DN Reg Security- How Safe Are Our Names?

[Grrilla]

Another horror story I just picked up from a Domain Usenet group. Might be a good idea to have an ongoing thread w/breaking news, info and stories on hijackings, scams and other security issues so members can look in and stay as current as possible onwhat seems to be an escalating problem.

My company has been the owner of the domain iu.com since 1995. Last month we had noticed attempts to steal the domain, so we had set the 'Do Not Transfer' flag on the domain at Network Solutions. Sometime in the next day (a Sunday), someone (supposedly from Beijing, China) managed to change the password to the account that oversaw the domain account. From there they changed the Network Solutions password, changed all the account and DNS information, reset the 'Do Not Transfer' flag, and transferred the domain to OnlineNIC.com -- all within an hour or two (so much for any safeguards at Network Solutions). We reported the theft to Network Solutions on Monday morning, however they claimed they could not do anything since they no longer had the domain. They marked the event as suspicious, and sent a report of the 'fraud' to OnlineNIC.com to assist with our attempts to regain control over the domain. A week latter the person responsible for the theft moved the domain to Enom.com.

Incidently, over past 2 months, there has been alot of suspicious traffic sniffing around my ports w/ source IP's emanating from Beijing.

 

[InteractAsia]

hmm looks very suspicious...have you tried contacting enom?

 

[Dave_Z]

Amazing how bastards such as those are able to hack inside accounts to be able to steal domains.

BTW, I'll be releasing a free report on such a subject. Keep you guys posted.

Take care of your domain names!

 

[Kodeking]

I really think its sad how people must resort to fraud and other illegal things just to make money. If you were that smart to be able to do that stuff, then why not get a job!

Like I dont understand why the people that are good at sneaking into places dont get a job with a securty agency or the army or something. use your talents for the good, not bad! And have a fun job that you enjoy!

 

[Grrilla]

I think that some people (including myself) have extreme difficulty w/ structure and some of the idiocies of corporate or governmental bureaucracy. It makes it difficult to find suitable work through many of the normal channels thus limiting one's options. That, along w/ the lure of making the big hit so that you can rise above these issues propells people into unlawful work, and usually turns them into scumbags. It's difficult, but not impossible, to find legitimate work w/ these tendencies.

 

[Darren]

Wow. Surprising report.

Sad, suspicious and interestting. Where did you get this article from, Grrilla?

I hope everything works out alright for the real owners of iu.com.

 

[Grrilla]

Found at usenet group alt.domain disputes
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&group=alt.domain-names.disputesalt.domain disputes

I Could be acting totally paranoid and over the top here, but sometimes wonder if at least some of this activity is being generated by software cos (or people associated w/ ) so that new and more security progs can be sold. Not saying that the lads from Beijing are in this category but do wonder about conspiracy possibilities.

 

[Terry]

The saddest part of this report was Network Solutions standard answer to the problem. They really have the most to loose in all of this, and that is what is left of their reputation. You would think they would drop the "We can't" attitude and get with a "Can do" attitude. Alas, the story of American Business since the 80's.

 

[Dave_Z]

Some friends of mine from there told me that Netsol can step in if someone sent a fraudulent fax & the domain's still there. Other than that, they can't & won't do much because of the burden of proof.

Wish someone can come up w/ something to resolve that.