Domain Spats & Disputes

Official-looking e-mails are really attempts to steal your domains

Both eNom and Network Solutions, two very large registrars that handle millions of domain registrations, are the target of a major phishing attack. It is believed that the perptrator(s) purpose is to acquire the login details for victims’ domain registrar accounts and thereby steal or otherwise compromise their domain registrations.

The phishing warning on Network Solutions home page

Phishing warning on eNom

If you receive any e-mail about your domain registration (or any other online account you may have) you should never click any link in the e-mail. Go the website where you have your account by entering the address in the address bar of your browser.

And it never hurts to drop into your domain registrar account to double-check that your contact information (particularly your e-mail address) is current, and to lock your domain, if your registrar offers such an option.

The domain registrar Directi announced that it has suspended more than 175,000 domain names. Of those, over 50,000 were “involved in various types of abuse, such as spamming, phishing/spoofing, malware perpetration, suspected pedopornography, financial frauds and falsified ‘Whois’ information.”

Directi is targeting “bad actors” who engage in various forms of spam, phishing, and other harmful activities. For example, their analysis looked for bulk registrations of multiple domains with slight variations in the domain — e.g., 018xyz.com, 018xyb.com, 018xyzc.com, etc. — and for domains that use blacklisted nameservers.

Directi disabled their privacy protection service for more than 500,000 domain names.

The move has touched off a discussion at the WebmasterWorld forum over whether a registrar should act as “the domain police” or whether a registrar’s job is merely to register domains for paying customers.

In late June, a group of hackers in Turkey highjacked the domains icann.com, icann.net, iana.com andiana-servers.com. ICANN is the Internet Corporation for Assigned Names and Numbers, and IANA is Internet Assigned Numbers Authority. Together, these two organizations oversee the system that manages website nameserver and address information.

According to Zone H, the DNS records of the domains were redirected to point to hosting space at “atspace.com.” The hackers, a Turkish group called NetDevilz, posted this message at the redirected site:

“You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us?”

NetDevilz was the same group that highjacked the PhotoBucket domain previously.

According to the NYTimes, ICANN blamed the highjacking on a hack into its registrar, which was register.com.

Yale University has filed a UDRP complaint with WIPO in an attempt to get control of the domain yale.mobi.

Currently, yale.mobi is owned by Interwebgroup, LLC, and the domain is parked with GoDaddy, with no content of its own.

One can imagine a variety of legitimate reasons someone might have for yale.mobi. An individual whose last name is Yale, perhaps? Or a site critical of Yale University, exercising free speech rights to criticize Yale. Or a commercial concern with Yale in its name: the Yale Locks company, or Yale Europe, which sells forklifts and other materials handling equipment, or Yale Windows and Doors, might all have a legitimate interest in the yale.mobi domain.

There are reports that the domain owner offered the domain to Yale U for $900. This could be result in an interpretation of the domain registration as being in “bad faith” — being as they stood to profit from selling the domain to Yale U.

The High Road (aka THR, formerly found at thehighroad.org, now thehighroad.us) is one of the largest and most well-respected guns and shooting messages board on the Internet. It was launched by photog Oleg Volk when The Firing Line (TFL) was shut down. From the beginning, the site and domain were considered to belong to Oleg. The domain was originally registered by Rich Lucibella, who owned and operated TFL. Technical support and hosting were provided by Derek Zeanah.

At some point, Rich wanted to transfer the domain from his own registrar account into Oleg’s. Oleg asked Derek to handle the transfer. Unbeknownst to Oleg, Derek handled the transfer by transferring the domain to himself. The site continued to operate “as is” with no one but Derek aware of the status of the domain’s registration.

Later on, down the a piece, Oleg was exploring the idea of a commercial sponsorship for the site. There was disagreement among Oleg, Derek, and the forum’s moderators about whether or not this was a good idea.

This post is not about whether THR should have any sort of commercial sponsorship. That decision is rightfully the owner’s decision to make.

Derek decided at that point that he was co-owner of the site. He objected vigorously to the sponsorship. He shut down the site briefly. He locked Oleg out of the forum’s Admin area, along with other forum moderators who sided with Oleg in the dispute. He refused to turn over the site’s files and database, and refused to transfer the domain into Oleg’s name.

Rich Lucibella, at the time he transferred the domain, intended to transfer the domain to Oleg, and believed that Derek was properly acting as Oleg’s agent. Rich in fact has stated publicly,

At no time was I aware that Derek was acting as anything but Oleg’s personal agent. Had I been aware that Derek was acting for his own benefit I would never have transferred the domain name to him. It is my position that Mr. Zeanah had fraudulently misrepresented himself to me. If he persists in publicly hiding behind my statements, taken out of context, I will have little choice but to join this legal fray, recover the domain name thru the courts and pursue Mr. Zeanah for my legal fees.

Attempts to settle the matter in private have failed. Oleg has re-opened The High Road at thehighroad.us, and has filed a suit in federal court to resolve the matter.

Read more about TheHighRoad Highjacking here.

The Sarasota Association of Realtors first charged one of its members, Marc Rasmussen, with an ethics violations, and then, after losing that case, dragged him to an ICANN hearing to get control of his domain.

Even though he won the ethics hearing, Rasmussen lost the ICANN arbitration, which ordered that the domain be transferred to SAR. He has filed a federal lawsuit to regain/retain control of his domain. Then, even though Network Solutions, the registrar of the domain, told him they would keep it in place and locked until the litigation was over, NetSol almost immediately transferred the domain to SAR, which promptly began redirecting it to their own lame site.

Read more about it here and here.

The popular photo-sharing site PhotoBucket had its domain photobucket.com highjacked in June, reported The Register.

A Turkish hacking group called NetDevilz gained access to the domain’s DNS settings and changed the nameservers to send site visitors to a different site.

PhotoBucket drew criticism for not acknowledging the hack. According to ThatDanny, PhotoBucket said nothing initially, then finally posted an announcement blaming “an error in our DNS hosting services.” This kind of head-in-the-sand approach creates suspicion and mistrust among users.

Tucker Carlson, co-host of CNN’s Crossfire and anchor of of MSNBC’s Tucker and PBS’s Tucker Carlson: Unfiltered, went to battle with a company called Domain Privacy Ltd. over the domain tuckercarlson.com. Carlson filed a complaint with WIPO (World Intellectual Property Organization). The domain was registered in December 2003; the complain was filed in early 2008.

Under WIPO’s rules, the Complainant (in this case, Tucker Carlson) has to prove three elements:

1. The Disputed Domain Name is identical or confusingly similar to a trademark or service mark in which Complainant has rights;
2. Respondent has no rights or legitimate interests in respect of the Disputed Domain Name; and
3. The Disputed Domain Name has been registered and is being used in bad faith.

The UDRP (Uniform Domain Name Dispute Resolution Policy) normally does not cover the use of personal names, but “in situations where an unregistered personal name is being used for trade or commerce, the complainant can establish common law trademark rights in the name.”

The WIPO panel found that Tucker Carlson has a trademark interest in the name Tucker Carlson, and that the domain tuckercarlson.com is identical or confusingly similar to Tucker’s name. This established the first required element of the complaint.

The panel also found that Domain Privacy Ltd. had no rights or legitimate interest in the name — establishing the second element.

In order to prove the third and final element required for a UDRP complaint, Tucker had to prove “bad faith.” In order to prove bad faith, Tucker had to show one of the following four elements:

1. Circumstances indicating that the registrant has registered or the registrant has acquired the domain name primarily for the purpose of selling, renting, or otherwise transferring the domain name registration to the complainant who is the owner of the trademark or service mark or to a competitor of that complainant, for valuable consideration in excess of the registrant’s documented out-of-pocket costs directly related to the domain name; or
2. The registrant has registered the domain name in order to prevent the owner of the trademark or service mark from reflecting the mark in a corresponding domain name, provided that the registrant has engaged in a pattern of such conduct; or
3. The registrant has registered the domain name primarily for the purpose of disrupting the business of a competitor; or
4. By using the domain name, the registrant has intentionally attempted to attract, for commercial gain, Internet users to the registrant’s website or other online location, by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of the registrant’s website or location or of a product or service on the registrant’s website or location.

The website associated with the domain showed that it was offered for sale for an amount significantly higher than the costs associated costs related to registration and maintenance. The panel found that this constituted bad faith.

The panel ordered that the domain tuckercarlson.com be transferred to Tucker Carlson.

Source

A former program manager at Microsoft was sentenced in July to 22 months in prison for defrauding Microsoft out of approximately $1 million in falsified domain registration fees.

According to PC Advisor, Carol Gudmundson used her corporate American Express card to pay for domain registration fees — but she would then submit copies of invoices that showed inflated charges. She also billed Microsoft for domain registrations that had already been paid for.

Gudmundson got off easy; she could have received as much as 20 years in prison.

She had a history of domain “problems” with Microsoft. She was listed as the contact for Microsoft’s hotmail.com domain when it went offline in 1999. In that incident, about 60 million users were unable to access their hotmail e-mail accounts because the domain’s registration had not been renewed.