Subscribe to RSS Feed

12|06|2008 04:00 pm EDT

WARNING : Stolen Domain Names Being Reportedly Offered For Sale

by Chad Kettner in Categories: Legal Issues

The domaining message boards have been buzzing ever since a purported domain thief created a website to offer his long list of stolen domains for sale.  The purported thief, sometimes referred to as Omid J, has been tracked down by other domainers in the past but he hasn’t typically been as brazen to create a website to list and sell the domain names. However, over the last week many domainers have been receiving emails advising them to go to LuxaryDomains.com to receive great deals on premium domain names. It wasn’t long until the domaining community caught on.  According to several reports, after responding to the emails the seller reported that some of the domains had already been sold.

Many of the purported stolen domain names, besides being extremely valuable, also appear to be quite ironic based on the situation. The long list includes Problems.com, Mistake.com, Damaged.com, Evaluate.com, Upset.com, Returns.com, Failures.com, Apologize.com, Changed.com, Confusing.com, Concerns.com, Flaws.com, Legal-Advice.com, Disagree.com, Upset.net, Theft.org, and many more.

You never know when somebody could be targeting your domains, so it’s best to be cautious at all times – something Eytan Levit recently found out.  Levit, the owner of Problem.com, had his name taken from GoDaddy.com and transferred to Name.com due to a compromised email account.

According to Levit, Name.com originally asked GoDaddy to provide them with indemnification when returing the domain name to Levit, but Godaddy refused.  “GoDaddy.com’s people remain silent, not answering my last 2 emails, refusing to take any responsibility regarding this matter”.  After a lot of uncertainty Levit finally received the hope he was looking for as Bill Mushkin, the CEO and Founder of Name.com, responded to the situation personally and is now verifying the details so he can return the domain to its rightful owner in a reasonable amount of time.

Further Reading:

  • It appears hijacker who ran LuxaryDomains is also the same individual who once sold stolen domains through DNForum using the name “Alexa The Top” – view the thread here.
  • For more on the massive domain hijacking, visit NamePros.com.
  • For information on avoiding stolen domains, visit DomainState.
  • One domainer believes he knows the hacker’s identity – click here.

Tags: , , , , , , , , , ,

10 Comments

Randall Brown

December 6, 2008 @ 7:36 pm EDT

I am An Active member at Namepros and the list that was on the website was a nice list of domain. But since they was stolen the value of the domains have dropped in my eyes and I would not buy any of them until this mess is thoroughly investigated.

Thanks for the updates and links.

[…] whole story is told in depth on the Domain Name News website with links to various […]

Ron

December 6, 2008 @ 11:24 pm EDT

Talking about stealing domain names, a topic that I think needs more attention is domain privacy. When anyone can look up the information of an owner of the domain name and the governing bodies insist this information is kept accurate it leads to serious, serious problems for the owner which can result in destroyed lives and even death. Before some of you laugh at what I’m saying I’ll explain myself a little better.

Here is just one example of what I am talking about and it is based on a client I had that payed me tens of thousands of dollars to handle damage control. I’ll change the details of this particular incident to protect the individuals.

Say you own the domain name PetFoodStoreMarket.com and decide to do thousands of dollars worth of advertising. Say someone has a beef with your company and buys the domain name ScamCompanyReportDocument.com posting lies about your company showing the WhoIs information along with a bunch of other companies.

Anyone that does a Google search using:

The PetFoodStoreMarket.com domain name
The PetFoodStoreMarket.com owner
The PetFoodStoreMarket.com owners home address
The PetFoodStoreMarket.com owners telephone number
etc.

will see instantly a Google SERP pop up, usually at the top of the list, with the title ScamCompanyReport.com. When they read it it will say that your company should not be trusted since many pets were poisoned and the owner is being investigated by police.

What can the owner do about this? He has invested money in building and advertising his company like most web projects do. If they contact the owner of ScamCompanyReportDocument.com, the owner will tell you that he can’t remove the information and that everything he is saying is true. Your really cornered into paying him off financially to remove the information since the damage it is doing is ruining your life day by day.

If you apply for a job most companies will do a Google search, if you go on a date most people will do a Google search, if you call a friend and they don’t recognize the telephone number often the friend will do a search. The domain you bought is useless, no one will buy from the store if they do any research.

If you contact a lawyer the first thing he will do is tell you it will take at least $10,000 to start to go after the individual and there is no guarantee that the individual will have any money that can be returned if you sue him.

What happens to most companies that fall in this trap? They end up closing down the website and what additional damage does this do? When the remaining client base (customers that hasn’t seen or realized the fake news) types the domain into their browser and finds a dead page, they then think they made a mistake in the domain name. This once again leads to a Google search for PetFoodStoreMarket.com which brings up the ScamCompanyReport.com page.

The ScamCompanyReport.com page gets the additional attention and hits pushing it higher in the search engines causing more damage to companies that are listed on the site. These guys that run these sites are the worst scum on the internet and it really is unknown how much money they extort from the people they victimize.

CIRA .ca domain names has already made some steps in the right direction to automatically protect whois information when a domain name is bought. Paying for privacy on domain names is a cash grab from registrars. There are many people who spend a lot of time looking up the WhoIs information of good domain names and report false information in the hopes that they can grab the domain when it gets pulled from the owner. Many people are just trying to protect their information without being ripped off paying for privacy. Besides privacy isn’t really privacy, the guy that had the Scam site above looked up the historical whois which had all of the previous owners and changes to the whois data.

With domain names selling for thousands even millions of dollars how long will it be before we start to see murders happening because of the whois information? If a domain is in a will or a competitor wants control of domain or to bring down a company?

What do you guys think about this topic?

Adam Strong

December 7, 2008 @ 1:45 am EDT

Ron, there’s plenty of reasons that people are against whois privacy as well For example it can be a way for criminals to hide behind a domain, squat on TM names, hoard domains (if you are a registrar), etc.

Ron

December 7, 2008 @ 2:14 am EDT

Really what I’m trying to say is that it shouldn’t be that easy to look up Whois information. I believe there should be a way of accessing this information only for certain cases in some type of application process.

If somone is going to squat on a domain name they don’t have to put their real information there. A user could put the name George Bush until someone complains and then change it to his real name for a few days and then change it back to another name until someone complains again.

This begs the question. Wouldn’t a person squatting a domain be more likely to pay for privacy than a person that is using a domain name for a legitimate reason? So the person using the domain name for a legitimate reason is still vulnerable while the squatter is protected. The system is flawed.

Registrars shouldn’t be allowed to hoard domain names but they could easily be doing it under several different names like some companies have been accused of doing.

A solution to this might involve a registry that says how many domain names are owned by a particular people, not what domain names they own with telephone number address etc.

Really isn’t this equivalent to real estate or other ownership of items. If every piece of property had to display a sign with all of the personal information of the owner that would have advantages also. I walk by a Lamborghini in a parking lot and see the whois information that must be displayed in the window.

Who owns that explensive vehicle? Where does he live? What can I sell him? What does he do for a living? Write down his info and Google his name?

How is that different?

Ron

December 7, 2008 @ 2:20 am EDT

One other thing I should have mentioned. The more domain names you own the more likely you can become a victim.

Like the day I had thousands of letters sent through my mail slot only to see that they were all by the same company for each of my domain names.

It was spam by a registrar trying to get me to change each one of my domain names. It was obviously an automated process in which they took the whois information in large quanities and mailed a automatically mailed a letter for each domain name. The program they created obviously didn’t recognize the fact that many people such as myself own more than one domain name.

Using my whois information and using the mail system rather than email. How could anyone agree with this? A tree had to be chopped down to notify me that my domain names were about to expire. I already knew that and register them annually.

A mail man probably had to make a few special trips to my place. I wonder what he was thinking about the whole thing?

WannaDevelop.com

December 7, 2008 @ 3:41 am EDT

Hey Ron, you shouldn’t worry so much ;)

There is domain abuse… Sure :) But if you compare it to all the other businesses online or even offline — it really is 99% risk free if you think about it real good.

Not good being so paranoid… All the best,

Mike

http://www.wannadevelop.com/

Ron

December 7, 2008 @ 1:45 pm EDT

I’m only paranoid because I’ve seen the damage that can be done. Usually the serious problems I am discussing don’t get reported.

As I mentioned in the above case my client ended up paying off the site owner and I’m guessing hundreds of other owners did the same that were targeted on the site. How many of them reported that they payed off this person? Probably none since most of the owners were scrambling to handle the damage that was being done.

One thing however is that I did notice that there were several owners of businesses that were threating to sue the individual regardless of his worth and I’m sure someone eventually did in the end just because of the number of companies being blackmailed.

After seeing the site go down 6 months later my only conclusion is that the owner was sued but regardless of the fact, it didn’t take long for many companies and domain owners to have their domain, online venture and lives destroyed.

What really got me is that I realized that it doesn’t necessarily have to happen to an established business website. It could really happen to anyone with a domain name even if there isn’t a site. The more domain names you have the more lottery tickets you have to be shafted. In my opinion, for a domain owner, a crime is more likely to happen in this fashion than identity theft.

Don’t mean to be negative or paranoid just telling you what I’ve seen and saying that there must be a better way to share whois information which I’m sure will come around one day. I am an owner of many domain names and don’t feel this flaw benefits the industry.

Ron

December 7, 2008 @ 2:18 pm EDT

One final note on this topic. I’ve complained to registrars on numerous occassions about this problem and obviously they ignored it since there is a lot of money to be made with privacy.

There are a lot of automated system crawling the web and collecting this data every day. Anyone that has ever owned a domain name with visible Whois information could be a future victim like some of the previous owners of the domain name that I mentioned above. They were also listed on the site, tied to a domain that they let go even though they didn’t own the domain name anymore. If you owned the domain mentioned/protected above http://www.PetFoodStoreMarket.com you name would have been listed with the reported scam with the new owners name regardless of the truth.

Why are so many companies collection this data in the volumes they are doing? Mailing lists are big business and with email filtering, I wouldn’t be surprised to see more people using the old snail mail method down the road.

This thing is much bigger than simply saying I have privacy on my domain names or I don’t own domain names anymore. If you have ever owned a domain name without privacy my guess is that your name, telephone number, address is in a database owned by someone with malicious means.

This is a big issue that is being ignored but I guarantee you it will make the news in a negative way in the near future.

RSS feed for comments on this post · TrackBack URI

Leave a Reply