Nov. 2004 Icann Rules An Invitation To Domain Hijacking

[schepperer]

Domain Hijacking? It can happen to anybody.

This one mail I received today:

" A request has been received to transfer the domain tapert.com away from the Registrar OpenSRS.
This request was entered at 20-JAN-2005 16:58:01 by Moniker Online Services, Inc"

"If we do not hear from you by Tue Jan 25 16:58:01 2005, the transfer will proceed."

wow

I declined of course by clicking the correct choice.

If you dont check your email for about 5 days there is pretty good chance your domain name will be stolen.

My request to moniker support about who tried to hijack my domain, oh wonder was unanswered.

I would say about 35% of domains remain unlocked and are at risk to be stolen.

I dont know who makes decisions at ICANN, these guys must be outsourced from a how-works-a-hairdryer call center.

In November ICANN opened the gates for such kind of criminal acts and nobody prevented them from doing so.

 

[ibuya.com]

Ya, we noticed that immediately back in November and quickly "registrar locked" all of our domains and our customer domains.

However, that raises a very interesting question. Would it be illegal to go 'mining' for domain names that have been abandoned?

But then again, don't know how productive it would be since most registrars automatically lock all their customer domains by default. A registrar would rather get a renewal or let a domain expire rather than have it transferred away.

If you pay for a transfer and that transfer is rejected, most registrars will refund your money. However, a registrar may not tolerate a massive amount of rejections. Bet it has already been tried and many times.

You and I both know the domain name industry has more than it's share of hoodlums. Moral or not, ethical or not... I am willing to bet domain companies and individuals are actively combing for unlocked domain names.

This new ICANN rule has really made our life simple by eliminating hassles transferring away domain from greedy registrars. Wish this was done years ago. In years to come, vast majority of all domains will be locked.

A little late, but ICANN should have implemented other rules to safe-guard hijacking. One would have been notifying all registrars to lock all customer domains or accept liability if a domain is hijacked. Only problem remaining would have been people that lost their account username/password being able to unlock their domain(s) to renew or transfer them away.

Any abandoned domains would eventually expire.

Your alarm is more than understandable. Many thoughts horror went through our minds back in November.

 

[dgridley]

Highly unethical, at the absolute minimum.. and probably constitutes a very real case of fraud and / or theft in any event.

Would it be illegal to go 'mining' for domain names that have been abandoned?

 

[Dave_Z]

" A request has been received to transfer the domain tapert.com away from the Registrar OpenSRS.
This request was entered at 20-JAN-2005 16:58:01 by Moniker Online Services, Inc"

"If we do not hear from you by Tue Jan 25 16:58:01 2005, the transfer will proceed."

Correct me if I'm wrong, but from that post above, it appears you got the
auth email from the gaining registrar. In this case, Moniker.

The next line disturbs me. I'll forward this to Monte Cahn since he owns
Moniker.

 

[schepperer]

Correct me if I'm wrong, but from that post above, it appears you got the
auth email from the gaining registrar. In this case, Moniker.

The next line disturbs me. I'll forward this to Monte Cahn since he owns
Moniker.

The mail came from Moniker as result of a transfer request from one of their customers.

Marked lines were copied and pasted.

Moniker ignored my questioning mail about which of their customers tried the hijacking.

 

[jberryhill]

about which of their customers tried the hijacking.

Tell us how you know, for a fact, that the transfer request was not a result of a typographic or other error made by one of their customers requesting a transfer of one of their own domain names.

 

[AdoptableDomains]

However, that raises a very interesting question. Would it be illegal to go 'mining' for domain names that have been abandoned?

I have been a little concerned lately with whois.sc. I have a paid membership there, and monitor many of my personally owned domains. The alert service notifies you of monitored domains when whe whois record changes in any way, including when the locked status is changed either way. It has occured to me that others could monitor my domains, and when I unlocked one to transfer, they could quickly jump in an initiate a transfer as well. If it happened to be at the same registrar, you might not know they beat you to the punch and authorize it yourself thinking it was your own transfer. Like most, it's a handy tool for a domain owner, but in the wrong hands could be used against you.

 

[schepperer]

Tell us how you know, for a fact, that the transfer request was not a result of a typographic or other error made by one of their customers requesting a transfer of one of their own domain names.

Moniker didnt reply to my emails so I understand it should not be discussed that there have been a hijacking attempt originating from their site as registrar.

I dont believe in typing errors in order to transfer an active domain originating from Moniker which are serving mainly for the domain pros.

You must understand too that a lot of domain owners did make this new experience since the ICANN rules change in November which simply made domain hijacking on a new level possible.

If there is be a typing error or correct name wouldnt make a big difference for me as current owner. If I dont check my emails for 5 days my domain name is gone.

 

[mcahn]

Hello Mario,

If you let me know what domain name it was, I can have this looked into for you. What typically happens with some of our large customers is that they have submitted transfers some time ago. Our system automatically calls for transfers until they are cancelled by the customer or by our system. The domain in question probably belonged to the previous owner of the domain and remained on their transfer in list to Moniker along with a long list of other domains.

Just email me and we will find out the answers....no worries - [email protected]

 

[schepperer]

Hi Monte:

its about domain name TAPERT.COM I registered it middle november 2004.

It was in the expired domains list of 09.09.2004.

I cannot believe you try any transfer-in orders for more than 4 months.
registerfly and others try transfers 1 month.

In case of trying transfers for about 4 months registrar would be responsible for hijackings.

Let me hear your response. Im pretty sure one of your customers tried to steal the name.

 

[schepperer]

not by surprise moniker keeps quiet to serious matters

my mail from 20. Januar 2005 22:22 CET to [email protected] was unanswered

world wide waiting here in forum too

 

[Dave_Z]

[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]

Apologies to Monte Cahn.

And another debt of gratitude to JBerryhill.

 

[schepperer]

I did mail to [email protected] because I believed thats the official email address published on moniker homepage to reach somebody if a domain name gets hijacked. Everybody in search for contact will use this address.

And I expect an answer from moniker support because I mailed them.

You want to say email [email protected] is not valid or not property of moniker because they never send a reply?

Is it wrong to expect a reply for this serious matter?

I sent my mail 20. Januar 2005 22:22 CET and never received an answer.

Where is moniker boss now?
Im still waiting for an answer who of your customers tried to hijack TAPERT.COM?

 

[jberryhill]

Im still waiting for an answer who of your customers tried to hijack TAPERT.COM?

I believe Monte very clearly stated that it may well have simply been a typographical error, or an attempt to transfer a domain name which the registrant wasn't aware had expired.

As far as continuing transfer requests for 4 months, I am glad that Moniker does that. It has taken over three months to finally get NSI to unlock more than 700 domains that a client was trying to transfer to Moniker for quite some time.

So, first off, you do not know that anyone was trying to hi-jack the domain. It could have been a simple error.

Second, nobody owes you an explanation of anything. Was the domain name transferred? No, it wasn't. IF the domain name had been transferred in to Moniker by mistake, it is likely that the situation would be sorted out promptly. The fact that Monte drops in on the forums once in a while is pretty amazing. You name a SINGLE other registrar that bothers to read these things or respond.

Given the timing, it seems most likely that the domain name transfer was probably requested by the prior registrant before the domain name expired. If someone was looking to hi-jack the domain name, then it would make a LOT more sense to hi-jack prior to the expiration, on the assumption that the whois data is stale, rather than just after it was re-registered.

Now, you go type a list of a couple of thousand domain names, and see whether you make any mistakes.

 

[schepperer]

I believe Monte very clearly stated that it may well have simply been a typographical error, or an attempt to transfer a domain name which the registrant wasn't aware had expired.

Thats not more than hypotetical. He didnt know even the domain name at that point.

As far as continuing transfer requests for 4 months, I am glad that Moniker does that. It has taken over three months to finally get NSI to unlock more than 700 domains that a client was trying to transfer to Moniker for quite some time.

In my opinion automatic open transfer request orders for about 4 months until any success are illegal.

So, first off, you do not know that anyone was trying to hi-jack the domain. It could have been a simple error.

Again: I want to know from moniker who tried to hijack my domain name since I gave no permission. I strongly believe I have the right to know about the wannabe registrant since I have to give my permission for any away transfer. I dont believe there was any error but the wannabe registrant gave it a try.



Second, nobody owes you an explanation of anything. Was the domain name transferred? No, it wasn't. IF the domain name had been transferred in to Moniker by mistake, it is likely that the situation would be sorted out promptly. The fact that Monte drops in on the forums once in a while is pretty amazing. You name a SINGLE other registrar that bothers to read these things or respond.

Even a hijacking attempt is illegal. Nobody can give you a guarantee that the situation "would be sorted out promptly". I strongly believe sorting out could take long-term. Sometimes courts help will be necessary.

I can tell you dozens of registrars who have a well working support department and respond for every single mail or support ticket. Maybe you know registerfly or names4ever to name only 2. With their live chat support its easy to fix problems live and online within minutes after authentification.


Given the timing, it seems most likely that the domain name transfer was probably requested by the prior registrant before the domain name expired. If someone was looking to hi-jack the domain name, then it would make a LOT more sense to hi-jack prior to the expiration, on the assumption that the whois data is stale, rather than just after it was re-registered.

Former owner of tapert.com are from China (had it on the web for sale) and an engineer in Langley, WA.
Maybe one of them tried the hijacking. Again: I sort out that there are registrars with automatic transfer attempts for about 4 months.
names4ever, namecheap and registerfly just to say some try only for not any longer than 1 month.

Now, you go type a list of a couple of thousand domain names, and see whether you make any mistakes.

Why you TYPE thousands of domain names ???

namepros do it like copy/paste from xls or csv files. Typing errors impossible.
Thats how the moniker customers do too. Moniker mainly serves bulk domain customers. They copy and paste. No typo errors. Thats why I understand its about domain hijacking with my domain TAPERT.COM and moniker support will have reason that they dont reply since 10 days.

Monte pls tell me who tried to transfer my domain away.

 

[jberryhill]

In my opinion automatic open transfer request orders for about 4 months until any success are illegal.

You are entitled to your opinion. That and a buck will get you a cup of coffee.

Even a hijacking attempt is illegal.

Making a mistake on a large list of transfers is not illegal. You really have a bee under your bonnet, and it is clear that you want to harass someone by jumping to a hasty conclusion when you have NO indication there was any wrongdoing and you have lost NOTHING. Under those circumstances, if I were Monte, I wouldn't give you the time of day.

Moniker mainly serves bulk domain customers. They copy and paste.

And if they are copying and pasting from a stale list, it will generate a transfer request. But, regardless, you don't know whether this person was typing, copying or pasting, or anything else. You want a name of someone at whom you can hurl threats and intimidate, and I do not believe that Monte will or should help you. If he looks into it and concludes that it was a mistake then, no, you are not entitled to know who any of his customers are. Period.

If you dont check your email for about 5 days there is pretty good chance your domain name will be stolen.

Not if you lock them.

 

[Badger]

Interesting comments regarding the domain mining and 'yes', i agree with Dave, this would indeed be hightly immoral and illegal.

I do know of a domain valued in the $$,$$$ and UNLOCKED. Sale negotiations were ongong and at a stalemate when the owner inadvertantly advised the somewhat suspect buyer that he was on vacation for 3 weeks and the negotiations would have to continue after that... Well, guess what had transpired after he returned..... You got it.. Wont mention the name as he's fighting its return at the moment.

And on a seperate note, John, I think you'll find member billinchilla [afternic] is a very active member of this site

 

[schepperer]

Interesting comments regarding the domain mining and 'yes', i agree with Dave, this would indeed be hightly immoral and illegal.

Yes. Highly immoral and illegal.

Moniker as registrar will transfer your domain away without your permission if you dont check your mails for 5 days. Thats an invitation to domain hijacking.


moniker mail

 

[jberryhill]

Moniker as registrar will transfer your domain away without your permission if you dont check your mails for 5 days. Thats an invitation to domain hijacking.

ANY registrar will do that if your domains are not locked. That is ICANN policy, and is not unique to Moniker.

You don't know that this was anything other than an innocent mistake. Yet, you think by calling Moniker names, they are going to answer your questions.

If you think something illegal is going on, then why not put your money where your mouth is, and go to court?

 

[schepperer]

ANY registrar will do that if your domains are not locked. That is ICANN policy, and is not unique to Moniker.

You don't know that this was anything other than an innocent mistake. Yet, you think by calling Moniker names, they are going to answer your questions.

If you think something illegal is going on, then why not put your money where your mouth is, and go to court?

Thats not true. Registerfly as only 1 example REQUIRE a reaction to a transfer request email. Cross yes or no. If no reaction your domain name cannot be transferred away. Hope you learn now that not ANY registrar as you mentioned will transfer an unlocked domain. (About 35% of all existing domains are unlocked.)

moniker:

"If we do not hear from you by Tue Jan 25 16:58:01 2005, the transfer will proceed."

Monikers transfer request


registerfly:


"(note if you do not respond by 05 Feb 2005, FOTAN.COM will not be transferred to us)"

registerflys transfer request

Hope you will get it: There is a small but deciding difference in handling.
moniker as registrar makes it possible to hijack domain names, registerfly not. Thats a fact.

Not by surprise moniker support doesnt reply to any emails. Maybe you dont find it suspicious but I do. Again: moniker isnt the reigistrar for the guy from the street who registers one domain name per year. Its a service for domain name pros who are mainly looking for traffic domains. I sort out the possibility of any typo errors since bulk domains are registered via copy and paste of the names wanted.

Im still waiting for a moniker reply with explain and hardcopies. You can be sure that I will not wait forever for reporting to authorities since the hijacking attempt was supported by monikers handling of transfer requests.

Now I expect a positive feedback for public that they block domain name hijackers for future as other registrars do by changing their procedure. Im sure its easy to fulfill.

moniker pls let us know about your future transfer policy. Will you change it?
Will you prevent domain name hijacking the way registerfly does?

 

[Badger]

I fail to see your anger Schepperer...

1, this is a domain forum where we are all here to help one another.
2, you had an attempted hijack on one of your names which failed to transpire, so..... Maybe count yourself lucky
3, Monte posted earlier on in the thread that he was willing and able to help you.
& 4, I guess you dont know who JBerryhill is...?

Sure your angry, sure you want revenge. But is here the right place for all this? You seem to keep re-asserting your point in your threads.

Can I respectfully suggest that is moniker is as bad as you say they are - transfer out and forget the whole thing happened.

And go easy Bro, we are your friends.

 

[jberryhill]

Not by surprise moniker support doesnt reply to any emails.

Given your attitude, no, it's no surprise at all. But, considering that you are not a customer of theirs, they don't owe you support.

I sort out the possibility of any typo errors since bulk domains are registered via copy and paste of the names wanted.

BS. First off, Moniker has large customers and small customers alike. Secondly, if you weren't such a hotheaded shill for Registerfly, then you would realize that Monte already posted a likely scenario:

1. person registers domain tapert.com on a drop in 2003, among other domains caught at various registrars.

2. domain tapert.com expires in late 2004, person doesn't notice.

3. person decides in 2004 to consolidate their domains at Moniker, and either types or, yes, cuts and pastes a list which includes tapert.com

4. you get the email notification, and deny the transfer

Sorry pal, you have not shown that it was not a purely innocent situation. I can tell you from direct experience that some of the largest domain owners on the planet lose domains this way on a regular basis, and it generally takes just a few telephone calls and emails to sort out. One of the reasons why people who know what they are doing use Moniker is because Moniker requires very explicit approval for outbound transfer requests.

The bottom line here is that it doesn't matter what the Moniker email to you says, if your domains are locked at Registerfly, then they aren't going to go anywhere.

But is Moniker going to provide you with information about one of their customers so you can spew your threats? No way.

The joke here, of course, is that Robert Tapert is the executive producer of Xena the Warrior Princess, which I suppose explains the links on your site.

 

[schepperer]

4. you get the email notification, and deny the transfer

One of the reasons why people who know what they are doing use Moniker is because Moniker requires very explicit approval for outbound transfer requests.

The bottom line here is that it doesn't matter what the Moniker email to you says, if your domains are locked at Registerfly, then they aren't going to go anywhere.

4. "very explicit approval", LOL, What it helps you if you are just 5 days not on internet and you get email notification during that time.

Will you declare llegal to stay 5 days offline?

How can I be able to deny the transfer request then? Dont you understand?

You will be not able to give a guarantee that after some phone calls domain name is back.

at registerfly domain name will not be stolen if you are without internet for 5 days or even 5 months, locked or not no difference

moniker transfer policy makes domain hijacking possible

until moniker does not change transfer policy I have all reason to be angry or searching for revenge, its not just about me but all the other registrants with active names

registrants are at risk to get their domain stolen by monikers transfer requests and monte & co prefer to stay quiet about the subject

I dont like if somebody does not understand the serious situation.
We are at namepros, we have responsibility for all registrants that a domain cannot be stolen that easy. Yes we should help all eachother that moniker doesnt allow that any longer.

If monte would be really willing to help, fine.

Again its not just about me or my louzy domain tapert.com. We have to give safety back to domain owners.

 

[jberryhill]

4. "very explicit approval", LOL, What it helps you if you are just 5 days not on internet and you get email notification during that time.

Read the word "outbound" in what you are replying to, or work on your English.

How can I be able to deny the transfer request then? Dont you understand?

I understand quite well. You deny the transfer request by maintaining a lock on your domains at your current registrar. That not only prevents hi-jackings, but it also prevents inadvertent transfers due to an error. It doesn't matter whether Moniker issues a transfer request to the registry if your domain name is locked, and it doesn't matter what their notification email says.

YOU do not understand that. Explain why 1-4 above could not have happened here, and why you are so certain this was an intentional hi-jacking attempt. My point about "outbound" (look it up) transfer requests at Moniker was in the context of the reality that a lot of Moniker customers moved there because they have been the victims of hi-jackings in the past. Do you think that large registrants don't see a lot of mistakes, hi-jackings, and other strange things going on?

I have all reason to be angry or searching for revenge

Your character is your problem, and your behavior is unreasonable.

 

[mcahn]

schepperer,

Trust me, I am not staying quiet, just have not been back to this thread as I asked you to email me with the domain name in question, not post it back on this board. If you look at my post above, I asked for you to email me with the domain - you did not email me so I did not know that you were still posting about it.

Now that I have the domain, I have asked my staff to see why it was still left in the transfer out system and who it belonged to.

Just to clarify that domains are submitted by former owners all the time....especially large domain owners as they submit large lists and sometimes forget to remove them.

Although we cannot controll "attempted" hijackings to moniker, we certainly prevent them from moniker to other registrars by adding several levels of security to this process to prevent this. My bet this was just left on someones list and you are over-reacting.....especially since you did not even loose the domain.

In any case, I will let you and everyone know what the situation is once our transfer in system runs today with our report. As you can see, many know me and how our operation works. We are not out to get anyone upset and neither are our customers.

Thanks for the heads up - [email protected]

Mario - Also - your domain is not even locked:

Domain Name: TAPERT.COM
Registrar: TUCOWS INC.
Whois Server: whois.opensrs.net
Referral URL: http://domainhelp.tucows.com
Name Server: NS1.MYDOMAIN.COM
Name Server: NS2.MYDOMAIN.COM
Status: ACTIVE
Updated Date: 19-nov-2004
Creation Date: 19-nov-2004
Expiration Date: 19-nov-2005

leaving it open for theft by anyone. My advice is that you lock your domain immediately to protect it. Additionally, it is the responsibiliy of your registrar to help you protect your domains, not the gaining registrar.

I have just been informed this domain name was submitted for transfer by the previous owner and forgot to take the domain off their list when it expired. So my perception was correct.

If you would like higher security on your account and for your domains from this point on, I suggest you actually transfer them to Moniker.com. We have yet to have a domain theft - EVER.

Hope this clears this up for you Mario!