Domain Spats & Disputes

WhoIs, the universal registry of domain name registrant information, does not represent evidence of domain ownership or legal rights, according to a federal court decision from 2007.

According to reports in Domain Name News and the Internet Library, the court declared that a change in a domain’s registrant information does not constitute legal change in ownership, because the WhoIs records are a privately maintained system and not a statute-based system of title.

The case involved the domain express.com, which was owned by Express Media Group, LLC. Apparently, the domain’s registration information was changed without the knowledge of Express Media Group, and subsequently, the defendant, Greg Ricks, bought the domain from the “new owner.”

The court ordered the domain returned to Express Media and held that Ricks was guilty of conversion, which in California is “the wrongful exercise of dominion over the property of another.”

It’s unclear in the various reports how the domain’s registration was changed, or whether the defendant in the case was involved in that change. The court’s decision states that the registration information was changed by “unknown persons, presumably cyber criminals,” and noted that the defendant contacted the “new owner” about purchasing the domain “very soon after the contact info on the registration was changed. ”

The domain was registered through Network Solutions. The registration agreement authorized Network Solutions to process account transactions initiated through the use of the user’s password, and cautioned that use of the service was at the registrant’s own risk

A U.S. federal district court judge in June froze U.S. assets and ordered a stop to fraudulent domain “renewal notices” that were sent to domain registrants by a Canadian company called Data Business Solutions, which also does business as Internet Listing Service, ILS, ILSCORP.NET, Domain Listing Service, DLS, and DLSCORP.NET.

The practice consists of sending official-looking “invoices” warning registrants that their domain will expire if they don’t renew it in time. This is, of course, true, but the notice further implies that the company behind the “invoice” is the actual registrar. In reality, it is not, and when unsuspecting victims pay for the “renewal,” their domain is transferred to Data Business Solutions from the registrar where they registered it. Alternatively, the “invoice” billed for an annual “domain listing service” or “search engine listing,” leading consumers to believe that the invoice was for a service they had signed up for and that was necessary for their site to be found in search engines.

According to the report in Network World, the the FTC charged that “the ‘invoices’ represented that the defendants had a preexisting business relationship with the consumer. The ‘invoices’ also represented that consumers owed money for the continued registration of their Web site names and that the defendants would provide continued registration services for consumers.”

The FTC’s report can be found here. Further information is also available at flyteblog.com and the webmail blog.

TechCrunch reported in April that Network Solutions was highjacking subdomains to serve advertising-link filled pages when a user requests a subdomain that isn’t used by domains hosted with NetSol.

This means, for example, that if I hosted domainspats.com with Network Solutions, and if I did not set up a subdomain for domains.domainspats.com, or spats.domainspats.com, or anything.domainspats.com, if anyone typed that address into their browser, instead of getting my standard error page, they would get a page filled with ads for which NetSol gets paid.

This would include domains that aren’t set up to resolve the www version of the domain (e.g., www.domainspats.com), and even with www set up properly, it would apply to any and all typos, such as 222.domainspats.com or eee.domainspats.com, or ww.domainspats.com or wwww.domainspats.com.

According to TechCrunch, this practice is affecting hundreds of thousands of sites hosted with Network Solutions.

Shame on Network Solutions. It’s not the first time they’ve been caught engaging in questionable behavior, and it almost certainly won’t be the last.

According to the temporary blog set up by MakeUseOf.com, the MakeUseOf.com domain was highjacked right out of the owner’s GoDaddy account.

According to the report, the attacker somehow got the GoDaddy account details by hacking into the account holder’s Gmail account. Apparently, social engineering was also used to convince GoDaddy to go ahead and transfer the domain immediately.

Two hackers highjacked the comcast.net domain in May, hacking into the domain’s registrar account and changing the DNS settings for the domain — which took down the ISP giant’s website and knocked out its webmail services for more than five hours.

According to the report in Wired, the hackers used a combination of technical hacking and social engineering to break into Comcast’s account with Network Solutions, which gave them access to change the nameservers for the comcast.net domain. A Network Solutions representative denied that NetSol’s system was compromised.

In gaining access to Comcast’s NetSol account, the hackers gained control of more 200 domain names in the account. They changed the contact information for comcast.net to the e-mail address of one of the hackers; for the street address, they used the “Dildo Room” at “69 Dick Tard Lane.”

In late June, a group of hackers in Turkey highjacked the domains icann.com, icann.net, iana.com andiana-servers.com. ICANN is the Internet Corporation for Assigned Names and Numbers, and IANA is Internet Assigned Numbers Authority. Together, these two organizations oversee the system that manages website nameserver and address information.

According to Zone H, the DNS records of the domains were redirected to point to hosting space at “atspace.com.” The hackers, a Turkish group called NetDevilz, posted this message at the redirected site:

“You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us?”

NetDevilz was the same group that highjacked the PhotoBucket domain previously.

According to the NYTimes, ICANN blamed the highjacking on a hack into its registrar, which was register.com.

The popular photo-sharing site PhotoBucket had its domain photobucket.com highjacked in June, reported The Register.

A Turkish hacking group called NetDevilz gained access to the domain’s DNS settings and changed the nameservers to send site visitors to a different site.

PhotoBucket drew criticism for not acknowledging the hack. According to ThatDanny, PhotoBucket said nothing initially, then finally posted an announcement blaming “an error in our DNS hosting services.” This kind of head-in-the-sand approach creates suspicion and mistrust among users.