Slashdot Mirror
Defending Self In a Case of On-Line Identity Theft?
SoccerDad41 writes "I am a systems administrator for an Indiana-based bricks-n-clicks retailer currently suspended because an unscrupulous typosquatter stole my name and registration information for his/her fraudulent domain registration. My company hired a third party service to protect their trademark by identifying and terminating infringing web sites. The third party identified a domain name, performed a WhoIs lookup & issued a complaint in compliance within ICANN's rules. This was presumably all reported back to our Legal department and it was noticed that the name on the domain registration matched mine. I have a locally uncommon ethnic last name so an immediate connection to me was made & although I protested my absolute innocence in the matter, I have been suspended on grounds of violating non-compete policies pending proof that it isn't me. The fraudulent domain registration was made with a different registrar (let's call them Registrar B) than the one my company uses (let's call them Registrar A). The public parts of the registration information at Registrar B match pretty exactly those of my legitimate domain registrations at Registrar A, including Registrar A's mailing address and phone number. The only things left out in the mailing address are the reference to a domain name and ATTN: Registrar A. Of course the anonymized email address differs as well. Surely I'm not the first in the Slashdot community to find myself in this situation. I'd like to avoid incurring the cost of a lawyer but I am intent on maintaining my good name and continued employment. What are my rights and responsibilities in this matter? What is my best course of action? How did you resolve this issue? How can I prove it's not me?"
See a lawyer.
If I were you, I'd hire a lawyer.
Say it wasn't you.
Contact a lawyer.
No sig for you!!
See subject, and also get a lawyer. A good lawyer is worth their weight in gold and you really do want this case to end up in court where the company you work for has to demonstrate that, despite your loyalty, you really did violate their non-compete clause. The moment they make accusations against you is the moment you should stop working for them.
My insurer offers identity theft coverage. If your identity was stolen, call the police, file a report, and get your insurer to cough up the dough to fix it.
I am sorry you are in this unfortunate situation. However, you have begged the question, and ACCEPTED AS FACT that they presume you guilty and that YOU MUST PROVE YOUR INNOCENCE.
That's not how it works.
Please in writing request a meeting with your boss and the corporate counsel.
Explain simply these NONTECHNICAL FACTS:
1. You have done nothing to violate your terms of employment, your noncompete, or other agreements.
2. If the company has PROOF that YOU did it, it is THEIR responsibility to show it.
3. Until they do so, you want your job and pay FULLY reinstated.
Offer them a concession:
If they fear you MIGHT be a risk, they can PAY YOU, put you on a PAID BREAK until it is resolved.
Additionally ONCE they do so, you ARE WILLING to help them figure it out.
If they ask you a bunch of stupid questions like:
1. Why wouldn't you want to clear your name?
2. Why won't you volunteer information?
3. Can we search your home/hard drive/etc?
4. When did you stop beating your wife?
BE POLITE, BE RESPECTFUL, and tell them you ARE willing to be cooperative, but FIRST they must
restore the rights of yours they have trampled (job, pay, respect), and after that you will help them but
you will not give up your CIVIL or CONSTITUTIONALLY or LEGALLY protected rights to do so.
You don't need a lawyer for this unless they insist on not giving you job/pay back.
In that case, hire a lawyer and you'll be happy to find many who will take a case like this on contingency.
Innocent until proven guilty.
Never give up your right to be innocent by begging the question of "But why am I suddenly guilty."
E
Research a lawyer who specializes in these types of cases. The American justice system requires effective legal counsel, which requires money (assuming this is where you live, but I am sure it holds true elsewhere); there's no way around it.
This one isn't even close. Ignore every advice in this thread except the ones that tell you to get a lawyer. That's what they're for. Both you and your employer will be thankful your did.
Thread closed.
Their they're doing there hair.
Grab a Nolo book or two (check your library, or www.nolo.com), file a "pro se" lawsuit against John Does 1-20, and via that lawsuit subpoena the domain name registrar. Get everything they have, IP address(es) used to register the domain (i.e., load the website), etc. Get records from wherever the site was hosted. Get ISP records corresponding to the IP addresses in use by the person/people who registere the domain name / set up the website. Etc. Document, document, document. Then summarize it in a memo to your employer, citing to the documents you've uncovered (include them as labeled exhibits, e.g., "As you can see from the Billing Information Statement ("Billing"), attached hereto as Exhibit A...")
And then, as long as you're already wet, go swimming. If you can come close to identifying these asshats, amend the complaint and sue 'em. (Service might be tricky, but if you can satisfy the diligence requirement, most jurisdictions will allow substitute service by publication. Then go for the default judgment... Satisfying it will likely be impossible, but having a civil judgment in your favor can't hurt your attempts to remain employed and clear your name.)
Disclaimer, I am a lawyer, but I am not licensed in Indiana, this is not legal advice, this does not create an attorney-client relationship.
geek. lawyer.
This sounds like a perfect example of a situation where there's lots more information that what we are given. It may be completely unrelated to the actual event, but is still relevant.
This falls under the category of "something weird". If a company really likes the employee involved with "something weird" they will probably believe the employee's story and not waste their time with legalities. If said employee is a nuisance (bad work ethic, loud mouth, does not get along well with others, causing problems, worthless at the job, superfluous) then this is a perfect chance to remove said employee without the hassle of unemployment, severance, back-pay, etc.
Basically, if the company wanted to keep the employee, this wouldn't be an issue. What's wrong is that the employee has been marked as unwanted, for whatever reason, and is currently being removed. The company chose this method because it looks legit on paper, but the real reason is probably completely unrelated.
The employee clearly doesn't realize this and is in complete shock as to why such a thing would interfere with his employment. The employee is looking for sympathy as, given the limited facts, this seems completely unfair. The employee should be looking outside the box to figure out why they were marked for removal.
A.: You can't. Steal yourself a new identity, preferrably a rich one, and then move to a country with no extradition treaties. Problem solved.
Get in contact with a lawyer and check what your options are, but try to find a lawyer that knows what internet is about. Evidence on the net is always a tricky thing. If the registrar is in the country where you live you may have some legal options to use to get evidence behind who did the fraudulent registration.
If the domain points to a web server somewhere it's also possible to check who is owning that server and is behind the web page.
But if your address is on the registration you may actually be able to contact Registrar B and ask them to snail-mail you sufficient data to take control over the domain and then transfer it to the company that employs you. Go in and specify something like that you no longer is able to access the email account for the registration or something. When you are in control of it you may have a possibility to go back and ask them for logs about when it was registered and payment process. It's a case of following the money. However try the lawyer path first because if you find the money behind it then you can also find the culprit.
However placing you on suspension seems to be a bit hard, and you may have a case here too.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Sorry, but you can't prove it wasn't you, because everything you say can logically be countered with "Well you WOULD do that, do avoid detection". Domain registered in China at the exact time you were in a meeting with the CEO? "Well you arranged to do that with an online contact to make it look like someone else".
The onus should be on your company to prove it was you, not on you to prove it wasn't, but since you're *already* suspended you may not want to suggest this and antagonise your employer further.
Aside from going to a lawyer, I think the only argument you really have is that you'd have to be incredibly stupid to do this under your own name. You could appeal to the registrar to get it transferred into your company's account which might raise protests from the faker, supporting your argument, but the company may accuse you of offering to do that simply because 'you got caught'.
Do a search online for your name. If you can prove others have the name, it might help prove part of your case. The other obvious aspect here....Get a lawyer.
Sounds like you do need a lawyer! Also sounds like it's urgent. Good luck! - Stephan
http://stephan.sugarmotor.org
Since the registration record lists you as the owner, transfer it immediately over to your company as the starting gesture of good faith. Then consider the advice already given here.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
However, you have begged the question, and ACCEPTED AS FACT that they presume you guilty and that YOU MUST PROVE YOUR INNOCENCE.
Isn't that how it works in the US where you have (at least in some states) employment "at will" and it is very easy for a company to fire someone? The innocent until proven guilty only works for criminal cases. This sort of thing is exactly why you need laws protecting employees....of course he really needs to talk to a lawyer to see whether there are any such laws applicable here.
I'm unclear on the problem. If the info at registrar B matches your info, then you can gain control of the account and terminate it. If it doesn't, then you'll have proof the lawsuit is baseless. If you can't get control, the denial letter from the registrar will serve as proof the lawsuit is baseless.
Of course, to use this proof in court, you'll need a lawyer. But hopefully just getting a lawyer will encourage your company to cool down and talk sense.
But once all this is over, you need to scrub your info from the registration and replace it with the company's info, since it's their domain. You'll then want to quit this job, since this company is more interested in lawsuits than business.
Not that this wasn't entirely predictable.
Wow. Two thoughts immediately come to mind:
1 - Seek some competent legal advice. Don't be a fucking moron: You're about to lose your job and reputation and maybe be sued out of existence and your biggest worry is to "avoid incurring the cost of a lawyer"? So you come to slashdot instead? Mindboggling. Maybe some other competent professional advice as well?
2 - Sounds like too many coincidences to convince a jury. To prove you've been framed you would have to find out who did it and how they benefited doing it or you'll just sound like your garden variety disgruntled employee / asshole too clever for is own good or something like that. If I were you I'd start looking for another job.
I'd talk to a lawyer, and one of the first things I'd ask him is:
If the domain name is registered in my name, can't I force Registrar B to hand over account details to me?
If the whois information identifies you are the registrant, then contact the registrar. Identify yourself and take control of the domain name.
If the registrar refuses, include them in the lawsuit.
Fight Spammers!
GET A LAWYER.
Any further action on your part may be detrimental otherwise.
All lawyers are assholes until you need one.
Your id was stolen by someone to create a website that infringes on the trademark for a company that you work for? First, it's odd that somebody would steal your identity for the purpose of creating a website. But secondly, the website is one that infringes on the trademark for your company. And then your company actively looks for violations on this stuff? I think somebody wanted you fired. Possibly it is your own company - after all, they didn't need much 'proof' to suspend you, did they? If your company is big enough to have a legal dept, it seems they can afford to be (and should be) a little more thorough. Hire a lawyer.
...that it wasn't you? Seriously, folks: Maybe this individual is guilty as charged, and he's asking us about ways to defend his actions, or how to create a web of plausible deniability. Think about it: If this situation really happened to a truly innocent party, with looming consequences of job loss (especially in the current economy), don't you think said party would seek the advice of counsel before airing out his laundry on /.?
I know some of us are always willing to lend a hand to a fellow geek, but sometimes I have to shake my head at how quickly some of you jump to defend an individual who claims to be innocent, framed, whatever.
Somebody paid to register that domain. Find out who it was. Maybe that means subpoenaing Registrar B for a credit card number or bank account, and subpoenaing the bank for the account holder's name.
"Identity theft" is just fraud, twisted around to make the impersonated customer the victim rather than the business that allowed it to happen. Fraud is a crime, and law enforcement should be involved. Of course, IANAL.
If you can do this, then it proves how simple it is, and the onus is then on them to either /prove/ that you were the person that registered the domain name you're accused of, or accept that your boss has been registering domain-names without his/her own knowledge.
Consulting a lawyer is the only sensible thing to do at this point. Of course if you really want to go out in a blaze of irony, you could also register another domain in the head of HR's name or the CEO's name just as was done to you. :D
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
In the parlance of our times, "the thing speaks for itself"
I'd like to avoid incurring the cost of a lawyer but I am intent on maintaining my good name and continued employment.
Right...so let me get this straight: You stand a good chance of losing your job, affecting your life and your family's well-being, and you're too cheap to hire a lawyer? I'm sorry, but you really have your priorities out of whack if you think posting your woes on /. is time well spent.
Way too many coincidental details to be a random ID thief, this is someone who knows you and who is out to bury you.
Hire a lawyer AND a PI.
Then sit back, STFU and let them do the work.
good luck.
http://slashdot.org/~GuyFawkes/journal
it's too complicated, you must be guilty
No one else would be able to set this up.
Know what I mean?
Was it GoDaddy?
Python: 'And then suddenly you have a language which says "we're all stuck with whatever the whiniest coder wants".'
This is a perfect example of why the RIAA's recent win on getting ISP users' identities with a subpoena can be a good thing. He is the victim of a civil offense, just as the RIAA's members technically were. He only knows that some asshole John Doe has maligned his name by doing this. I'm actually glad the RIAA won that victory because it might help him clear his name.
And I say this as someone who normally thinks the RIAA should be thrown through a legal chipper shredder that begins with RICO, takes an intermission at Gitmo and ends in rendition to Syria...
Isn't that how it works in the US where you have (at least in some states) employment "at will" and it is very easy for a company to fire someone? The innocent until proven guilty only works for criminal cases. This sort of thing is exactly why you need laws protecting employees....of course he really needs to talk to a lawyer to see whether there are any such laws applicable here.
The question you pose, again, reinforces the reason why you need to speak with a labor attorney in your state, and probably another attorney that deals with identity theft.
There are two things going on here, folks. One, his identity was stolen and used fraudulently. That's a criminal matter and you need to call the police and/or FBI. The outcome of that investigation then needs to flow into the civil labor case where you were unduly suspended from your job for something that is clearly out of character for you, and could cause additional undue damage to your career and reputation.
The identity theft is separate from the labor case, but one must be dealt with first in order to clear your name in the second.
Can X please take the stand? Interesting argument. Can the other X take the stand? Huh. Fascinating. Which one is real, I mean, the second one certainly has all the credentials. And a cute smile.
Identity theft: sucks.
Oh wait, right, you don't have a Union Rep. My bad.
Screw it you are already suspended, might as well go out in a blaze of glory. Transfer the domain immediately and point it at one of the goatse mirror sites.
Get a lawyer. OF COURSE get a lawyer.
Here's the thing with the legal system in the United States-
It's not if THE LAW is on your side, it's if THE JUDGE is on your side. The major benefit of hiring a lawyer, especially a "local" lawyer, is that he likely knows the judge personally. You likely don't. A lawyer will get things done that you can't, simply because he is part of the local "old boys club".
Basically, you have to hire a lawyer, because it shows that you are willing to "play ball", as they say. When you defend yourself, most judges think you are just being obnoxious, and aren't going to be very cooperative.
You are working for assholes who are assuming that the registration is yours even though you explained the situation.
Who would be dumb enough to register a domain which infringes on his employer's trademark somehow, and using his real name?
What for?
Sadly most advice from people here wont apply. We dont know Indian work place laws or legal system. But as many had said a lawyer is prob a good thing to get. The only thing that you could do to prove it was not you is obtain the billing information from the other company to show it was paid for by some one else. While they can put anything they want in the register information they would have had to use there own billing name to make the domain purchase. Now where I am in Canada a company cant just give out information like that due to privacy laws. Here it would require a lawyer to obtain that information. If the register is any decent and for there own protection from fraud they should maintain records of the IP address which registered it to. That can then be checked against the ISP and the identity for the owner of that account should be obtainable too.
I know in California your employment is considered "at will" if you're a regular employee, which basically means they can terminate your employment at any time, with or without a reason given. Since you're in Indiana, I don't believe you'd be employed under such statute, therefore you should have a full menu to legal recourse at your disposal. I would say - go sit down with a Lawyer and take them up on their free consolation at a minimum.
The employer can fire you for any reason at all.
So, it would be up to you to prove that this person is not you.
Employment rights are not the same as legal rights.
Guilty unless proven innocent.
If they're going to fire you over something like this, consider the possibility that they were going to fire you anyway. If you're sure you're clean all around, hire a lawyer, but don't sic 'em on the company until you've been fired or want to get fired.
I've used Identity Theft Shield for the last few years and it's helpful for taking care of this kind of thing. Tied to a legal plan, you have access to the legal representation you need as well. It's little money well spent:
http://bit.ly/aKbg6V
First off, if the registration is in your name with your address, phone number and email address then you should have a very easy time taking control of it. Write a letter (on paper) to your employer requesting permission to do so with the intent of collecting all information contained in the account and turning it over to the company. Take no action unless they grant permission in writing.
Second, hire a lawyer to write you a letter to the effect of, "Mr. You's name was forged on the system in question. The company's reaction is unacceptable. You expect to be reinstated by date X after which you will avail yourself of all legal recourse." The lawyer can help you with the exact wording and concepts. Composing and sending the letter will cost you around $200 but it sends a message to your employer that you consider their behavior in the matter to be unacceptable.
Third, they can't "suspend" you. This isn't grade school. They can pay you, fire you or lay you off. Those are their only unilateral options and you have specific legal rights in each case. They can ask you to take leave without pay, but you have to agree and you shouldn't agree without giving them a hard deadline for reinstating you.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Plus also get a copy of any grievance and discipline procedure. I would also get in touch with an employment lawyer (not just any lawyer) for your jurisdiction.
It’s a moot point if the alleged misconduct is serious enough offence to warrant precautionary suspension - did you have any hearing at all. Precautionary suspension is only to stop people accused of serious crimes from fiddling with the evidence, which in this case I don’t see how that would be possible
How ever an “off the record” chat with your boss before getting lawyers involved might be worth pursuing. – Pointing out that if you prove your innocence you will be filing a grievance/lawsuit against the company as this will reflect very badly on the mangers involved and that legal and hr may wish to question the mangers concerned and this may well have a negative effect on them. BTW in the UK it looks like you would automatically win as it looks like the procedures haven’t been followed. The “ethnic” name also sets off some alarm bells as well.
IANL but I am a senior lay TMT union activist in the UK.
... contact the NLRB, National Labor Relations Board, as a next step. They may in effect do any necessary lawyering for you.
A typosquatter wants to create a domain using a trademark illegally. So then he doesn't want it in his own name because it is illegal. So he looks up the whois information of a related website and uses the same information in order not to have to put in his own name. Someone at the company discovers the typosquat website, runs whois on the typosquat domain and is enough of a moron to just assume that the name label associated to an illegal activity is actually genuine, and then proceeds to impugn the good name of an employee. This based on the equivalent of a bank robber putting a note with a name on his forehead and everyone just assuming that the name on the note is his actual name.
Obviously what the company should have done is to help the guy prove that it wasn't him, rather than just throwing him overboard to see if he floats. At least every other employee at that company now knows what kind of organization they work for, if they didn't already. I know I would be racking my brain to see if I couldn't find a better place to work if I was an employee there and saw something like this going on to someone else. I would be doing that even if it turns out that the guy actually did do it, because the company attacked him before they could know that, so if I ever got in trouble through no fault of my own I would know to expect the same thing - not the kind of place that I want to be if I have any choice in the matter.
IANAL, but in Arizona, at least, and probably many other states, the act of domain hijacking is a felony (it's considered unauthorized computer access, or some such language). So is ID theft. There may be federal statutes at work here as well. You should see if you can get the proper authorities involved -- they'd at least be able to subpoena the registrar's records to track down the attacker.
Granted, you'll have to get the authorities interested first -- usually they need to see significant monetary damages with criminal intent. But it's another avenue to explore if you're challenged by the legal fees (and who isn't these days?)
Ask your doctor if getting up off your ass is right for you! -- Bill Maher
The lawyer will tell you basically that, unlike criminal cases, where you have to be shown to be guilty beyond a reasonable doubt, that in civil matters, the indicators of your innocence have to be more than the indicators of your guilt.
It's called "the balance of probabilities." So far, the balance of the probabilities, based on the "evidence", is all in their favour.
You've already told them you didn't do it. Your best option now, unless you live in a jurisdiction that isn't "at will", is to conserve your resources while you look for another job. If this were a small enough business that the people around you would find it totally out of character for you to do this, you wouldn't be in this situation right now - they would have believed you. As it is, they don't, and worse, they can't afford to back down at this point.
Pick your fights. You've told them you didn't do it - now tell them you're not comfortable working for a place that calls you a liar and you want to discuss a severance package that includes an agreement that you were RIF'ed if anyone should ask for references. Because even if you prove you didn't do it, your job there is history, and at some level you know this is true. Besides, do you want to work for a place that calls you a liar and a crook?
I'm not being mean here, even though the tone might come across as such - it's because you really need a bucket of water (or a brick) to the face to make you realize that you're in a no-win situation. It's the same "wake up and smell the coffee" advice I'd give to my closest friends if they were in the same situation. It sucks, but so does life in general. We can't change that, but we can change how we react to it. We can either stew on it, and let it turn into acid that eats through our guts and permeates our life and our personality, or we can move on.
We all know people who, a decade later, still won't stop talking about someone who screwed them over at EVERY occasion. Try it - go on a dinner date with someone who's divorced - sometimes it's like their ex is sitting at the table with you ... you want to say "you're obviously not over them. Maybe you two should get back together if you like arguing about each others actions so much. Call me when you're really single."
This is the same situation. Nobody, not a lawyer, not anyone on slashdot, can change what's happened. What we can do is give you the encouragement to help you deal with the situation in the most efficient, least destructive, way, both professionally and personally, and help you rebuild. The lawyer won't do that - their first interest is $$$. Before it's finished, this case will cost you a minimum of $20k, and probably a lot more.
If you can handle the legal stuff yourself, my advice would be a bit different, but not by much. Some things it's just best to agree to disagree, tell them that you've thought about it, and when they find the culprit, you'd like to be kept in the loop, that you won't use that info to hold them responsible, and if there's anything you can do to help, just call, and that you understand they're only trying to protect their business and the other employees, and then move on. You'll keep your respect and earn theirs. It's a small world. You never know, they may call back in a few years with good news - you should keep that door open.
I've had bosses who are dicks - even after I've quit, I tell them that if there's a problem, call me. They might be too proud to admit they made a mistake, but the smarter ones are not too proud to take my advice when they're stuck, and I'm not too proud to refuse to help them.
This isn't a bad idea if the company is willing to be reasonable - but you want to have permission to do it first.
The preferred solution is to not have a problem.
get a subpoena for the billing information to give to the registrar. That will show it's not you.
They're using their grammar skills there.
Geeze man. Lawyers are expensive. Maybe the answer is "too poor" rather than "too cheap", especially depending on the circumstances.
I make a decent wage and a long court case would stretch my budget, I'd imagine that if the author of TFA is working at Best Buy or somewhere similar then a lawyer would be similarly expensive.
Winning one's job back isn't much of a victory if it costs more than a year's wage was worth... unless he makes big bucks suing the company or domain registrants (and it's more likely he'll just bleed cash whilst the company strings out the lawsuit).
You need to retain competent counsel. Do not file a pro se suit against anyone. Do not try to go it alone. Unfortunately, with the primitive protections provided in most At-Will states, you will be hung out to dry in short order. Your reputation will be damaged, possibly beyond repair, and you will have difficulty working as a sysadmin. Posting as much detail as you did on Slashdot was probably not the brightest idea you've ever had.
I remember when legal used to mean lawful, now it means some kind of loophole. -- Leo Kessler
> What is my best course of action?
Hire a lawyer. Yes, it will cost money. Do it.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
So, this stolen identity was used to create a website in the same business area as the company you work for? You have an unusual name, and someone has managed to find out and use detailed information about you to buy the domain? This sounds like an inside job. Is there someone at your workplace that really doesn't like you and is making grabs for your job? I'd call the police (if they haven't been called before now), and get myself a lawyer. This sounds a little more calculating than some spammer ripping off your ID. At the very least this sounds like some serious fraud.
If its yours and you have tried everything so far, find the nearest hammer and get to work? If your not willing to deal with it then take ownership of that property and hand it to someone else.
Problem: His company now sees him as a liability. Anything he does with this domain can backfire ten times. He claims nothing to do with the domain, so he should have nothing to do with it at all.
DO NOT DO ANYTHING RIGHT NOW BUT GET A LAWYER!
http://www.debunkingskeptics.com/
So someone (maybe you) set up a website, whoopdee.
Domain names and squatting are ridiculous claims, which is what this case sounds like.
Any legit companies (yours) use of anonymization services is unnecessary. And if you used a decent one, your 'name and registration information' 'parts' wouldn't show up at all for comparison.
And for an employer to suspend you over something that lame and as yet unproven is completely unwarranted and in fact, evil.
The fact that they did it means you are nothing to them, they do not care, your name is mud.
I'm looking for employment and in Indiana up by Chicago, and as your IT company seems to be in need of a new system administrator, which company is it?
If you have a chunk of cash on hand simply contact the Registrar and get the log data for that transaction. It will cost you. At least you will have an IP (possibly spoofed), times ....
This is also a matter with ICANN, they let a fraudulent registration happen. Contact the ICANN ombudsman Tho, not sure they can do much, but more people involved more fun it will be...
Franck Martin
Avonsys
Unless the registrant paid cash, which is almost impossible online, they likely paid with a credit card. Check with your local prosecuting attorney about filing a fraud case against John Doe and see if they'll file subpoenas to the registrar and credit issuer for identification purposes.
"Defendant claimed it was a case of mistaken identity, but refused to cooperate until he was restored to his salaried job."
When I got fired and the employer withheld my wages, I took it to labor & Industries and filed a complaint.
They are who you talk to.
They are setup for this sort of stuff.
Providing what the employers did was illegal. If it's not, then you might need a lawyer.
Be seeing you...
... not because I might look for a system administrator job (I have one), but because I want to be sure to not ever buy anything from a dishonest and evil company. Not all companies are evil. You have to figure it out by how they act (not what they say).
You will NEVER have a job there, now. You clearly have enemies, and they were not honest enough to say it to your face and say "this is employment at will and we don't will it anymore". Move on. And tell people where NOT to shop (because there is a risk they will get screwed by this company ... they have already shown their colors).
now we need to go OSS in diesel cars
This story doesn't seem to add up. Why wouldn't a competent SysAdmin just contact Registrar B either by an Abuse, or a Support resolution process? Worst case scenario, a competent registrar will want a letter on the victim company's official letterhead, or some notarized document, to prove identity. Best case scenario, you could take over the domain (registered in YOUR name), and shut the site down by lunch-time on Tuesday.
If it were me and I WANTED to keep my job, then I'd lawyer up, if that didn't work.
/^([Ss]ame [Bb]at (time, |channel.)){2}$/
Can you get something from the FBI sort of like a police report when you are burgularized. They are supposed to investigate, and prosecute these cases.
I'd say that suing them would be enough to prove your good faith. I mean, if you had registered both domains, you'd probably refrain from suing anybody, as you could get into trouble when the truth came out. It's the same principle as insurance companies asking you for a police report before paying for damages to an stolen car. The police won't even see your car usually, but most people won't risk a problem with the police for the repair money.
Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
if you live in an "At Will" state. They can basically get rid of you for any reason.
You need serious legal help. Every state is different in matters of employment law and some offer much better protection than others. If your lawyer has experience in the federal court system and there is a foothold that might be a better path. And it is not just your current employment that is at risk. Your future may suffer as well. Do not attempt to speak or find help until you see that lawyer. Anything you do can be seen as hurting your cause.
Also do not assume that this dismissal is not a pretense. Your company may be behind the entire affair. Dirty tricks take place and who is to say that they don't have a cheaper replacement waiting in the wings.
Assertion Error: lawDegreesHeldBySlashdotReplier:0
But my advice is simple. You have all the rights you can afford to defend.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
So he sends, by snail mail, a notice to the registrar telling them that the email address information is not valid, and to please transfer it to his soon-to-be former employer, along with a copy to his former employer. The registrar will ask for government photo id confirming his mailing address and name, and transfer the domain. What's the big deal? No need for a lawyer
If someone registered a domain in my name without my permission, they don't have a right to the fraudulently obtained domain but neither do I unless I'm up-front and make a claim based on the fraudulent previous registration. Even then my claim may not hold water - the "rightful" owner may be "nobody, the domain goes back into the hopper of unclaimed domain names."
Of course, the trademark claim by my employer may moot the above. However, I should never pretend to be the person who actually registered it. That's fraud.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Still, despite the bad rep that the profession often has, there are many lawyers out there who are truly decent people and are willing to offer advice for a reasonable fee. I've dealt with some who are pretty reasonable, and the fee is probably as useful at dissuading the "oh, you're a lawyer, can I ask you about ..." types as it would be with the "oh, you work with computers, my home computer has been ..." types :-)
I agree that a consultation is likely worth it... I'd just caution against the "both guns blazing" approach that some people recommend when it comes to an actual lawsuit, those cam get nasty - and expensive - quite quick.
Can you not follow the money. The domain registration and the hosting will be paid for somehow, probably not in your name. Maybe you can use your real identity as leverage with a bit of social engineering to attempt to recover payment and account information, if anything you can at least rule out any futher (potentially criminal) activity associated with your name. Lets presume someone you know has done this as a malicious act, it is unlikely they have also been involved in the criminal aspects of fraudlenty setting up a payment account in your name. Even if they did setup something like paypal in your name (semi-anonymously / no id checks) at an email of the domain itself; it must have been originally funded somehow.
There have been cases in the world when some high level political figures have been appointed to the position of director of companies they were not aware of, I guess the paperwork in those countries doesn't require any signature or confirmation of ID by the person themselves.
Maybe you can consider demonstrating to your superiors how the process of domain registration works, and under their complete observation register another domain using your superiors personal details (as held from public record), use your own me legal payment mechanism and then take your own companies website and mirror/copy it.
Alternatively (if they are not willing to observe) assosiate the domain with less savory content (this might make you feel good, but might not help your future references).
> All lawyers are assholes until you need one.
We actually need assholes with surprising regularity.
...to show them how easily it is done.
Lets say you can prove you did not register the domain. You're still gone.
Lets say you can get your lawyer to convince your lawyer that it is the employer's burden to prove you did it. You're still gone.
Lets say your employer gets proof you did not do it. You're still gone.
Later.
Whatever you do. Get everything in writing and signed. Don't tell them anything (might be a too late now, just don't tell them anything more).
But whatever else you do. Don't talk to the police! See youtube video.
http://www.youtube.com/watch?v=6wXkI4t7nuc
Just to be clear, and please correct me if I'm wrong: You registered one or more legitimate domains on behalf of your employer. Since this was a business registration you presumably filled in the "Registrant:" field with your name and your business address at the employer's premises? These details were copied and your employer now believes that you are typo-squatting from your work address? I'm no lawyer (and Irish law wouldn't do you much good anyway) but that surely stretches credibility a little?
I'm absolutely not qualified to give advice, but I do feel sympathy for your position so I'm going to suggest what I would do in your place from my limited (and potentially irrelevant) experience working with a patent lawyer.
I would hire a lawyer and help him/her understand the technical details of domain registration, what is public, how easily it is available to the general public in non-technical terms that he/she understands and help on use of the technical terms in constructing an argument for your clear or likely innocence. They should provide understanding of the nuances of the law in relation to this case, advise you on the implications of your local law and your employment contract and what action best protects your livelihood and support you in any legal action that you may decide to bring against your employer, or assist in working with your employer to seek a mutually agreeable solution.
I understand that in Europe we have significantly more legal protection as employees and the concept of "at will" employment would be laughed out of court but I think that just emphasizes the need for local legal knowledge.
I completely understand that you would like to get a result that's good for you while avoiding the expense of a lawyer (everyone who uses one would) but if you want to be anything other than a passenger in what happens in your life at this point you probably need the assistance of a good legal professional. If you go to court and get the right result then your employer is paying his/her fees anyway.
If you absolutely insist on going it alone then I would suggest having an explicit meeting to make sure that your employer understands how easy it is to both get existing whois information and how easy it is to use inaccurate registration information in a domain registration but only if you're sure that you don't want to pursue the legal route later, or you may just be giving them prior notice to prepare answers for awkward questions that they may be asked in court.
I'm in no way a legal professional, this is not legal advice, and the majority of this post is the opinion that you seek some elsewhere.
This is something I am scratching my head over; you have a domain typo squatter using your information for a typo domain name for a company you work for? If I did not know any better, I suspect one of your co-workers is trying to get you fired.
How would a domain squatter know you worked at this company?
Why would they even investigate who works there and used their name?
Why don't you simply take take possession of the domain? If they used your information, just contact the registrar and do the whole "I forgot my password and I don't have control of that email address anymore" routine.
Again, one of your co-workers is trying to get you fired.
Linux O Muerte!
I didn't read every single comment, so forgive me if someone already suggested this...
Doesn't "Registrar B" have a billing history? Most of the registrars I've used have a link to view billing history, including the method of payment. A credit card shouldn't have authorized with incorrect billing information.
You should be able to go to your local police station and file a report. The police or a lawyer should be able to issue a subpeona to the registrar for the information. At the very least there should be an IP address on file somewhere (management console login, ftp login, etc..). Even viewing the web site traffic logs might give you the IP address of the person that put up the web site. Just check the very first few visitors to the site. The offender would have visited the web site after he published it.
In America you are innocent until proven guilty (well - supposed to be). If the person covered up their tracks good enough to hide their identity, then it can't be proved that you did it either. From what I understand the prosecution needs to provide the proof they have against you. If all they can provide are access logs from china or fraudulant billing information, I would turn around and say "thanks for proving im innocent".
If the only evidence they have is the contact info used for the domain registration, and it actually looks like it may hold up... Use that against them by performing trademark infringment on yourself using the prosecutions contact info. If they win the case against you, turn around and win a case against them.
But I'm no lawyer... Just a smart ass that doesn't like people taking advantage of the system.
File a report of identity theft with the law enforcement agency having jurisidiction over your residence. It is very unlikely that they will actually investigate it, but you can obtain a copy of that report that you filed under penalty of perjury to help clear your name. Consider the John Doe Lawsuit advice previously given.
who aren't smart enough to see through an obvious joe-job? Or did you witness the CEO banging his secretary or some other reason they might just want to frame you and make you go away?
Wow, "the right guy to ask the followup is not the guy who asked the original, so someone tell AK Marc to look here.
Without descending into total pretzel-logic:
Given this quote from below:
"And a non-lawyer giving legal advice is not actual legal advice, as they aren't a lawyer and unless they present themselves as one, it is not considered legal advice."
Can we go one further and say that all slashdot posts are assumed NOT to be legal advice, unless someone says they are in fact a lawyer? (And even then assuming it's not a prank.) I would REALLY like "IANAL" to go away.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Okay, I understand your point about cutting your losses, moving on, etc.
But on a security clearance, they ask if you've every left a job under unfavorable circumstances, and everything in between (fired, quit after being told you would be fired, quit after allegations of misconduct, etc...) If he really is innocent, and he doesn't clear this up now, he may very well be forced out of his career.
In the first place, there's a killer depression going on right now, so his hopes of finding another job, even with a stellar job record, are abysmal. So getting another job may not be an option.
In the second place, security clearances are typically run *after* you accept the position. He's going to have to restrict himself to only jobs which don't require clearances (i.e. no government work, which probably won't be hiring right now), or gamble on being able to explain his innocence to a clearance investigator. Should he fail, he'll then be in the even worse position of having been fired by his last two employers in a row.
His best bet is to fight it tooth and nail. The damage to his reputation will cost him far more than the legal fees. To simply walk away gives others the impression that he had to leave after "getting caught".
The society for a thought-free internet welcomes you.
How do we know that it wasn't you? Seriously, folks: Maybe this individual is guilty as charged, and he's asking us about ways to defend his actions,
You might be right. It might be a complete and total scam. He could be laughing at us... right. this. very. second. :D
But in this country, he's 100% innocent until it's proven that he isn't.
And fuck you or anyone else for going against that.
1. How was the registration paid for? If it looks like you, get the payment details, probably a credit card etc. Shouldn't be too hard, since it was 'your' registation. If the registrar refuses, as they might, well is this because the payment wasn't by you? Time to find out who.
2. After a discussion with your employer, you might want to shut down any site - move DNS to some other server. If this weren't so sticky, I would offer to hold your A record, and point it to a nonexistant host for you. Though I doubt you will win any points there.
You do need a lawyer, sadly. But I would love, as you might also, to know how the registration was paid for...
deleting the extra space after periods so i can stay relevant, yeah.
Lawyer is the best option. A fallback is to see the company's lawyer. You can tell your employer/their lawyer that they need to subpoena the records of the registrar B to determine who filed it. If it truly is a third party, they are losing time by not getting the true story. If it actually isn't you, they are not fulfilling their obligations to the company, instead handling this ineptly.
If they want to pursue legal action against you, they need to start it, and it will involve getting proof from the other registrar. So they might as well go ahead and do that part. If it is an anonymizing registrar they will have proof neither for nor against you. But the party used your contact details, so that's not the case. The registrar should have more information. Lawsuit and discovery might find the real culprit, or at elast get the right documentation for you to prove innocence.
Or just ask the registrar for details, preferably printed and mailed to you. Date of registration, payment records, any other contact information. Since you seem to be the contact, you should be able to get all the information a subpoena would provide. If registrar B refuses to provide this information since they don't think you are the rightful owner, have them sign and mail/fax that refusal to your employer.
Of course, there is no incentive for you to do so while suspended. So either they can reinstate you and you can work with them. Or you wait for them to sue you, which is the only way they will get proof. Then you meet with the company's laywers and explain to them how DNS registration works, and that they need to get more information from Registrar B. Back to the first plan. Or sue John Doe using the alternate anon address, but you seem to want to avoid that. Most likely you will have to request the information, though, since your employer shoots first and asks questions later.
If you explain the options like that, hopefully with more clarity, they should see reinstating you and having you assist as the cheaper option. Especially since you are seeming to make it easier to gather evidence against you.
Someone paid for the registration - if it was a credit card you have your third party. If it was cash or prepaid card it might end up as a dead end. But if you are as innocent as they say, at most they will find what they already know. But then you will be able to say there is no proof, or you provided what you could.
1) she not certified to practice law in Indiana, but does practice employment law. 2) These are the obvious questions any lawyer would tell you to ask yourself: Do you have a written employment agreement? Read it now. Are you an "at will employee" (terminable at any time for any reason) or employee terminable only for "good cause" or on some kind of fixed term contract or what? 3) This is not really a "legal" matter, this is really a "does your employer want to keep" you matter. Unless you work for government or have some other intricately regulatior bound process, in that case call your union represntative and your lawyer right now ($$$$). 4) It all depends on whether your employer likes you. If you can only be terminated for good caues and your employer likes you, throwing significant resources at this including hiring an atterney to subeana everything from the domain name register is reasonable. On the other extreme if your employer doesn't like you and you are and "at will employee" then, well, they reasonable suspect you of a faud and do you really think you can put anything togeather that will get rid of that reasonable suspicion? Only you know your financial resources and how much your employer likes you and what the terms of you contract are. Practical advice: 1) Tell the employer you don't own the domain. 2) Tell the employer that ICANN thinks you own the domain, and you are willing to empower your employer to take down the domain. 3) If you and/or employer can't convince ICANN you own the domain, then you have evidence to your employer that you don't own the domain.!
> How can I prove it's not me?
You don't. You can't without producing the culprit and proof they did it.
You sue for wrongful termination. Then it's up to them to go on the defense and try to prove that you did it. They can't, they lose, you gain, they pay your lawyer.
You say you're not terminated yet? If you are, your reputation is shot, so you do it pre-emptively, based on suspension and the fact that you're facing a shiny new right-to-work law (actually, a right-to-fire-for-no-reason) in Indiana with the assumption THEY will use it to finish the termination. Check out badforindiana.org and see if they have recommendations for a lawyer.
Don't defend yourself, don't just fight back. They're firing a warning shot so fire back point blank with both barrels.
Worried about the job should you win? Or whether you'd even want to stay? An untenable employment situation after an action like this is common. So you make your settlement be that they continue to pay you or else accept an injunction preventing them from firing you (even after r-t-w passes) without going before the judge and justifying it. And, make their continuing to pay you apply to termination by either party. Thus, they'll want to keep you happy (and you'd have to show just cause to leave without foregoing the settlement money).
Kick ass, or they will walk all over you.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
1.document everything
2.get legal consultation
3.tell them that you are innocent and blaablaa, whatever that one guy said about severance etc.
4.get info from the registrar _when_ it was registered and how it was paid
4.1 prove that you were with someone or somehow that you could have not registered it
4.2 or prove that you could have not paid it (reasonably, ie. it doesnt show on your credit card.)
You will not get your job back, but you might get a better severance, and besides you really dont want to work in that company anyways.
Sometimes you need to face the facts: If subby was valuable to the company they wouldn't be doing this (or maybe they aren't seeing it, he didn't kiss the right posteriors, whatever...)
There *might* be a case for unfair dismissal but proving it won't be easy, let's say 5% chance of success.
Life isn't fair, people are fired every day. Best thing is to move on as quickly as possible.
No sig today...
when registering a business domain. Use a role ID like "Network Operating Center - [company name]" instead and use network_operating_center@domain.tld or other role-related userID as an e-mail address.
Identity theft aside, when the domain name user ID information is pointed at a specific person, that person might leave the company or die or go to jail, leaving domain renewal warnings or other messages relating specifically to the domain at an address accessible to nobody at the company or even to a disgruntled ex-employee.
Tech Public Policy stuff
"Until" has always had a sinister ring to it. Surely it should be "Unless"...
If you don't risk failure you don't risk success.
Or just ask the registrar for details, preferably printed and mailed to you. Date of registration, payment records, any other contact information. Since you seem to be the contact, you should be able to get all the information a subpoena would provide. If registrar B refuses to provide this information since they don't think you are the rightful owner, have them sign and mail/fax that refusal to your employer.
Pretty dangerous game. Once the subpoena from the company will roll in, the registrar can now (truthfully) testifiy that the SoccerDad41 is indeed in control of the domain.
could someone be trying to get you fired?
I would give everything i own for a little bit more.
I am sorry, but I have to say. If it looks like a duck, smells like a duck and quacks like a duck, its probably a duck. Unless you were smart enough to drive half way acrossed the country to a coffee shop to use their internet when you registered the domain name, it will be fairly easy to prove it WAS you that did it. Rather than going to all of the expense of getting a lawyer to try to defend against something that we both know you did, just admit it to the company. I would be willing to bet that all they originally wanted was for you to take down the site and you claimed "Oh, it wasn't me", which just caused them to say "Fine, hit the bricks then". There will be plenty of evidence available for the company. Credit card information for the registration is just the beginning. Even if you went to WalMart and bought one of those prepaid credit cards, that can still be tracked. You can't hide from this. Admit you did wrong and move on.
Send a bogus email from your boss to you and CC his boss saying it's OK to show up to work on Monday (from a local library computer or something). Show up, and when they ask, produce for them the printout of the email with his name in the FROM line. When he says he didn't write it, you have perfect proof that someone is targeting the business because his boss got the same bogus email. Let him prove that he didn't write it!
If you want to keep the job, DON'T get a lawyer. Once you DO, you might as well start looking for a new job.
If you don't care about the job and want to clear your name realizing you'll need a new job anyway, get a lawyer.
What's this innocent til proven guilty stuff? Assuming that this is in the United States, and there's no "employment contract" (which there almost never is), and in almost all states, the OP is "employed at will", and can be terminated for any reason. The boss doesn't like the color of your sneakers? You're history. Unless you were terminated as part of some discrimination against a protected class (unlikely here) there's not much you can do.
Employers can and do terminate employees, perfectly legally, on mere suspicion of doing something undesirable, and in today's economy, there is the proverbial line of people waiting to take your job.
The only cases where it's a big no-no is where you get term'd in retaliation for reporting a fairly limited set of things (e.g. if you aren't getting your paycheck on time, and you complain, and they fire you, you probably DO have a case)
There's a depression on right now? It's a manufacturing slow down. There are tons of sectors making money hand over fist.
...due to their negligently lax identity verification measures causing irreparable damage to his reputation and livelihood.
Could registrar B printing an untruth that causes him harm be considered libel?
Find out the IP and date/time it was registered FROM and prove that you were at work at that time.(or not in Russia)
I never understood why a company being defrauded by someone using my name is called "identity theft". It's got nothing to do with MY identity. They could have defrauded that institution with ANY name. Everyone screams and hollers on here when the MAFIAA tries to term copyright infringement "theft", but we can go an entire thread and somehow not seem to care that "identity theft" is just P.R. Speak for "We F'd Up and Want You To Pay For It". (yes, i know...he didn't pay for anything, but he IS being forced to "pay" for falsely listing him as the owner)
Registrar B should be liable for making sure that you're you. In any sane world this would be equivalent to slander or libel.
Since it's apparently YOU who messed up and went and got that silly identity of yours stolen you basically have to call Capital One every day and make sure that they know that you didn't order any credit cards today; Call paypal today to make sure they don't have your name on any other accounts. Call...Call...
The way Identity Theft is handled in the US I should start handing out loans to anyone who gives me a name. Then I can go around insisting on collecting that money from whoever's name I was given. "Oh, prove that wasn't you... it says your name right here."
-Citizen of the United States of One Big Corporate Joke
Can't the courts subpoena the payment info for the fraudulent request?
Maybe you as an individual can contact them as well. Without some social engineereing they should only be willing to tell you it doesn't match info you provide.
Chances are, whoever did it wasn't that bright and used their own paypal or credit card info.
IANAL, but have you spoken to the feds? This is fraud and identity theft, which is a criminal offence, I believe. Someone asked "who paid for the registration" - unless they've stolen your credit cards, that's a backtrace... and if they're not in the same US state, that's interstate wire fraud, and gee, that's within the purview of the FBI.
mark
Call the police and tell them you've had something stolen.
If the stolen domain's whois info does match your own, just use the registrar's admin contact reset procedure.
Faxing your letterhead, a utility bill & a gov't photo ID with name & address matching on all three should allow you to reclaim the domain.
Then change the info to your company's & it's all good.
Whomever they are, what a dick way to handle an issue with an employee...
Then file for unemployment with Indiana Department of workforce development. That will get you $390/week for upwards of a year. P.S. You'll need to look for new gainful employment.
If the company contests your claim. Be sure to file an answer.
State that in the normal coarse of business, your name was used for the technical contact the companies domain registration(requires a real person).
If this is not the case, then insider info was likely used to frame you (former coworker, HR, supervisor, outsourcer, etc). Either way the doctrine of Respondeat superior applies (Employer is responsible for paying your legal costs if your prevail).
A domain typo squatter has used a portion of that information in setting up a fake website for criminal purposes. Employer has instead terminated your employment for another unknown person(s) suspected criminal activity.
P.S. Even if you can't track the domain registration. One should be able to track the money trail of the fake/typo website. Obviously they're in this business for profit.
Don't forget to file a criminal complaint with the U.S. Secret service.
Obviously the poster is monitoring the threads if they're really looking for a solution. If he doesn't suggest it as an option, it's going to look very suspicious. I would draw the inference that maybe there's something in the billing or email info he doesn't want me to see.
Like I said, the genie is out of the bottle. He asked for solutions, and this is practical, non-technical, easy for anyone to understand - even the PHB types.
So, either:
Why so low a genuine probability? Because the guy has had a lot longer to think about it than you or I, is supposedly a systems admin, and didn't come up with the obvious solution.
We also don't see any evidence of him participating in the discussion (even anonymously) to try to refine ideas into something workable.
I'm not buying it, and not just because it's Troll Tuesday - the whole thing simply doesn't hang together.