- Impact
- 393
Hi folks,
I initially thought of posting this domain hijacking incident in the legal section. Then, I decided it's better here because: a) its author publicized the incident ever since, and b) it can be better read here for all.
You're about to find out why the title shortly. Needless to say, it's got a few interesting things to think about despite the story's lengthly narrative.
(Alas, it's from another forum I can't link to. Next best thing, its author permitted copying and pasting the story in its entirety, and I can give the links to the original narrative if requested.)
I hope this saga helps you in some way.
Latest update:
I initially thought of posting this domain hijacking incident in the legal section. Then, I decided it's better here because: a) its author publicized the incident ever since, and b) it can be better read here for all.
You're about to find out why the title shortly. Needless to say, it's got a few interesting things to think about despite the story's lengthly narrative.
(Alas, it's from another forum I can't link to. Next best thing, its author permitted copying and pasting the story in its entirety, and I can give the links to the original narrative if requested.)
I hope this saga helps you in some way.
My name is GoranZinic. Some of you know me as the owner of Indigitalworks.com.
On February 22nd, I became a victim of huge Internet fraud, which I would like to share with you.
Domain name IndigitalWorks.com and entire website have been hijacked and transferred by a scammer.
Indigitalworks.com is currently under control of scammer, who managed to transfer everything, including the domain and all the content.
His name is Ahmad Rashid Mohammed, based on the current IndigitalWorks.com WHOIS.
On the first day of the fraud, InDigitalWorks was redirected to 7plr.com, so they are probably involved too.
I have contacted Onlinenic.com (my registrar) but they were very uncooperative and unwilling to help.
In the last few months my Gmail has been hacked several times. After the domain has been transferred I found out that all my online accounts have been hijacked... Twitter, Facebook, Hosting and many others, including Onlinenic.com.
Onlinenic checked the log files and said that domain has been transferred from IP 65.49.14.89, which wasn't my IP. This didn’t solve anything... even if Onlinenic account has been hijacked, they can’t do anything (or don't want to). They refuse to investigate any further or offer any kind of help. Onlinenic is great when you need to buy a domain and send them money, but when you have a problem, they don’t want to listen. If you care about your business, you should AVOID ONLINENIC. Hope this post will urge you to protect your own domains and your business.
After I asked them about the details of the person who owns the domain now, I received the following answer:
“Regarding the information you're asking for, you can refer to http://who.is/whois/indigitalworks.com/“
And that’s all… The Whois to which they referred has incomplete information, which is in direct violations to ICANN policies. Not just they refuse to help, but they don’t want to tell the information of the domain name owner. Although OnlineNIC is under ICANN, they don't follow their policies. Be aware of this if you’re using, or planning to use their services.
Since they refuse to investigate such obvious fraud, I have no other choice but to suspect that Onlinenic.com, or some of their employees, could be involved in this act of unauthorized domain transfer.
I have contacted some lawyers in Dubai, the country where the hacker is from, based on the WHOIS information and come to the conclusion that I will need to hire a private investigator first to see if this person even exists, before taking any legal steps.
Does anyone have any suggestions? I and a team of many dedicated freelancers have worked very hard over the past five years to build this site. Without them IndigitalWorks.com would never have succeeded. We’re all working hard on creating a new site, but all our efforts were wiped out in one day.
I know there are warriors here who have lots of knowledge about Internet thieves, and I hope that some of you can help.
Thank you,
Goran
P.S. I also hope that my situation will help you to better protect your business before it’s too late.
---------------------------------------------------
UPDATE:
I apologize to all InDigitalWorks members for not warning them on time about this issue. Scammer has deleted our members database, right after he transferred a domain...
New website is finally setup and we’ve managed to restore the database. Due to huge number of products, it took little longer than we thought. We will continue to do business like nothing happened (although it will be hard). Website will be updated with new products every day, same as it was indigitalworks.com.
Until we resolve this issue our new temporarily URL is www.idplr.com.
Latest update:
I have an important update regarding the theft and recovery of IndigitalWorks.com – the domain name and online business worth over $100.000, which was stolen from me in February 2012, has not yet been returned - but I have critical information to its recovery that anyone doing business online will want to know (if you don't know the story behind IndigitalWorks.com domain, you can read it here on the WF post I made shortly after the domain was stolen).
After my domain was stolen, I started a court case in the US. Through the court order, I have found out the thieves IP addresses. They were all from Middle East, mostly from Amman, Jordan, so I decided to travel there and report this matter directly to their police.
They took this case very seriously. Only 2 days after submitting IP addresses and all the evidence, which I collected over the past year, they arrested one of the thieves and he confessed to everything. He is now facing many criminal charges. His brother is currently a fugitive in Saudi Arabia.
This news was published in one of the popular Jordanian daily newspapers. Here's the Google translated version of the article.
It seems they're specialized in these kind of crimes, because IndigitalWorks.com is not the only domain which was stolen. They have also stolen clicknewz.com, owned by Lynn Terry and plrassassin.com from Owen Smith. Both of which I believe have recovered their domains through their registrars.
Lynn Terry didn't even know her domain was stolen because they left her DNS unchanged. I found out the connection between her domain and the thieves by doing an online investigation about them. Her WHOIS was showing an email of one of the thieves, and she was quite shocked after I contacted her. I believe she managed to recover her domain since her website is still active. I sent her an email asking about the status of her domain, but she hasn't replied as of yet.
In my case, the thieves have created a false sales agreement where they claimed that they bought my domain, so this made things more complicated and I wasn't able to recover it so far till this day. I'm currently waiting for the decision of the US court.
I believe there are more people who have had their domains stolen by the same group of thieves.
If you know of anyone, please refer them to this post. They can contact me for more information or even join in this case, if we found that the same group is involved.
Why do I refuse to give up this domain and business?
First, its important you understand just how much IndigitalWorks.com means to me. This was my first online business which I started from my home about 5 years ago. At the time when it was stolen, the website had 24,000 members and it was the most popular PLR membership on the internet.
Being from Croatia, it was very hard for me to build an online business from scratch targeting English speaking visitors. I didn't know English very well and I had to outsource everything, especially content creation. With the income from my daily job I had in Croatia, which is 10x lower than in the US, it was very expensive for me to outsource. But little by little, sacrificing sleep and working mostly at night, I managed to achieve some earnings.
Over a period of almost 4 years, I re-invested nearly every dime, keeping very little for myself. I did not live any type of abundant lifestyle, and even had several troubles with internet connection being unable to get online for days at a time.
I was living in a small house near the town called Glina in Croatia. You can see it on Google here. The town and the surrounding area had only 10,000 people. The whole area is very poor and was devastated since it was under occupation during the Croatian-Serbian war.
After starting a business I had one goal - to make it profitable enough so that I can quit my day job and move with my girlfriend to a better place. I achieved my goal about 30 months after starting it.
At the time when IndigitalWorks.com was stolen, I was living in a nice apartment in Croatia's main city Zagreb. I had 7 employees, mostly freelancers, along with my sister who does graphic design and is responsible for many minisite, ebook and squeeze page designs... There's a quality squeeze pages package which she created, and as my thank you for your support you can download it free here.
I also had an office where we went every day to work in a quiet environment.
Although IndigitalWorks.com wasn't the only site I had, it was the most profitable one. After my domain was stolen, I lost most of my income. I had to cancel the product creation as well as future projects with the freelancers. I had to close my office. My sister had to find another job.
Through all the heartache and discouragement of losing my business, I decided to start a legal battle.
While thinking about starting a court case, I didn't think finding an attorney who was interested to take it on would be a huge issue. After contacting many attorneys in the US, I came to realize I was mistaken.
Although I was looking specifically for the ones who specialized in cyber crime, after explaining the situation, they all refused to take the case. I was from Croatia, thieves are from the Middle East, domain registrar is in China... it was too much for them. I even paid some of them for consultations, only to find out they didn't know what to do or where to start.
Despite all of that, I didn't want to give up.
So I continued to contact various lawyers and finally I found an attorney, Mr. Domingo J. Rivera, who accepted the case.
But I had another major problem facing me...
My savings weren't enough to cover the expensive US court case, so I had to borrow the money. Although many people suggested that it wasn't a good idea, I didn't want to give up so easily and leave the business which I was building for 4 years just like that. So I borrowed the money and hired him to represent me.
Through the legal process which we started in the US, we were able to get a court order for Google, Yahoo, Microsoft, Onlinenic, PayPal, a few forums as well as some hosting companies to reveal the information of all accounts related to the thieves. There was also a computer forensics company who did a full investigation of my server, uncovering solid evidence of various illegal activities performed by the same team of scammers... hacking, spamming and attacking other servers are just a few of them.
As I already said at the beginning, after finding out thieves IP addresses through the US court, I decided to travel to Jordan and report this matter directly to their police.
Knowing how hard it was to find an attorney in the US, I didn't even try to find an attorney in Jordan. I just collected all the evidence and took a flight there. Upon arriving at my hotel, I decided to contact a few attorneys.. who knows, maybe I'll have some luck.
I did have.
Although it was very late in the evening, one of the lawyers, Mr. Ziad Maraqa, answered my email right away. He offered a free consultation first thing in the morning, so I accepted. He was educated in the UK and was working with some international organizations like Creative Commons for the Middle East, so it wasn't hard to explain everything. He knew what to do and how to proceed with the case.
The next day we went to the police which lead to the thieves arrest.
Based on Jordanian cyber law, they did 8 out of 10 cyber crime acts and 3 serious "offline" charges consisting of fraud, stealing, and creating false agreements. By Jordanian law, each of these charges is up to 15 years in jail, and not less than 3.
Although the one thief confessed to everything, including the information that he's the owner of [email protected] - an email which is the current owner of IndigitalWorks.com - they still didn't want to return my domain. But this doesn't matter because after we submit all the documents from the Jordanian court to the US court, we believe the US court will make a default decision and return the domain.
Returning the domain before the court could be a mitigating circumstance for them, but for unknown reasons they don't want to do this. The domain has been inactive for the last 13 months, so a few more months won't make a difference.
Since the Jordanian court doesn't have much IT knowledge (their cyber crime law only exists from 2010 and this was their first cyber case), I would probably be nowhere without the help of my Jordanian lawyer and friend Ziad Maraqa, who, besides being a great lawyer, also has a lot of IT knowledge.
Because of its popularity, a lot of people are still searching for IndigitalWorks.com. Although the rankings of the domain are completely ruined and the current value is questionable, it has a sentimental value to me since it was my first internet business.
Currently the IndigitalWorks.com domain is still on hold status until the ownership decision is reached from the US court. In the meantime, I continue to run a PLR membership on IDplr.com domain.
In closing, I would also like to say thanks to the following IndigitalWorks.com and/or WF members who helped me either with support, information or some other way: Charles Q., Nicole D., Greg D., Felix A., Rob, Colin T., Jim D., Peter J.v.R., Andreea P. and her team., Suzana G., Timothy H. and others.
Sorry for the long post and thanks again for all your support!
