Nov. 2004 Icann Rules An Invitation To Domain Hijacking

[schepperer]

Domain Hijacking? It can happen to anybody.

This one mail I received today:

" A request has been received to transfer the domain tapert.com away from the Registrar OpenSRS.
This request was entered at 20-JAN-2005 16:58:01 by Moniker Online Services, Inc"

"If we do not hear from you by Tue Jan 25 16:58:01 2005, the transfer will proceed."

wow

I declined of course by clicking the correct choice.

If you dont check your email for about 5 days there is pretty good chance your domain name will be stolen.

My request to moniker support about who tried to hijack my domain, oh wonder was unanswered.

I would say about 35% of domains remain unlocked and are at risk to be stolen.

I dont know who makes decisions at ICANN, these guys must be outsourced from a how-works-a-hairdryer call center.

In November ICANN opened the gates for such kind of criminal acts and nobody prevented them from doing so.

 

[ibuya.com]

Ya, we noticed that immediately back in November and quickly "registrar locked" all of our domains and our customer domains.

However, that raises a very interesting question. Would it be illegal to go 'mining' for domain names that have been abandoned?

But then again, don't know how productive it would be since most registrars automatically lock all their customer domains by default. A registrar would rather get a renewal or let a domain expire rather than have it transferred away.

If you pay for a transfer and that transfer is rejected, most registrars will refund your money. However, a registrar may not tolerate a massive amount of rejections. Bet it has already been tried and many times.

You and I both know the domain name industry has more than it's share of hoodlums. Moral or not, ethical or not... I am willing to bet domain companies and individuals are actively combing for unlocked domain names.

This new ICANN rule has really made our life simple by eliminating hassles transferring away domain from greedy registrars. Wish this was done years ago. In years to come, vast majority of all domains will be locked.

A little late, but ICANN should have implemented other rules to safe-guard hijacking. One would have been notifying all registrars to lock all customer domains or accept liability if a domain is hijacked. Only problem remaining would have been people that lost their account username/password being able to unlock their domain(s) to renew or transfer them away.

Any abandoned domains would eventually expire.

Your alarm is more than understandable. Many thoughts horror went through our minds back in November.

 

[dgridley]

Highly unethical, at the absolute minimum.. and probably constitutes a very real case of fraud and / or theft in any event.

Would it be illegal to go 'mining' for domain names that have been abandoned?

 

[Dave_Z]

" A request has been received to transfer the domain tapert.com away from the Registrar OpenSRS.
This request was entered at 20-JAN-2005 16:58:01 by Moniker Online Services, Inc"

"If we do not hear from you by Tue Jan 25 16:58:01 2005, the transfer will proceed."

Correct me if I'm wrong, but from that post above, it appears you got the
auth email from the gaining registrar. In this case, Moniker.

The next line disturbs me. I'll forward this to Monte Cahn since he owns
Moniker.

 

[schepperer]

Correct me if I'm wrong, but from that post above, it appears you got the
auth email from the gaining registrar. In this case, Moniker.

The next line disturbs me. I'll forward this to Monte Cahn since he owns
Moniker.

The mail came from Moniker as result of a transfer request from one of their customers.

Marked lines were copied and pasted.

Moniker ignored my questioning mail about which of their customers tried the hijacking.

 

[jberryhill]

about which of their customers tried the hijacking.

Tell us how you know, for a fact, that the transfer request was not a result of a typographic or other error made by one of their customers requesting a transfer of one of their own domain names.

 

[AdoptableDomains]

However, that raises a very interesting question. Would it be illegal to go 'mining' for domain names that have been abandoned?

I have been a little concerned lately with whois.sc. I have a paid membership there, and monitor many of my personally owned domains. The alert service notifies you of monitored domains when whe whois record changes in any way, including when the locked status is changed either way. It has occured to me that others could monitor my domains, and when I unlocked one to transfer, they could quickly jump in an initiate a transfer as well. If it happened to be at the same registrar, you might not know they beat you to the punch and authorize it yourself thinking it was your own transfer. Like most, it's a handy tool for a domain owner, but in the wrong hands could be used against you.

 

[schepperer]

Tell us how you know, for a fact, that the transfer request was not a result of a typographic or other error made by one of their customers requesting a transfer of one of their own domain names.

Moniker didnt reply to my emails so I understand it should not be discussed that there have been a hijacking attempt originating from their site as registrar.

I dont believe in typing errors in order to transfer an active domain originating from Moniker which are serving mainly for the domain pros.

You must understand too that a lot of domain owners did make this new experience since the ICANN rules change in November which simply made domain hijacking on a new level possible.

If there is be a typing error or correct name wouldnt make a big difference for me as current owner. If I dont check my emails for 5 days my domain name is gone.

 

[mcahn]

Hello Mario,

If you let me know what domain name it was, I can have this looked into for you. What typically happens with some of our large customers is that they have submitted transfers some time ago. Our system automatically calls for transfers until they are cancelled by the customer or by our system. The domain in question probably belonged to the previous owner of the domain and remained on their transfer in list to Moniker along with a long list of other domains.

Just email me and we will find out the answers....no worries - [email protected]

 

[schepperer]

Hi Monte:

its about domain name TAPERT.COM I registered it middle november 2004.

It was in the expired domains list of 09.09.2004.

I cannot believe you try any transfer-in orders for more than 4 months.
registerfly and others try transfers 1 month.

In case of trying transfers for about 4 months registrar would be responsible for hijackings.

Let me hear your response. Im pretty sure one of your customers tried to steal the name.

 

[schepperer]

not by surprise moniker keeps quiet to serious matters

my mail from 20. Januar 2005 22:22 CET to [email protected] was unanswered

world wide waiting here in forum too

 

[Dave_Z]

[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]

Apologies to Monte Cahn.

And another debt of gratitude to JBerryhill.

 

[schepperer]

I did mail to [email protected] because I believed thats the official email address published on moniker homepage to reach somebody if a domain name gets hijacked. Everybody in search for contact will use this address.

And I expect an answer from moniker support because I mailed them.

You want to say email [email protected] is not valid or not property of moniker because they never send a reply?

Is it wrong to expect a reply for this serious matter?

I sent my mail 20. Januar 2005 22:22 CET and never received an answer.

Where is moniker boss now?
Im still waiting for an answer who of your customers tried to hijack TAPERT.COM?

 

[jberryhill]

Im still waiting for an answer who of your customers tried to hijack TAPERT.COM?

I believe Monte very clearly stated that it may well have simply been a typographical error, or an attempt to transfer a domain name which the registrant wasn't aware had expired.

As far as continuing transfer requests for 4 months, I am glad that Moniker does that. It has taken over three months to finally get NSI to unlock more than 700 domains that a client was trying to transfer to Moniker for quite some time.

So, first off, you do not know that anyone was trying to hi-jack the domain. It could have been a simple error.

Second, nobody owes you an explanation of anything. Was the domain name transferred? No, it wasn't. IF the domain name had been transferred in to Moniker by mistake, it is likely that the situation would be sorted out promptly. The fact that Monte drops in on the forums once in a while is pretty amazing. You name a SINGLE other registrar that bothers to read these things or respond.

Given the timing, it seems most likely that the domain name transfer was probably requested by the prior registrant before the domain name expired. If someone was looking to hi-jack the domain name, then it would make a LOT more sense to hi-jack prior to the expiration, on the assumption that the whois data is stale, rather than just after it was re-registered.

Now, you go type a list of a couple of thousand domain names, and see whether you make any mistakes.

 

[schepperer]

I believe Monte very clearly stated that it may well have simply been a typographical error, or an attempt to transfer a domain name which the registrant wasn't aware had expired.

Thats not more than hypotetical. He didnt know even the domain name at that point.

As far as continuing transfer requests for 4 months, I am glad that Moniker does that. It has taken over three months to finally get NSI to unlock more than 700 domains that a client was trying to transfer to Moniker for quite some time.

In my opinion automatic open transfer request orders for about 4 months until any success are illegal.

So, first off, you do not know that anyone was trying to hi-jack the domain. It could have been a simple error.

Again: I want to know from moniker who tried to hijack my domain name since I gave no permission. I strongly believe I have the right to know about the wannabe registrant since I have to give my permission for any away transfer. I dont believe there was any error but the wannabe registrant gave it a try.



Second, nobody owes you an explanation of anything. Was the domain name transferred? No, it wasn't. IF the domain name had been transferred in to Moniker by mistake, it is likely that the situation would be sorted out promptly. The fact that Monte drops in on the forums once in a while is pretty amazing. You name a SINGLE other registrar that bothers to read these things or respond.

Even a hijacking attempt is illegal. Nobody can give you a guarantee that the situation "would be sorted out promptly". I strongly believe sorting out could take long-term. Sometimes courts help will be necessary.

I can tell you dozens of registrars who have a well working support department and respond for every single mail or support ticket. Maybe you know registerfly or names4ever to name only 2. With their live chat support its easy to fix problems live and online within minutes after authentification.


Given the timing, it seems most likely that the domain name transfer was probably requested by the prior registrant before the domain name expired. If someone was looking to hi-jack the domain name, then it would make a LOT more sense to hi-jack prior to the expiration, on the assumption that the whois data is stale, rather than just after it was re-registered.

Former owner of tapert.com are from China (had it on the web for sale) and an engineer in Langley, WA.
Maybe one of them tried the hijacking. Again: I sort out that there are registrars with automatic transfer attempts for about 4 months.
names4ever, namecheap and registerfly just to say some try only for not any longer than 1 month.

Now, you go type a list of a couple of thousand domain names, and see whether you make any mistakes.

Why you TYPE thousands of domain names ???

namepros do it like copy/paste from xls or csv files. Typing errors impossible.
Thats how the moniker customers do too. Moniker mainly serves bulk domain customers. They copy and paste. No typo errors. Thats why I understand its about domain hijacking with my domain TAPERT.COM and moniker support will have reason that they dont reply since 10 days.

Monte pls tell me who tried to transfer my domain away.

 

[jberryhill]

In my opinion automatic open transfer request orders for about 4 months until any success are illegal.

You are entitled to your opinion. That and a buck will get you a cup of coffee.

Even a hijacking attempt is illegal.

Making a mistake on a large list of transfers is not illegal. You really have a bee under your bonnet, and it is clear that you want to harass someone by jumping to a hasty conclusion when you have NO indication there was any wrongdoing and you have lost NOTHING. Under those circumstances, if I were Monte, I wouldn't give you the time of day.

Moniker mainly serves bulk domain customers. They copy and paste.

And if they are copying and pasting from a stale list, it will generate a transfer request. But, regardless, you don't know whether this person was typing, copying or pasting, or anything else. You want a name of someone at whom you can hurl threats and intimidate, and I do not believe that Monte will or should help you. If he looks into it and concludes that it was a mistake then, no, you are not entitled to know who any of his customers are. Period.

If you dont check your email for about 5 days there is pretty good chance your domain name will be stolen.

Not if you lock them.

 

[Badger]

Interesting comments regarding the domain mining and 'yes', i agree with Dave, this would indeed be hightly immoral and illegal.

I do know of a domain valued in the $$,$$$ and UNLOCKED. Sale negotiations were ongong and at a stalemate when the owner inadvertantly advised the somewhat suspect buyer that he was on vacation for 3 weeks and the negotiations would have to continue after that... Well, guess what had transpired after he returned..... You got it.. Wont mention the name as he's fighting its return at the moment.

And on a seperate note, John, I think you'll find member billinchilla [afternic] is a very active member of this site

 

[schepperer]

Interesting comments regarding the domain mining and 'yes', i agree with Dave, this would indeed be hightly immoral and illegal.

Yes. Highly immoral and illegal.

Moniker as registrar will transfer your domain away without your permission if you dont check your mails for 5 days. Thats an invitation to domain hijacking.


moniker mail

 

[jberryhill]

Moniker as registrar will transfer your domain away without your permission if you dont check your mails for 5 days. Thats an invitation to domain hijacking.

ANY registrar will do that if your domains are not locked. That is ICANN policy, and is not unique to Moniker.

You don't know that this was anything other than an innocent mistake. Yet, you think by calling Moniker names, they are going to answer your questions.

If you think something illegal is going on, then why not put your money where your mouth is, and go to court?

 

[schepperer]

ANY registrar will do that if your domains are not locked. That is ICANN policy, and is not unique to Moniker.

You don't know that this was anything other than an innocent mistake. Yet, you think by calling Moniker names, they are going to answer your questions.

If you think something illegal is going on, then why not put your money where your mouth is, and go to court?

Thats not true. Registerfly as only 1 example REQUIRE a reaction to a transfer request email. Cross yes or no. If no reaction your domain name cannot be transferred away. Hope you learn now that not ANY registrar as you mentioned will transfer an unlocked domain. (About 35% of all existing domains are unlocked.)

moniker:

"If we do not hear from you by Tue Jan 25 16:58:01 2005, the transfer will proceed."

Monikers transfer request


registerfly:


"(note if you do not respond by 05 Feb 2005, FOTAN.COM will not be transferred to us)"

registerflys transfer request

Hope you will get it: There is a small but deciding difference in handling.
moniker as registrar makes it possible to hijack domain names, registerfly not. Thats a fact.

Not by surprise moniker support doesnt reply to any emails. Maybe you dont find it suspicious but I do. Again: moniker isnt the reigistrar for the guy from the street who registers one domain name per year. Its a service for domain name pros who are mainly looking for traffic domains. I sort out the possibility of any typo errors since bulk domains are registered via copy and paste of the names wanted.

Im still waiting for a moniker reply with explain and hardcopies. You can be sure that I will not wait forever for reporting to authorities since the hijacking attempt was supported by monikers handling of transfer requests.

Now I expect a positive feedback for public that they block domain name hijackers for future as other registrars do by changing their procedure. Im sure its easy to fulfill.

moniker pls let us know about your future transfer policy. Will you change it?
Will you prevent domain name hijacking the way registerfly does?