Major Domain Hijacking Alert: Industry Pioneer Warren Weitzman Has Over a Dozen Domains Stolen From his Enom Account
Here is Warren’s comment this morning:
“From: Warren <[email protected]>
To: Monte Cahn
Sent: Wed Jul 22 03:26:24 2009
Subject: article
Monte,
I should have moved all of my names to moniker when you told me to.
sheesh .. did you see the article: Domain Name Journal - The Lowdown from DNJournal.com
I’m going to move them .. problem is funds. If there’s a way to move them, I’ll do it.
Again, I should have listened to you. Enom is really lame when it comes to tech support and security.
Hope all is well.
Warren”
The above referenced article:
Warren Weitzman's worst nightmare has just come true. Weitzman has been in the domain game since 1994 and oldtimers in the industry know him as one of the pioneers in the business. Weitzman is a quiet guy who has never been interested in the spotlight, but as the victim of a major domain hijacking he is speaking up now with the hope that the publicity will lead to the return of his domains and prevent problems for others who might unknowingly buy the stolen names and lose their investment. Weitzman is also trying to find out how the theft happened and he believes the break-in could have occurred as high as the registry level at Verisign.
Weitzman first learned something was wrong on Thursday when Rick Waters, who is developing Adios.com for Weitzman's company, called to tell him that suddenly Adios.com had stopped resolving at the assigned DNS. "I immediately went into my account at Enom and saw that Adios.com was there, still locked, with the same normal email for me, and everything appeared to be fine," Weitzman said. "But when I did a WhoIs lookup at DomainTools it showed a ‘John Thalacker’ as the registrant, 000domains as the registrar, and fastpark.net as the dns and lander, plus a phone number that didn’t work." (Editor's note: John Thalacker is a veteran domainer whose name was apparently picked at random by the thief for the false WhoIs info on this domain. So John is also being victimized by the criminal).
"I immediately called Enom, emailed them transfer- disputes and inquired how the domain could be in my account while showing another owner in the public record simultaneously. I alerted everyone I knew, but no one could understand how this could happen,' Weitzman said.
"After contacting Enom, we learned that all of the domains were still locked but Adios.com was no longer in Enom's database. It had been transferred out. How could this happen without a notifying email, EPP, without a hack at the Verisign level or some kind of cooperation from Enom? We also found that other domains had been transferred out to the same DNS (fastpark.net) and those names now showed various registrant information (mostly privacy WhoIs)," Weitzman said.
Weitzman said the initial list of names taken from two different accounts he has at Enom includes these domains:
Sou.com
Tysons.com
Speel.com
Procredito.com
Stickum.com
Nansi.com
Circut.com
Airwatch.com
Adios.com
Boxheads.com
Twiller.com
Greatglasses.com
"All of these names showed in Enom’s transfer-out report as moving over the last 2 weeks, Sou.com being the first, moving on the 8th of July," Weitzman said. "While I received a response from the transfer-dispute department at Enom, there has been no explanation nor any guess as to how this could happen."
Even worse, the string of thefts did not end there. Weitzman said, "This morning we noticed two more of our best names, Before.com and Even.com, were moved to Directi overnight with Privacy WhoIs. These domains were both locked and using my primary email as contact information. I have had them since 1995. Even after changing passwords on these accounts, the domains continue to disappear. How could someone even know my login/username for these accounts, let alone passwords? This is why we think the error or hack has taken place at Verisign - domains are showing in both registrars at the same time, there are no email notifications or EPP code requests," Weitzman said.
"I am wondering if anyone else has had this experience with Enom or knows whether Verisign has been hacked. We cannot understand how
"I am wondering if anyone else has had this experience with Enom or knows whether Verisign has been hacked. We cannot understand how this could happen, right under our watchful eyes, and may still be going on. Enom claims to have locked down my accounts from further domain movement and to have contacted the gaining registrars," Weitzman said. "They said they will notify me when they hear back from the registrars who hold the names now."
Meanwhile, some of the names that have already been taken from Weitzman's account continue to move (a common situation with stolen domains). "We noticed that Sou.com, the first of the hijacked domains, was transferred again, this time to NamesDirect as registrar and again, fastpark.net as the lander and another private Whois," Weitzman said. "I hope that by publicizing this, we can find out if anyone else has had this experience and what the resolution might be. It is also our hope that no one will purchase any of these names," Weitzman added.
If you have any information that could help Warren recover his stolen domains, you can send it to Warren at Warren.com. We will follow up with new developments as they occur.
Here is Warren’s comment this morning:
“From: Warren <[email protected]>
To: Monte Cahn
Sent: Wed Jul 22 03:26:24 2009
Subject: article
Monte,
I should have moved all of my names to moniker when you told me to.
sheesh .. did you see the article: Domain Name Journal - The Lowdown from DNJournal.com
I’m going to move them .. problem is funds. If there’s a way to move them, I’ll do it.
Again, I should have listened to you. Enom is really lame when it comes to tech support and security.
Hope all is well.
Warren”
The above referenced article:
Warren Weitzman's worst nightmare has just come true. Weitzman has been in the domain game since 1994 and oldtimers in the industry know him as one of the pioneers in the business. Weitzman is a quiet guy who has never been interested in the spotlight, but as the victim of a major domain hijacking he is speaking up now with the hope that the publicity will lead to the return of his domains and prevent problems for others who might unknowingly buy the stolen names and lose their investment. Weitzman is also trying to find out how the theft happened and he believes the break-in could have occurred as high as the registry level at Verisign.
Weitzman first learned something was wrong on Thursday when Rick Waters, who is developing Adios.com for Weitzman's company, called to tell him that suddenly Adios.com had stopped resolving at the assigned DNS. "I immediately went into my account at Enom and saw that Adios.com was there, still locked, with the same normal email for me, and everything appeared to be fine," Weitzman said. "But when I did a WhoIs lookup at DomainTools it showed a ‘John Thalacker’ as the registrant, 000domains as the registrar, and fastpark.net as the dns and lander, plus a phone number that didn’t work." (Editor's note: John Thalacker is a veteran domainer whose name was apparently picked at random by the thief for the false WhoIs info on this domain. So John is also being victimized by the criminal).
"I immediately called Enom, emailed them transfer- disputes and inquired how the domain could be in my account while showing another owner in the public record simultaneously. I alerted everyone I knew, but no one could understand how this could happen,' Weitzman said.
"After contacting Enom, we learned that all of the domains were still locked but Adios.com was no longer in Enom's database. It had been transferred out. How could this happen without a notifying email, EPP, without a hack at the Verisign level or some kind of cooperation from Enom? We also found that other domains had been transferred out to the same DNS (fastpark.net) and those names now showed various registrant information (mostly privacy WhoIs)," Weitzman said.
Weitzman said the initial list of names taken from two different accounts he has at Enom includes these domains:
Sou.com
Tysons.com
Speel.com
Procredito.com
Stickum.com
Nansi.com
Circut.com
Airwatch.com
Adios.com
Boxheads.com
Twiller.com
Greatglasses.com
"All of these names showed in Enom’s transfer-out report as moving over the last 2 weeks, Sou.com being the first, moving on the 8th of July," Weitzman said. "While I received a response from the transfer-dispute department at Enom, there has been no explanation nor any guess as to how this could happen."
Even worse, the string of thefts did not end there. Weitzman said, "This morning we noticed two more of our best names, Before.com and Even.com, were moved to Directi overnight with Privacy WhoIs. These domains were both locked and using my primary email as contact information. I have had them since 1995. Even after changing passwords on these accounts, the domains continue to disappear. How could someone even know my login/username for these accounts, let alone passwords? This is why we think the error or hack has taken place at Verisign - domains are showing in both registrars at the same time, there are no email notifications or EPP code requests," Weitzman said.
"I am wondering if anyone else has had this experience with Enom or knows whether Verisign has been hacked. We cannot understand how
"I am wondering if anyone else has had this experience with Enom or knows whether Verisign has been hacked. We cannot understand how this could happen, right under our watchful eyes, and may still be going on. Enom claims to have locked down my accounts from further domain movement and to have contacted the gaining registrars," Weitzman said. "They said they will notify me when they hear back from the registrars who hold the names now."
Meanwhile, some of the names that have already been taken from Weitzman's account continue to move (a common situation with stolen domains). "We noticed that Sou.com, the first of the hijacked domains, was transferred again, this time to NamesDirect as registrar and again, fastpark.net as the lander and another private Whois," Weitzman said. "I hope that by publicizing this, we can find out if anyone else has had this experience and what the resolution might be. It is also our hope that no one will purchase any of these names," Weitzman added.
If you have any information that could help Warren recover his stolen domains, you can send it to Warren at Warren.com. We will follow up with new developments as they occur.
