Subscribe
Alert: More Stolen Domains
Submit to Digg.com!
September 3rd, 2007 by 
Jay Westerdal
High profile domains are being stolen and offered on the blackmarket today. The thief is trying to sell them for $300,000 and turn a quick buck. Beware not to buy them. BO.com, PU.com, JY.com, Showroom.com, and Samantha.com. If you are contacted by the person claiming to be the owner you will want to decline the purchase. James Barnes was on the record with his old email of jbarnes@rgare.com, his address was 17717 Blackwood Ct, Chesterfield, MO, 63005-4298, US. On August 31st his email was jbarnes@rgare.com. On September first his email address changed to jymbarnes@gmail.com. The next day, September 2nd, the address changed from Chesterfield, MO to New York, NY and the Registrar also changed from DomainDiscover to Register.com. This sets off warning bells because the domain was offered for sale right after a registrar change, an email change and an address change.
The person’s name on the whois never changed but everything else did. Curious. We contacted the previous whois contact information and the owner confirmed domains are stolen. Register.com should lock these domains and transfer them back to DomainDiscover if they are reading my blog.
We reported earlier on the Raven.com: The case of a stolen domain. Stealing domain names is a high reward, low risk crime. I have yet to see someone get arrested. Generally the domain is returned to the owner (sometimes).
Here are all the stolen domains:
To avoid having your domains stolen, make sure your name and all your contact information is correct on you whois record. Unless you own your own registrar you are in danger. We plan to implement a notes system on whois records in the future. We talked about this in the comments of the Raven.com post. It will be a system for members to communicate about a particular domain. We are still working on the check and balance system so that we can minimize abuse of the notes system. Paid members will have more ability to balance random comments we receive.
UPDATE: Here are some more stolen domains:
« Newer Post Older Post »
Posted in Stolen Domain |
September 3rd, 2007 at 12:51 pm
Man, that’s scary. It freaked me out and I just changed my passwords. I wish there was a way to lock domains from transferring unless I am physically present. I asked my current registrar and they charge per domain which would be very pricey for me. Jay my question to you is this, should I enable private registration on my domains to block my information or is it better to have it out in the open? Currently my information displays under a whois.
UPDATE BY JAY: I think proxy service makes it easier for a criminal. You have little proof you owned the domain once it is gone. Make your contact information completely open. It is harder to steal from someone if you know who they are. Most of the people detecting the thefts spot them because the whois changes. If there is privacy on the record no one will notice when your domain is stolen and by the time you do it may have moved registrars 3 or 4 times and hard to get back.
September 3rd, 2007 at 1:23 pm
WOW
he is too proo!!!!
September 3rd, 2007 at 2:05 pm
Isn’t there something that prohibits the domain from being transfered after a whois update? I know with Godaddy there is. If I make a whois change, it won’t let me transfer the domain for 60 days, I believe.
September 3rd, 2007 at 3:24 pm
Great that you are in a position to identify and comment on stolen domain names. I was unaware of the issue.
What I have not read here is how the thief is gaining access to password protected domain name accounts and what I might do to protect all of my $35 domain names? I am not my own registrar!
UPDATE BY JAY: The thief gained access by social engineering of the tech support at the registrar. They did not crack any passwords. Fake ID being faxed over is all it takes sometimes. Replacing the email address on the record and the job is done. If the new email address looks like what the owner would be using is very convincing. 99% of the time it really is the owner having his email address updated because he lost access to his old email address.
September 3rd, 2007 at 3:59 pm
The GoDaddy restriction has nothing to do with the registry nor ICANN … it’s simply a GoDaddy moneygrab - taking advantage of the ignorant who don’t realize there are better registrar choices, but I digress.
In regards to security … Jay is spot on … do NOT use whois privacy / proxy services. Transparancy is a good thing - more open one is, the less likely they will lose their domains; have an easier time recovering them.
For additional security, be sure the domain is truly locked … under the new EPP registry scheme, the status “locked” alone is meaningless … one needs to be sure “clientTransferProhibited” status is shown at the registry level.
EPP codes add another level of security, but only if one keeps their registrar account secured…
It’s best to *avoid* using free accounts and instead *use* a contracted email service on a domain name one owns (be sure that domain is locked and regged +5 years at all times) –or– at minimum one should use their primary ISP email address (not secondaries, since those can be too easily changed).
If one needs even more security, then consider using a monitoring service, such as DomainTools (hint, hint) or one of the numerous others; some registrars / drop-catcher places offer free monitoring of domains.
Ron
September 3rd, 2007 at 5:51 pm
I live in Chesterfield, MO….anything I can do to help?
September 3rd, 2007 at 8:18 pm
Add these to the list of recently stolen names in the past week:
Newspaper.com
Story.com (Owner got it back)
FastFood.com
Right.net
September 3rd, 2007 at 9:02 pm
The FBI should be looking into this. Considering the valuations of these domains, these are serious crimes. But they are usually years behind in responding to new varieties of electronic crime. And of course it’s not a priority these days.
September 4th, 2007 at 1:17 am
This happened to me. Several of my best domains were stolen but I managed to interrupt the process and retrieve them all. Tech Support at the registrars is the way the domain hacker gets in but they won’t admit to it.
The hacker actually slipped up and left a bold fingerprint through which I was able to work out who he is and where he is from. I contacted the FBI - guess what, they weren’t even interested so he stays free and we have to stay on alert.
September 4th, 2007 at 2:29 am
I agree on aboutus.org - so many of my domains appear to be owned by different people. Are they making a claim on it or is the automated system completely whack? Whatever the case, it’s yet another place that we have to keep a watch on and, in that respect, entirely unwelcome.
September 4th, 2007 at 8:04 am
I guess the Godaddy 60 day hold after registrar change could be useful. In my case it caused me to have to renew with them when I wanted to transfer. But changing your Registrant info every 60 days would give you cheap protection.
I have legally transfered domains for a number of clients, and if the domain is unlocked and you have access to the registrant email address then it’s very easy to get it done.
Interesting advice on the Private registration. While it would not show me as the registrant, it WOULD show the registar (or other service) and they would be in a position to help. I would think it would be in their interest if the domain was stolen on their watch.
How about publishing some numbers on what registrars are hosting the domains that are getting stolen?
And I’d like to hear more about ways to protect against this. I use the DomainTools monitoring and it’s great! I’m sure there are others as well, and those with valuable domains (unlike me) may want to use more than one service.
September 4th, 2007 at 8:11 am
I forgot to ask: When these domains are stolen, is the nameserver information also being changed or is it left as is?
If it is also being changed, then having a site monitoring service could alert you in as little as 5 minutes when the site is no longer at the domain, or if the site goes down for some reason. There are a number of services out there that offer this, and if you want save money with your own solution, check out the free software from Nagios. You can add a special code to a web page and tell to check for that. I think you could also set it up to monitor whois records as well if you didn’t overdo it.
September 4th, 2007 at 8:11 am
I really don’t know what’s more dangerous. A free email like gmail, or an hosted domain, that can be hacked and access it’s email…
Nuno Oliveira
CatalogDomains.com
September 4th, 2007 at 8:34 am
After I discovered that someone was using my website domain name for spamming, I disabled all my emails associated with my hosted website.
Nothing is truly free, as I have discovered.
Ms Domainer
September 4th, 2007 at 8:52 am
I think someone should start a domain insurance company. Domains are worth a lot of money and people would want to insure them. And, I’m sure it would be very profitable because I can’t imagine that many domains getting stolen.
September 4th, 2007 at 9:14 am
Tyler,
Insurance fraud would probably make such a venture iffy.
Ms Domainer
September 4th, 2007 at 9:22 am
Moniker.com has a high security option that doesn’t cost extra. They claim they have never had a domain stolen, the prices are competitive and have a great domain management interface.
September 4th, 2007 at 10:22 am
We offer the most complete security package you can get. The user defines the level of security in place on their account, no two accounts are treated the same.
September 8th, 2007 at 4:02 am
my stolen this domain too
http://whois.domaintools.com/myportafolio.com
thank heavens that is not premium
UPDATE BY JAY: I do not think that domain is stolen. It was registered just last month. You must have failed to pay the bill and someone registered it brand new. You can see the history:
Name Server History
Active-dns.com
Name-services.com
-none-
-none-
September 26th, 2007 at 1:32 pm
On one hand, you recommend no domain proxy service:
[quote]”UPDATE BY JAY: I think proxy service makes it easier for a criminal. You have little proof you owned the domain once it is gone. Make your contact information completely open.”[/quote]
On the other, you say that the thief gets access through faking ids:
“UPDATE BY JAY: The thief gained access by social engineering of the tech support at the registrar. They did not crack any passwords. Fake ID being faxed over is all it takes sometimes. Replacing the email address on the record and the job is done. If the new email address looks like what the owner would be using is very convincing.”
So isn’t it better to have your email camouflaged behind the registrar’s proxy service, so as to keep it from prying eyes wanting to fake it? No actual email means better protection, no?
UPDATE BY JAY: How hard is it to figure out your email? (Whois History, or emailing with you). Once your name is stolen how do you prove you had owned it?