10|04|2010 04:44 pm EDT
I’ve been working with Mike Berkens this weekend on a breaking story that has some scary ramifications for the domain industry. Mike just published the scary part of the story on his site. To sum it up, Chris Hartnett, a well known domain investor has been the victim of identity theft. The thief has used Chris’ name to conduct fraudulent business including bidding and purchasing names on NameJet as well as stealing domain names and putting them up for sale, posing as Hartnett.
From reports, there were over $60,000 worth of domains sold on Namejet to this fraudulent bidder.
Some of the names include :
- booktools.com *
- browning.com *
- hawaiifun.com *
- premiumshopping.com *
- datastructures.com *
- pack.org *
* names were transferred out to the “fake Chris Hartnett” bidder.
The identity theft part of this story is bad enough, and the damage to Chris is horrible. However, there’s another part that Mike didn’t cover and that’s the collateral damage, ie the other victims of these crimes in the domain space.
In the case of Namejet auctions, the fraud impacts Namejet, legitimate bidders and registrar partners. “Fake Chris Hartnett” ran up multiple auctions and cost legitimate bidders thousands of dollars. I personally was involved in an auction where “fake Hartnett” , if not exposed, would have cost me $12,000 dollars extra. At least 3 separate incidences occurred where “fake Fartnett” ran up domain prices on the auctions. Namejet has informed us that they are offering the customers a credit or offering to re-auction the domains. Imagine bidding and not knowing wether the bidder is real or some hijacker bidding against you with no fear of ever having to really pay for the domain.
Registrar partners of Namejet are likely not going to be paid for these names, yet they most likely have already transferred out domains to “fake Hartnett”. Registrars now are victims as well. Any name that “fake Hartnett” won may have been moved to a new registrar even and likely can’t be transferred back without a court order. Additionally, some registrars, like NSI and Fabulous, pay out money to former owners which will never be reimbursed. It’s a big mess.
In the case of the stolen domains that “fake Hartnett” put up for sale and sold. The real owners of the domain are out the domain. There could be potential legal battles now including registrars, brokers, the “real” owner of the domain as well as the new owner.
This is indeed a scary incident and one that should make all domain owners vigilant about keeping track of their domains. It should make all auction houses even more vigilant about the domains they sell and the people they allow to bid. It’s time that we start getting serious about security in this space and finding ways to catch and punish criminals like this.