Forum Moderators: buckworks & webwork

Message Too Old, No Replies

Domain Names Stolen--now what?

And I don't mean they expired and got picked up

         

pinterface

12:57 am on Oct 18, 2007 (gmt 0)

10+ Year Member



I recently noticed the whois information for one of my clients' (we'll call him Bob) domains changed to his competition (we'll call him Alice). Only problem is Bob didn't sell the domains to Alice, and the domains weren't set to expire for another year or so. You gotta give Alice props for the industrial espionage and the balls to register the domains using the same registrar Bob was using, but Bob is none-too-thrilled.

Needless to say, Bob wants his domains back and I've got no idea what to tell him. Bob's registrar claims the transfer was initiated from Bob's account (the one domain on that account they didn't steal was cancelled, so I'll buy that), but has otherwise not been particularly helpful thus far.

So I have several questions because I know my clients are going to ask and I don't know what to tell them.

  1. How did Alice manage to steal Bob's domains out from under him?
  2. Other than "get a lawyer", what recourse does Bob have?
  3. What can my other clients (and Bob) do to protect themselves from this happening (again)?

martinibuster

1:08 am on Oct 18, 2007 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



>>>How did Alice manage to steal Bob's domains out from under him?

Check, check, check the email address your client used as the email of record for that domain. Looks like a crime may have been committed. Sounds like a job for an attorney familiar with Internet laws, and/or the FBI. Your client's domain name account may have been hijacked by Alice.

Laker

5:33 am on Oct 18, 2007 (gmt 0)

10+ Year Member



You gotta give Alice props for the industrial espionage and the balls to register the domains using the same registrar Bob was using, but Bob is none-too-thrilled.

Without going into a very long back story to "set-up" my comment/suggestion, check with the Registrar to see/confirm if ALL of the communications (and resultant transfer actions) with the Registrar and "Alice" were via email, or if some (any) of them were verbal.

No, "verbal" shouldn't work, but... it does.

It does.

That it is the same registrar is the red flag for me.

vincevincevince

5:51 am on Oct 18, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



You could try getting a threatening letter from a lawyer to Alice. In addition, you could tell Alice that the theft will be reported to the police unless the items are returned promptly.

pinterface

2:02 am on Oct 19, 2007 (gmt 0)

10+ Year Member



Check, check, check the email address your client used as the email of record for that domain.

Unfortunately--and I didn't know about this until it was too late--the e-mail address used as the e-mail of record for the stolen domains was attached to the cancelled domain and hosted by the registrar under the same account. Domain was cancelled, e-mail account went with it. Or perhaps both were cancelled at the same time. Either way, I've suggested Bob add this to the list of information to request from the registrar. We'll see what we get.

check with the Registrar to see/confirm if ALL of the communications (and resultant transfer actions) with the Registrar and "Alice" were via email, or if some (any) of them were verbal.

Interesting; this was not an aspect I had considered. Will be sure to look into it.

You could try getting a threatening letter from a lawyer to Alice.

Lawyers are on the list of things I'm looking in to (if anyone has suggestions, we're all ears over here), but they're a last resort--Alice doesn't scare that easily, so Bob would have to both sue and win. Obviously, that's much less appealing than convincing the registrar to correct their own bloody mistake.

gpmgroup

2:25 pm on Oct 19, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Obviously, that's much less appealing than convincing the registrar to correct their own bloody mistake.

If I am understanding you right I don't think that's being entirely fair to the registrar.

Why should they link the email address from a domain bob has allowed to drop to the domains Alice has taken w/o consent?

I think it might be more productive to explain the situation to the registrar and ask nicely if they could help. :)

jimbeetle

4:30 pm on Oct 19, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Bob's registrar claims the transfer was initiated from Bob's account

I'm with martinibuster here, there's a good possibility of a crime. Getting a lawyer on this pronto will put pressure on the registrar to cooperate more fully. And Alice might scare a bit more easily if faced with the possibility of a couple of feebs showing up on his doorstep.

amznVibe

4:42 pm on Oct 19, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



register the domains using the same registrar Bob was using

They didn't use the same registrar because they were clever, they did it so they could do an internal push (transfer) instead of an external transfer. That's why the original registration date and expiration date didn't change. They probably got the password from the security question or other information.

Complain to ICANN about the registrar (part of registration fees go towards someone who is
supposedly answering the phone there for stuff like this) and/or UDRP for ~$2000.

ps. I had to laugh about the suggestion to call the FBI. That's like asking the police to take fingerprints of the area because someone stole your car. Good luck on getting them motivated for anything less than a murder. It's naive to think think law enforcement is about helping individuals - you'll be lucky if they don't start investigating you instead just for bothering them.

[edited by: amznVibe at 4:56 pm (utc) on Oct. 19, 2007]

martinibuster

5:31 pm on Oct 19, 2007 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



I had to laugh about the suggestion to call the FBI. That's like asking the police to take fingerprints of the area

That's poor advice. Couldn't be more shortsighted. Immediately reporting a crime sets in motion a paper trail that will be useful to you for insurance, business, and accounting reasons, as well as help cover your back against future claims from fraudulent activity and debts that may arise from this incident.

Good luck on getting them motivated for anything less than a murder. It's naive to think think law enforcement is about helping individuals-

My brother literally broke his body hopping over fences, wrestling criminals, and chasing down crackheads, dealers, rapists, muggers, molesters and other suspects. Go on a ride-along before you opine on people you have no actual knowledge or experience of.

incrediBILL

6:00 pm on Oct 19, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



They didn't use the same registrar because they were clever, they did it so they could do an internal push (transfer) instead of an external transfer.

If that's not clever then please define the meaning of clever because that's pretty smooth in my books.

I had to laugh about the suggestion to call the FBI.

The FBI has a special internet crimes divisions, used it many times when I used to run a hosting company and the illegal activity crossed state lines.

The analogy about fingerprints and cars is idiotic because you don't need to canvas the neighborhood because in this case there will be 2 distinct IP addresses or fingerprints used at the registrar, the real account holders and the person that stole the accounts, and possibly email account elsewhere and a few subpoenas later you'll know exactly who did what assuming "Alice" didn't use stolen credit cards and anonymous proxies to do the dirty deed.

The real problem IMO in that an actual hacking crime has occurred so mixing police and lawyers can be a bit dicey because if you threaten to turn someone over to the cops if they don't comply and return your domains means you've just committed blackmail.

My advice is RUN, do not walk, to your nearest lawyer and ask him how to proceed to make sure you cover your butt 100% and nuke "Alice" in the process with as much collateral damage as possible for stealing your stuff.

[edited by: incrediBILL at 6:05 pm (utc) on Oct. 19, 2007]

weeks

6:05 pm on Oct 19, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Talk to your local police as well. They may be more skilled than you think. But, I agree. It appears a serious crime has been committed.

incrediBILL

6:09 pm on Oct 19, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



BTW, even if "Alice" didn't do the dirty deed and it was a frame job, Alice is in possession of stolen property. Proving the property was yours and is no longer in your possession and needs to be returned is much easier than proving "Alice" stole it.

bwnbwn

7:17 pm on Oct 19, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



pinterface
"(the one domain on that account they didn't steal was cancelled, so I'll buy that)"

Don't you think it would be a polite thing to do is ask Bob if he wants to keep his one and only domain.

Kinda kicking the dog while he is tied up don't ya think....

tim222

9:04 pm on Oct 19, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I work in the financial industry and people steal money from us occasionally. Although these are interstate crimes, it's virtually impossible to get the FBI interested in a case that's below a certain dollar amount. I won't disclose the amount because I don't want to encourage a criminal, but it's far more than the value of a domain.

OTOH, we can usually get some level of cooperation from the local police (local to the criminal, not us). So you can try the FBI, but I doubt if they'll be helpful. My advice is to also contact the local police where "Alice" has "his" business established.

g1smd

12:18 am on Oct 20, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



This other discussion is somewhat related: [webmasterworld.com...]

ispy

1:17 am on Oct 20, 2007 (gmt 0)



Whats wrong with getting a lawyer, your ship has just come in, why win the lottery and not collect?

Can you prove your sales went down, document traffic on the domain before they were stolen, have info related to conversions per visitor?

pinterface

11:00 pm on Oct 22, 2007 (gmt 0)

10+ Year Member



... a domain bob has allowed to drop to the domains Alice has taken w/o consent?

I see I wasn't clear. Bob did not allow the domain to drop--it was cancelled in the same fell swoop during which the other domains were stolen.

it would be a polite thing to do is ask Bob if he wants to keep his one and only domain.

I don't know what you mean by this... I'm not Bob's registrar and had nothing to do with the domain being cancelled?

 

Anyway, I'd like to thank y'all for chiming in. I've forwarded Bob both this thread and a few domain name lawyers I've seen mentioned around here, and we'll see where things go. Thanks, all!

bwnbwn

1:30 pm on Oct 23, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Pinterface you said
I recently noticed the whois information for one of my clients'

Pinterface my apologies but I assumed from the above post you were his webmaster...

Lobo

4:45 am on Oct 24, 2007 (gmt 0)

10+ Year Member



I would suspect sometime should be put to find out how this happened?

Transferring a domain involves a few stages, unlocking, email request confirmation sent to the email on the present account.. etc

Someone would need to have access to Bobs registrar account and their personal email account over a few days.. unless money has changed hands between Alice and Bobs registrar then it musy surely be an inside job..

shakir

12:31 pm on Nov 17, 2007 (gmt 0)

10+ Year Member



cant stolen web doman, bcz if like the victime can compalint and stop everythink

callivert

1:15 pm on Nov 17, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



it's virtually impossible to get the FBI interested in a case that's below a certain dollar amount. ... it's far more than the value of a domain.

the value of which domain? Domains can be pretty valuable. They're auctioned every day for amounts anywhere up to hundreds of thousands of dollars. I bet if they stole google.com it would be hard to argue it's worth $10.