domains Hacker stole Maltese company’s domain and tried selling it for €70,000 ($81.5K)

[Lox]

On Thursday 24-year old was accused of stealing the domain from a Maltese company that cannot be named by court order.

read more

 

[katerleonid]

I wonder how they used those two emails to steal the domain. Didn’t the owner have 2FA enabled?

Or did they access the owner’s email and request a password reset from the domain registrar?

 

[Lox]

I wonder how they used those two emails to steal the domain. Didn’t the owner have 2FA enabled?

Or did they access the owner’s email and request a password reset from the domain registrar?

Guessing ...
using a very powerful computer, Flipper 0 + dark web firmware , clones wifi, ____else, gains remote access, open browser, type url, auto-fill login, ....

 

[katerleonid]

Guessing ...
using a very powerful computer, Flipper 0 + dark web firmware , clones wifi, ____else, gains remote access, open browser, type url, auto-fill login, ....

Even with that, if he auto-logs in, how does he get past 2FA? (He probably can, but it’s much easier if the owner doesn’t have it enabled.)

 

[Future Sensors]

how does he get past 2FA?

The registrant may see and 2FA-approve something different than what's being done maliciously in the background.

I'm not saying this is what happened here, but just wanted to provide this insight.

 

[Lox]

Even with that, if he auto-logs in, how does he get past 2FA? (He probably can, but it’s much easier if the owner doesn’t have it enabled.)

2FA prompt bombing, intercepting the SMS /phone signal (SMS MFA is not phishing-resistant)

 

[alcy]

dumbass lamer
lol

 

[katerleonid]

2FA prompt bombing, intercepting the SMS /phone signal (SMS MFA is not phishing-resistant)

Although Google offers Sms 2FA, I always use Google Authenticator with auto-generated codes. I believe an attacker could get past those too, possibly by reading screen data or hacking the phone.

At NameSilo we also have Defender, any changes (like email, DNS, transfer etc) require answering five security questions. I don’t believe that can be hacked.

 

[Lox]

Although Google offers Sms 2FA, I always use Google Authenticator with auto-generated codes. I believe an attacker could get past those too, possibly by reading screen data or hacking the phone.

At NameSilo we also have Defender, any changes (like email, DNS, transfer etc) require answering five security questions. I don’t believe that can be hacked.

Ppl can't quit habit of writing their login details (incl. security questions) in a notepad, word, phone notes or online @ ridiculous places - sometimes so easy to discover by bots

 

[katerleonid]

From what I’ve heard, some people even shared passwords in GPT chats and then shared them online afterward (since some chats are public). Not to mention API keys from domain name providers.

Ppl can't quit habit of writing their login details (incl. security questions) in a notepad, word, phone notes or online @ ridiculous places - sometimes so easy to discover by bots

 

[Lox]

From what I’ve heard, some people even shared passwords in GPT chats and then shared them online afterward (since some chats are public). Not to mention API keys from domain name providers.

And ... if something goes south .... they'll put the blame on registrar

 

[katerleonid]

And ... if something goes south .... they'll put the blame on registrar

Unfortunately, yes.

This is similar to clients forgetting to renew or not having auto-renewal and/or a valid credit card, then wanting the domain name back.

 

[Lox]

Unfortunately, yes.

This is similar to clients forgetting to renew or not having auto-renewal and/or a valid credit card, then wanting the domain name back.

Force (checkout renewal alert recommendation) them to use & pay for at least 4 SMS reminders - 30, 14, 7 & D-day . 4 SMSs is not expensive.

 

[Gabriel360]

Some judgements are just STUPID.

They are letting the hacker go free with a suspended sentence and a fine of just $10K.

Meanwhile, the hacking set up described in the article suggests that the $10K is not going to be a problem for him.

The victims this time had the advantage of being in the same country as the hacker. So they were able to act swiftly and in tandem with local authority. His next victims may NOT have that advantage.

That's why CRIMINALS should be jailed.
Not granted sweetheart deals.

 

[bhartzer]

As someone who's recovered over 500 stolen domain names in the past few years, I can tell you that there are literally dozens of ways people steal domains. I don't think it was revealed which domains and which registrar(s) were involved in this case.

2FA is easily disabled, depending on the registrar, BTW. The "2fa" could have been the sending of an email with a code, and if the hacker had access to the email, then they had easy access.

 

[bhartzer]

Some judgements are just STUPID.

They are letting the hacker go free with a suspended sentence and a fine of just $10K.

Meanwhile, the hacking set up described in the article suggests that the $10K is not going to be a problem for him.

The victims this time had the advantage of being in the same country as the hacker. So they were able to act swiftly and in tandem with local authority. His next victims may NOT have that advantage.

That's why CRIMINALS should be jailed.
Not granted sweetheart deals.

Yes, that's true, but even in cases where the domain owner KNOWS WHO STOLE THE DOMAIN, and the domain is at the same registrar, in the same country (USA for example), we still have issues with domain thieves not being prosecuted. Let alone getting the domain back to the owner.

I have dealt with cases where we know the domain thief, we even have his phone number and have talked with him on the phone. Domain owner filed a police report--thief doesn't think they'll be prosecuted so they just keep the domains, insisting on thousands to "give the domains back".