Domain Theft-for-Ransom Hits css-tricks.com and Others

← Back to Stories (view on slashdot.org)

Domain Theft-for-Ransom Hits css-tricks.com and Others

Posted by timothy on Friday December 2, 2011 @12:41PM from the low-down-dirty-rotten dept.

An anonymous reader writes "Chris Coyer at css-tricks.com has had his domain transferred from GoDaddy.com to a registrar in Australia where it's being held for ransom. Several other domains have experienced the same theft by what seems to be the same person, and the registrars seem helpless to do anything about it."

65 of 147 comments (clear)

Min score:

Reason:

Sort:

Umm.... by Bucky24 · 2011-12-02 12:46 · Score: 4, Informative

From TFA: "We have reviewed your claim and we will contact PlanetDomain and request an FOA (Form of Authorization) for the transfer. If their records also show the same registrant at the time of transfer, we will work with them to see if they can transfer the domain name back. However, they are not required to transfer the domain name back."

Not required? As in, he paid for it, it's legally registered to him, and then someone just stole it away and they don't have to give it back? Isn't that theft?

--
All the world's a CPU, and all the men and women merely AI agents
1. Re:Umm.... by Meshach · 2011-12-02 13:00 · Score: 3, Interesting
  
  From TFA: "We have reviewed your claim and we will contact PlanetDomain and request an FOA (Form of Authorization) for the transfer. If their records also show the same registrant at the time of transfer, we will work with them to see if they can transfer the domain name back. However, they are not required to transfer the domain name back." Not required? As in, he paid for it, it's legally registered to him, and then someone just stole it away and they don't have to give it back? Isn't that theft?
  I don't know about theft as much as mismanagement by GoDaddy. If the domain was not expired then it should be reverted back to the rightful owner. If it actually did expire he may be SOL (although that is pretty low of GoDaddy to not at least give him notice).
  
  --
  "Maybe this world is another planet's hell"
  Aldous Huxley
2. Re:Umm.... by InsightIn140Bytes · 2011-12-02 13:05 · Score: 3, Informative
  
  GoDaddy can't reverse the transfer once other registrar has it.
3. Re:Umm.... by MightyMartian · 2011-12-02 13:05 · Score: 3, Insightful
  
  It's most certainly theft, and on top of that Godaddy is most certainly liable for civil damages.
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
4. Re:Umm.... by Anonymous Coward · 2011-12-02 13:09 · Score: 4, Insightful
  
  Yeah but thats not counting international law which would apply here. It's quite likely these people will need to sue in whatever country has the domain.
5. Re:Umm.... by John+Hasler · 2011-12-02 13:19 · Score: 5, Informative
  
  It's certainly a crime, but it is fraud, not theft (just as copyright infringement is not theft). Theft involves deprivation of possession of chattel property.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
6. Re:Umm.... by jamesh · 2011-12-02 14:16 · Score: 4, Insightful
  
  It's most certainly theft, and on top of that Godaddy is most certainly liable for civil damages.
  I just transferred a domain from GoDaddy to a preferred registrar. All I needed, and all I should need, was my username and password.
  If I let my username and password fall into the hands of somebody else, which I believe is the case here, and they transferred the domain then firstly, godaddy are not at fault, and secondly, godaddy can't actually do anything about it because they don't own the domain anymore. It's a bit rude of them to not offer more assistance in terms of providing evidence to help the owner prove his ownership to the new registrar, eg maybe the access was from an IP address in a different country than the owner resides, etc, but that's hardly grounds for a civil suit for damanges.
  If you buy a domain from a registrar who doesn't charge you enough to offer assistance when something goes wrong, and have a reputation for this, then you kind of get what you deserve.
  IMHO, GoDaddy aren't evil, just cheap, and are just a product of our collective race to the bottom in terms of not caring about quality of service when buying a product and only complaining about it when something goes wrong.
7. Re:Umm.... by rickb928 · 2011-12-02 15:07 · Score: 3, Informative
  
  That would be the job of ICANN or WIPO.
  Neither of which care to step in and make the effort unless forced to.
  
  --
  deleting the extra space after periods so i can stay relevant, yeah.
8. Re:Umm.... by the+eric+conspiracy · 2011-12-02 15:47 · Score: 5, Informative
  
  Legally fraud is a form of theft, i.e. theft by deception.
9. Re:Umm.... by mysidia · 2011-12-02 15:51 · Score: 2
  
  Not required? As in, he paid for it, it's legally registered to him, and then someone just stole it away and they don't have to give it back? Isn't that theft?
  There's always an option to open a UDRP dispute. Although it is expensive to execute the process, it would likely result in the domain being returned to the rightful owner.
10. Re:Umm.... by mysidia · 2011-12-02 16:05 · Score: 5, Informative
  
  and secondly, godaddy can't actually do anything about it because they don't own the domain anymore.
  There are things they can do about it, the ICANN Inter-Registrar Transfer Policy says so, so does the ICANN Transfer Dispute Resolution Policy,
  
  The Gaining Registrar must retain, and produce pursuant to a request by a Losing Registrar, a written or electronic copy of the FOA. In instances where the Registrar of Record has requested copies of the FOA, the Gaining Registrar must fulfill the Registrar of Records request (including providing the attendant supporting documentation) within five (5) calendar days. Failure to provide this documentation within the time period specified is grounds for reversal by the Registry Operator or the Dispute Resolution Panel in the event that a transfer complaint is filed in accordance with the requirements of this policy.
  
  If either a Registrar of Record or a Gaining Registrar does not believe that a transfer request was handled in accordance with the provisions of this policy, then the Registrar may initiate a dispute resolution procedure as set forth in Section C of this policy.
  
  Registry Operator must undo the transfer within fourteen calendar days unless a court action is filed. The notice required shall be one of the following:
  
  Agreement of the Registrar of Record and the Gaining Registrar sent by email, letter or fax that the transfer was made by mistake or was otherwise not in accordance with the procedures set forth in this policy;
11. Re:Umm.... by Dan541 · 2011-12-02 16:07 · Score: 4, Insightful
  
  In this case it's lucky the domain was moved to an Australian registrar and not China, or Russia. Legal action against the gaining registrar isn't out of the question.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
12. Re:Umm.... by wygit · 2011-12-02 16:13 · Score: 4, Interesting
  
  And the perps haven't deprived the victims of their property? Not sure what you mean here.
  With copyright infringement, the original owners still have their stuff. With this, the victim doesn't.
13. Re:Umm.... by Concerned+Onlooker · 2011-12-02 16:49 · Score: 4, Funny
  
  "I thought it was the pirating != theft brigade that modded people into oblivion."
  
  Well, I thought it was the pirating <= theft brigade that modded people into oblivion.
  
  --
  http://www.rootstrikers.org/
14. Re:Umm.... by dmomo · 2011-12-02 20:49 · Score: 2
  
  I thought it was the modding == theft brigade that the pirates send into oblivion
15. Re:Umm.... by X0563511 · 2011-12-02 21:42 · Score: 4, Insightful
  
  Erm, that argument doesn't fly here... because the -control- over the domain was seized away. It's not like it was just copied, like the whole "pirating != theft" argument has at it's heart.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
16. Re:Umm.... by toriver · 2011-12-02 22:51 · Score: 2
  
  Really? Soon romance will be theft because someone stole a young girl's heart...
17. Re:Umm.... by Relayman · 2011-12-03 04:45 · Score: 2
  
  A username and password should not be sufficient, especially if the domain name has a regsitrar lock. My domain registrar (BulkRegsiter aka eNom) requires two-factor authentication to do anything.
  
  --
  If I used a sig over again, would anyone notice?
Don't Use GoDaddy by sexconker · 2011-12-02 12:54 · Score: 5, Interesting

Don't use GoDaddy.
If you needed any more reasons to stay far away from GoDaddy and their shitty advertising, RTFA.
So far they have found this has happened to around 12 accounts, all within the "Web Design" genre (so most likely a targeted attack).
There is no accessible log from with your GoDaddy account to see what/when things happened.
They do [claim to] have access logs, but they can't [won't] share that information with me.
The domain was transferred away from GoDaddy the evening of Nov 20th
They [claim to] have, but cannot [won't] provide me with, the email address used to transfer the domain away.
GoDaddy confirmed my global account email has never been changed, but it WAS changed for the domain css-tricks.com prior to the move.
The request to unlock the domain happened on Nov. 14th at 4:30pm Mountain Time. Normally there is a 5-7 day waiting period, but GoDaddy offers instant transfer and they remarked that it was unusual that the hacker chose not to do that.
They confirmed no other domains have left my account.
[Stuff in brackets is mine.]
1. Re:Don't Use GoDaddy by InsightIn140Bytes · 2011-12-02 13:01 · Score: 3, Informative
  
  1and1 and Network Solutions are on the list too.
2. Re:Don't Use GoDaddy by Anonymous Coward · 2011-12-02 15:54 · Score: 5, Interesting
  
  Don't use GoDaddy.
  To be fair, this wasn't strictly a GoDaddy Issue. TFA stated:
  
  This is not isolated to GoDaddy. Original registrants varied, see below.
  Which then listed multiple GoDaddy's, a 1and1.com, and a NetworkSolutions.com. This sounds more like the fact that GoDaddy happens to be the big horse (ala Microsoft) so it's likely going to be attacked me most. Not using GoDaddy might be good advice but it seems like it's also not a guarantee.
  The bigger issue is that there's no authoritative way to quickly re-gain such lost domains. And domain name disputes are always a huge PITA. Given the value of a domain name and how easy it is to sit on it once stolen, costing some business tons of money, I wouldn't be surprised if this starts happening more.
  One thing that keeps popping out is the fact that they're all being xfered to PlanetDomain.com. ICANN needs to revoke their ability to register domains.
3. Re:Don't Use GoDaddy by houstonbofh · 2011-12-02 18:02 · Score: 3, Informative
  
  The difference is that with a real company, like SafeNames, you call your account rep, and he says, "I will handle this for you." And you get updates, not stonewalls. May still take a lot of time, but it will be less stress than GoDaddy's "not my problem" BS.
For the curious by Anonymous Coward · 2011-12-02 12:57 · Score: 5, Informative

That phone number looks like a valid aussie mobile number. Who answers?
Domain Name: CSS-TRICKS.COM
Reseller..............: PlanetDomain Ltd Pty
Created on............: 4 Jul 2007 16:26:57 EST
Expires on............: 4 Jul 2019 16:26:57 EST
Record last updated on: 21 Nov 2011 16:20:33 EST
Status................: ACTIVE
Owner:
oca
(465144)
Bakulina 12,
Kharkiv, gras 61166
Austria
Phone: +61.4354353455
Email:
Administrative Contact, Billing Contact:
oca
(465143)
Bakulina 12,
Kharkiv, gras 61166
Austria
Phone: +61.4354353455
Email:
Technical Contact:
oca
(465145)
Bakulina 12,
Kharkiv, gras 61166
Austria
Phone: +61.4354353455
Email:
Domain servers in listed order:
No name servers present.
1. Re:For the curious by iluvcapra · 2011-12-02 13:08 · Score: 3, Informative
  
  Ummmm, Graz is a town on the Mur in Austria, not Austrialia. However +61 is the country code of Australia. Some sort of bizzare joke.
  
  --
  Don't blame me, I voted for Baltar.
2. Re:For the curious by Dan541 · 2011-12-02 18:45 · Score: 2
  
  +61 is Australia but yes the postal address is Austria.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
3. Re:For the curious by OneMadMuppet · 2011-12-02 19:50 · Score: 3, Informative
  
  Bakulina 12 is an address in Kharkiv, in Ukraine. Anyone can pick a random city or country, but picking a specific street in north Kharkiv is less likely. Start there.
4. Re:For the curious by KiloByte · 2011-12-03 02:43 · Score: 2
  
  It's a dormitory for students of Kharkov's National University of Radioelectronics -- sounds like a likely place for the cracker to be from.
  
  --
  The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
DAVIDWALSH.NAME stolen also by Anonymous Coward · 2011-12-02 13:02 · Score: 2

My domain, DAVIDWALSH.NAME has also been stolen. 1And1 yet to return the domain or give me a detailed response for 5 days.
So out of curiosity, by oGMo · 2011-12-02 13:13 · Score: 2

Who is a reputable registrar these days? Does such a thing exist?

--
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
1. Re:So out of curiosity, by John+Hasler · 2011-12-02 13:20 · Score: 5, Informative
  
  > Who is a reputable registrar these days?
  Gandi.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
2. Re:So out of curiosity, by Urza9814 · 2011-12-02 13:37 · Score: 4, Interesting
  
  If only I had mod points. Gandi is by far and without a doubt the best domain registrar out there. Hell, if they were double or even triple the price of GoDaddy, I'd still be using them. (From what I've seen their prices are on par with everyone else.)
3. Re:So out of curiosity, by Anonymous Coward · 2011-12-02 13:40 · Score: 4, Informative
  
  :) We switched to them from Dotster. If you are from the USA the price is better than advertised too. They don't charge VAT and that is a HUGE percentage of the fee. The only complaint I have is the free SSL certificate is confusing/misleading. Or maybe it is just me not understanding things well enough although I doubt it. You have to install the free Gandi certificate in the browser you are using or something like that. In other words it isn't something you can actually use for business or even a personal web site unless you have control over the computers from where you/others will be accessing it from. Therefore what good is it over accepting your own ssl certificate? I know I sound like an idiot as I'm wrong in my explanation. Hopefully you understand what I'm trying to say though.
4. Re:So out of curiosity, by efalk · 2011-12-02 13:53 · Score: 4, Informative
  
  Seconded. I register all my domains with Gandi. Clean user interface, no offensive advertising, no constant trying to upsell me. Easy to understand services and contract. Plus, they're outside of the U.S., which is a huge plus -- it makes it much harder for a U.S. court to seize your domain on a whim.
5. Re:So out of curiosity, by CyberVenom · 2011-12-02 13:59 · Score: 2
  
  Thirded. Been with them since they were one of the first ICANN registrars outside of Network Solutions. Like their motto says, "no bullshit"
6. Re:So out of curiosity, by hpa · 2011-12-02 14:16 · Score: 3, Informative
  
  Seconded the recommendation for Gandi. Another good one is Loopia in Sweden, loopia.se. Loopia got acquired reasonably recently, so they may or may not stay that way but for now they have been very good and for a long time they were the best-priced .se and .nu registrar (and may still be.)
7. Re:So out of curiosity, by mrbester · 2011-12-02 14:34 · Score: 3, Insightful
  
  Status: clientTransferProhibited FTW. Set by a checkbox in a settings screen. GANDI never forget that your domain is yours (unlike other registrars who consider it theirs and you're just borrowing it from them).
  
  --
  "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
8. Re:So out of curiosity, by tomp · 2011-12-02 15:25 · Score: 5, Informative
  
  Gandi rocks, no doubt about it. However, they cannot protect a domain owner from the US government.
  I have my domain there because they respect the rights of a domain owner far more than other registrars, but there's nothing they can do if the US government wants a domain in a US-hosted top level domain. When it comes .com, .net, or .org, NSI is all that matters. And unfortunately, they don't care about domain owners.
9. Re:So out of curiosity, by The+Blue+Meanie · 2011-12-02 15:51 · Score: 5, Informative
  
  Nope, you misunderstand. I got them to issue one of the free certs for one of my domains (I use Gandi for all of my registrations), and it works perfectly with all major browsers out of the box.
  All you have to do is add Gandi's intermediate certificate (the cert that links their signature on your free cert to the base CA cert that's in everybody's browser), but you do that on your server (web/mail/whatever) and offer it up as part of the SSL negotiation. It works perfectly, and transparently. It is definitely NOT like the hassle of a self-signed certificate, where you DO have to either add the "security exception" to every client's browser, or get them to install your cert into their browser ahead of time.
  
  --
  "I feel that if a person can't communicate, the very least he can do is to shut up." -- Tom Lehrer
10. Re:So out of curiosity, by mysidia · 2011-12-02 15:54 · Score: 2
  
  it makes it much harder for a U.S. court to seize your domain on a whim.
  It also much makes it much harder for you to sue them, if they do something bad and it hurts you or you lose the domain or uptime as a result.
11. Re:So out of curiosity, by Animats · 2011-12-02 18:27 · Score: 4, Informative
  
  Who is a reputable registrar these days?
  The top of the line is MarkMonitor. If you have to ask how much they cost, you can't afford them. They're the registrar for "gm.com", "ford.com", "bankofamerica.com", etc. If something goes wrong with one of their domains, alarm bells ring at their monitoring center and DNS experts, investigators, and lawyers swing into action.
  Network Solutions can be difficult to deal with, but they register enough corporate domains that they have a support organization that's not a joke.
  GoDaddy is generally considered to be near the bottom of the heap. You might register your personal blog with GoDaddy. Maybe.
  Down at the bottom is eNom, the leader in junk domain registration. That's where you register your 100,000 typosquatting domains.
12. Re:So out of curiosity, by Kalriath · 2011-12-03 22:07 · Score: 2
  
  NSI doesn't matter. It's Verisign you need to be afraid of.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
e-mail by reiisi · 2011-12-02 13:27 · Score: 2

Actually, in this case, the problem seems to be hijacked e-mail.
What I'm trying to understand now is why they need a copy of a license to start checking about undoing the transfer, when they don't require the copy of the license to initiate it.

--
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
Gmail problem by Albanach · 2011-12-02 13:29 · Score: 5, Interesting

it looks like the big problem here is that 4 years on it's still apparently possible for websites to silently create filters on gmail accounts if a logged in user visits their site. That effectively allows a malicious site to compromise hosting accounts, bank accounts and much more.
1. Re:Gmail problem by cultiv8 · 2011-12-02 13:34 · Score: 5, Informative
  
  As noted in 2008 on Mashable:
  
  According to a proof of concept by Geek Condition, there is a security flaw in Gmail that allows an attacker to forward GoDaddy account reset information to the offending party unbeknownst by the victim. This is done by creating a filter that forwards GoDaddy’s “change of password” mail to the attacker and deletes it from your inbox.
  
  --
  sysadmins and parents of newborns get the same amount of sleep.
2. Re:Gmail problem by HeyBob! · 2011-12-02 13:39 · Score: 4, Insightful
  
  Exactly - why are you using a free email account to be the key to owning your domain name? Run your own email server! Become your own registrar - it's worth it if you have a bunch of domains.
3. Re:Gmail problem by MyFirstNameIsPaul · 2011-12-02 13:48 · Score: 4, Informative
  
  That article states that the attacker must direct the victim to a site with a malicious script in order to get a Session Authorization Key.
  
  --
  I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
4. Re:Gmail problem by headkase · 2011-12-02 14:19 · Score: 2, Interesting
  
  I don't even bother to moderate anymore. I read the comments at -1 because that is the only way to combat moderator abuse. It happens too often that you see a completely worthwhile comment moderated -1. Slashdot's game has been fixed. I blame the "Friend/Foe" system: that let's you instantly know whether to mod up/down if you were so inclined.
  
  --
  Shh.
5. Re:Gmail problem by tftp · 2011-12-02 17:27 · Score: 4, Informative
  
  why are you using a free email account to be the key to owning your domain name? Run your own email server!
  You shouldn't have a contact email on the domain that is being administered. Your suggestion is good only if you have several domains registered by different registrars, and if your email is very reliable (with reverse DNS and such.) Then you can cross-link these records. For everyone else Gmail is a rational choice; it's free, it's reliable, and it's always there.
6. Re:Gmail problem by jtnix · 2011-12-02 17:48 · Score: 2
  
  There's nothing wrong with using a 'free' email account to register for domain services or any other product or service for that matter. I would however recommend some recursion, i.e. create a unique freemail account with a very high security password and set it up to forward (while still saving emails) to your master email account(s). Of course, it's a good idea to rotate a high security password on your master email account(s) as well. It's not rocket science, it's security. These crafty bastards have been at it for a good 10+ years now. If you haven't been paying attention to current security flaws on the intertubes and get hacked then you are part to blame, too.
  Do you rotate high security passwords at least yearly? Monthly would be a better idea. Do you use a password agent/app to manage your passwords? There are dozens available, try one or two with a Really Good Password. Do you keep multiple, offsite backups of your encrypted password file? Make sure it's well encrypted with a 10 to 16 byte password that you can realistically memorize and rotate it at least once a year.
  
  --
  She blinded me with science, she tricked me with technology. ~ Thomas Dolby
7. Re:Gmail problem by houstonbofh · 2011-12-02 18:09 · Score: 4, Interesting
  
  It is only temporary... Go ahead and moderate. Read at -1 and just give points to people unfairly trolled.
8. Re:Gmail problem by Kalriath · 2011-12-03 23:52 · Score: 2
  
  Underrated and Overrated do not add the text to the score, FYI. They commonly are used as the "+1, I Agree" and "-1, I Disagree and wish to Censor Your Dissenting Opinion" moderations. It used to be counterable back before /. fucked up metamoderation and turned it into a herp-derp free + or - for random comments. Which incidentally is the other reason a post may be moderated + or - with no history - it was metamoderated up or down instead.
  Mumble mumble stagnated or something.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Same thing happened back in 2000 to me and others by Nethead · 2011-12-02 13:39 · Score: 5, Interesting

http://www.wired.com/politics/law/news/2000/01/33571

Network Solutions' administrative policies are once again being blamed for Internet domain hijackings that took at least brief control over some major Web domains.
Beginning Saturday, an unidentified individual began attempts, some successful, to seize control over domains including major Web hosting service Exodus, Web standards body World Wide Web Consortium and Emory University.
And all the misappropriation required was a simple spoofing of email addresses.
The only good thing about it was getting my name in Wired.

--
-- I have a private email server in my basement.
phone number looks like hex string by jamesh · 2011-12-02 13:54 · Score: 3, Interesting

Did anyone else notice that the phone number looks like a hex string?
43:54:35:34:55 => CT54U
it doesn't look particularly meaningful unless they were stupid enough to encode a password or something in it.
1. Re:phone number looks like hex string by sconeu · 2011-12-02 14:56 · Score: 4, Insightful
  
  1337-speek for "Acts for you"
  
  --
  General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Re:stolen by TheRealMindChild · 2011-12-02 14:21 · Score: 2

Just because you are paranoid, doesn't mean they aren't after you

--

"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
ICANN by DaMattster · 2011-12-02 14:33 · Score: 3, Interesting

Does ICANN offer any assistance with this matter? Can't they just yank the domain back?
1. Re:ICANN by Tacvek · 2011-12-02 15:50 · Score: 5, Informative
  
  ICANN cannot technically do that, since they don't actually control the content of the TLD. The Domain Registry (Verisign) could technically reverse the transfer, but are bound by ICANN policies that likely prevent them from doing anything. ICANN in conjunction with Verisign could get the transfer reverted, but since that requires two entities working in concert, I would not count on it happening.
  Of course the Australian registry could determine that the transfer was fraudulent, and transfer it back to Go Daddy as a registrar (who is bound by contract to return it to the control of Chris Coyer), and provide information about the fraud to the police, but since that is not in their interests, they will never do that either.
  
  --
  Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
2. Re:ICANN by Nemyst · 2011-12-02 16:36 · Score: 2
  
  It isn't in their interests? Surely siding against the web design community, a very large source of domain registrations, isn't the brightest of ideas?
3. Re:ICANN by dissy · 2011-12-02 18:01 · Score: 4, Informative
  
  Does ICANN offer any assistance with this matter? Can't they just yank the domain back?
  Yup, there is a process for this. Unfortunately a bit slow, but better than nothing.
  The registrar the domain is with now must provide proof the owner submitted it that can be challenged. No proof in 5 days, ICANN reverses the transfer.
  At that point they have two weeks to argue that the transfer was not authentic.
  I believe a court order would cause the action to be taken immediately in reversing it, and ICANN states they will comply.
  http://www.icann.org/en/transfers/
  All the forms and the policy itself (Items 1-4 on that page) plus some FAQ's that mention this type of thing.
  I've never had to do a transfer dispute, so am not sure if their policy matches reality, but there it is.
4. Re:ICANN by Tacvek · 2011-12-03 11:00 · Score: 2
  
  That sort of thing only rarely shows up in the accounting books, and is usually vastly underestimated when it does, so the decision makers only see: Loss of one registration ($x per year) vs status quo.
  Which will they decide is in their interests?
  
  --
  Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
Helpless? No. by macraig · 2011-12-02 18:22 · Score: 3, Insightful

... the registrars seem helpless to do anything about it.
Not helpless: careless, as in "we couldn't care less". How exactly do these thefts hurt their reputation or profits or bottom line? It doesn't, which is exactly why they don't care. These registrars will continue to not-care unless and until the victims can make the thefts affect the registrars in some measurable way.
Bigger news! by stephanruby · 2011-12-02 22:00 · Score: 3, Funny

Damn! Austria must have invaded Australia.
Re:Helpless? No. by zyzko · 2011-12-02 22:36 · Score: 4, Insightful

I actually prefer them not to care. It seems in this case email was hijacked and GoDaddy is not supposed to deny the transfer if everything is done properly. It is a real pain in the ass trying to obtain an "utility bill" or other "proof" from $5 / month web service customer when all they want is to get their domain transferred from the previous $15 / month provider (provided of course that the previous ISP who registered the domain was generous enough to put a real owner contact email to whois data...). It *should* be that easy for you average low-cost domain.
If you want your domain provider to "care" - which in this case is that you get personal service and are not just using automation yourself - you pay (actually GoDaddy also offers phone verification option for extra fee...). If you are bankofamerica.com or microsoft.com you should really do take a bit more expensive option - it is not likely that you change your registrar yearly to the cheapest alternative. But if you are a random website (this is first time I heard about css-tricks.com, I really don't know if they are big and famous site on web design field) looking for the cheapest option this is how it should be, because on the other side you have very angry customers complaining that registrars hold their domains hostage; been there in the middle answering to customer on the other side that no, this is not that easy because your registrar requires this and that and I have to bill you by the hour and on the other side having the registrar jump me through obstacle course to transfer ordinary domains by just flagging transfer "suspicious" and everything from first tier customer support is some form of "sorry, I can't do that".
By the way US registrars - identification by utility bill is something we do not do in Europe - the whole concept is strange, so please do not ask me for my clients electricity bill, they most likely can't provide one.
Dude, c'mon by bryan1945 · 2011-12-03 02:33 · Score: 2

You put your domain with a company because they have commercials with big boobs? If you want to "host" something, I'm sure it's more convenient and cheaper downtown.

--
Vote monkeys into Congress. They are cheaper and more trustworthy.
Re:stolen by reiisi · 2011-12-05 00:04 · Score: 2

Just because you are paranoid, doesn't mean they aren't after you
That's definitely not something I'm going to argue with.

--
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.