in business? I don’t think it’s just to continue to fund their lavish travel budget and other perks.
August 31st, 2007 at 6:04 am
A good question would be where was Netsol’s security measures, they should have had checks and balances in place to prevent the change to the whois record. The domain should never have been able to be transferred away in the first place. It goes to show that you cannot put a value on a good registrar with knowledgeable staff and proper security checks. Netsol failed to provide basic registrar services in this case.
August 31st, 2007 at 8:30 am
File and send a subpoena… We need to start going after these people. I am sure nothing will happen, and widow Teske will just get an AOL account…
http://domainsbyproxy.com/popup/subpoenapolicies.aspx
August 31st, 2007 at 8:47 am
Jay, Your whois history records are an invaluable resource for identifying what names may gave been stolen or laundered. I have spent many hours researching the past history of some names which I’m absolutely convinced were stolen. The problem remains: Nobody seems to care, not the registrars, not even the past owners in some cases.
I’m glad to see you are thinking about possible solutions to this problem. Still, I’m not convinced a public note system is the answer, because it could be abused or simply misused by people who simply THINK a name was stolen (e.g. someone who lost their domain through a drop could claim the new owners stole it. We see that happen all the time now). Such claims are recognizably false (to someone in the domain industry) but that’s not necessarily the case for a less-seasoned end user just looking to buy a domain name and steer clear of any controversy.
I’m not saying a public note system isn’t a good idea, but there would need to be some checks and balances to avoid bogus claims. I’m sure you’ve thought of this already b/c you’re a smart guy
Either way, keep up the work, Inspector!
UPDATE BY JAY: Yes, you are correct, that is why it is not easy to implement just yet. The check and balance situation would be difficult. Do-able, but difficult.
August 31st, 2007 at 12:55 pm
Limit note posting to paid members only…
And furthermore deduct credits from a user’s account over a certain number of notes per month to reduce potential for abuse - also it will encourage people to prioritize what domains they choose to post notes on.
Ron
UPDATE BY JAY: How about posting notes for everyone that is logged in, but paid members can challenge notes or deleted unauthentic notes. Members are allowed to add creditability to a note and vote against burying a note or even banning a poster and all their notes they have done.
August 31st, 2007 at 3:37 pm
Good job reporting on this.
September 2nd, 2007 at 5:41 pm
Go Daddy? Good luck getting them to do anything. I do not like go daddy at all.
September 3rd, 2007 at 3:33 pm
All good and dandy but don’t go on playing vigilante. We have one such place of disgrace, Aboutus.org, where public data can be manipulated. Public data was not meant to be a wiki, editable by all.
September 14th, 2007 at 9:35 am
Hi all just dropped this in from a emagazine EWEEK i get was an article about Senate Patent reform http://www.eweek.com/article2/0,1895,2180752,00.asp
wasnt sure where else to post this.since this is most recent thread.On this topic I say that it is odd to change registrars like changing socks possibly make Domain sales to be flagged if they change more than once in too short a period to protect all involved to stop the Hit and Run thefts…Jay how about a Interesting Items Members Postit board for new interesting info we find if there isnt one,forgive me if iv missed it and there is one already.
October 4th, 2007 at 5:07 pm
Hello,
I want to report the same problem. Someone has stolen my domain. I bought my domain 4 years ago, and I have done the renovation every year. In fact, my domain expires on June 2008, but some days ago it was extrangely resold, it is exactly the same case.
I thought that ICANN and registers were serious organizations, but they tax FOR ANYTHING, they don´t protect the legitimate owners nor the security of registered domains.
November 12th, 2007 at 5:35 pm
Godaddy.com aids and abets the theft of valuable domain
Bye bye http://www.3pd.biz it was nice owning you!
There’s no shortage of scams on the internet. We have all heard about Nigerian 419 fee in advance scams, phony lotteries, identity theft, phishing, and now pulling up from the rear, domain hijacking aided by weak counterintuitive security measures by registrars like Godaddy.
Like any other crime, unless it directly affects you, a colleague, or a loved one, theft only happens to the other guy. In modern society we have acclimated to taking precautions to protect our loved ones, our homes, and our possessions spending billions on security and insurance. We’re all taught early in life to lock the doors and windows and not to open the door to strangers.
After all this indoctrination and preparation for the imperfect world we share, one would assume that these simple yet effective common sense principles would also apply to the world of protecting valuable assets like internet domains at Godaddy.com the world’s largest domain registrar. ]
In case you are not familiar with Godaddy they are the company that airs the boorish and unoriginal Super bowl commercials targeting puberty bound adolescent males with a busty semi-attractive brunette (inappropriate term) that only a certain recent ex-president could desire.
Godaddy generates its share of negative press regarding the mishandling and questionable acquisitions of other’s domains but I have an experience to share that should make anyone with a website or a domain in the waiting to take notice and seriously consider if they should trust Godaddy with their property.
It’s no secret that Godaddy’s domain and site hosting services are less than stellar. Their site is a spam laden kludge of half finished partially functional user modules that even their own support staff can’t navigate or recommend using. There is so much emphasis on up selling and hyping gimmicky add-ons you feel like you are speeding down the Las Vegas strip on acid.
Aside from the cheesy half-baked Godaddy user interface there is a much larger problem at Godaddy that should scare the hell out of anyone with domains in their care. My company currently has nearly 500 domains with Godaddy and aside from the inferior user interface and hit and miss customer support, we were at least happy with the pricing.
On November 5th I received an email from Godaddy indicating that I cancelled a domain. (Of course we did not cancel our own domain, someone else did)
Within seconds another email arrived again from Godaddy stating that our domain was transferred!
This all occurred without any involvement on our part. Apparently someone was able to break into our account and grab one of our most valuable domain names without any problems.
Godaddy, without any common sense verification procedures or theft protection measures just gave the domain away as if it was business as usual. No checks, no balances, no confirmations, just a non-secure open door into our cyber vault!
Distraught and panic stricken I was was looking for any indication that this was a simple error at Godaddy and I discovered a line on the transfer email stating “If for any reason this information is incorrect or you feel this change of registrant request was made in error, please contact us within 15 days at mailto:undo@godaddy.com.
A sigh of relief came over me and I quickly contacted the email link provided. I was on my way to getting our stolen domain back! Let’s hear it for Godaddy and a little common sense!
Well not so fast. They said it was our fault! Well, they were right in the sense that it was our fault to do business with such a schlock firm but I digress.
Oh but wait there’s still hope. I can contact the Godaddy “Change” department and change the transfer! Hope restored and surely they will fix this right!?
Well not exactly. They too said it was our fault because someone was able to get into our account.
I would accept this premise if I didn’t have over 10 years experience in the acquisition and management of internet domains and did not have the latest and best in spyware, anti-virus, keylogger, and phishing protection by Avira, AVG, Adaware, Spycop, and others.
Godaddy could have very easily without any effort, just reversed their error but there is no incentive to since the culprit registered my, well his now, domain with guess who?
GODADDY of course!
Godaddy, without any common sense security measures or firewall-like protection just gave the domain away as if it was business as usual. No checks, no balances, no confirmations, just a non-secure open door into our cyber vault!
I even explained to the less than intelligent “customer service” rep that all they had to do was look at their server logs and check the I.P. address of the thief and that would prove my point. The real evidence however was in the new WHOIS registration that had to be filed by the thief. The names and address locations were all faked and the most glaring evidence was the phone number. It was the world’s first 6 digit phone number! But all this didn’t raise a single eye brow with sharp minds at godaddy.
Here’s what you have to look forward to when you become a Godaddy domain theft victim. To recover our domain that was stolen as a result of Godaddy’s failure to provide even the most basic common sense checks and balances protocols to intercept fraudulent cancelations and transfers, we will have to go to the WIPO in Switzerland!
We will have to hire a legal firm that specializes in WIPO/ICANN law and pay them $400.00 to draft a cease and desist letter and then pay $1,500.00 to ICANN to empanel a few impartial arbitrators to render an opinion!
All Godaddy had to do was send a simple
automated email to the official email address
on record, asking if we were sure that we
wanted to cancel and transfer our domain.
Doing business with the company more interested in their next Super bowl model than basic security for their client’s assets, will cost us upwards of $10,000.00 to recover a nine dollar domain!
This coming Super bowl I will be watching out for the next Godaddy bouncing bimbo wondering if the guy that stole our domain is watching too, thanking Bob Parsons for making him and all the other lowlifes that hacked Godaddy accounts so much easy money.
If you have any domains at godaddy transfer them at once to a reputable registrar before you end up where I am today wondering where the fairness is in this bizarre situation.
February 16th, 2008 at 3:03 pm
Recently there has been a rash of LLLL.com thefts. Domain Names with only four letters.
Please report all GoDaddy stolen domain names here: http://forums.digitalpoint.com/showthread.php?p=6560752#post6560752
We are keeping a list and being sure that it is indexed by Google and all the other major SE’s.
I appreciate all the help, lets prevent this theif from being able to sell the stolen property.
April 7th, 2008 at 1:02 pm
I had two domains stolen at GoDaddy.
http://www.8bp.com
http://www.SOSU.com
GoDaddy will do nothing to help!