Slashdot Mirror

← Back to Stories (view on slashdot.org)

Domain Theft-for-Ransom Hits css-tricks.com and Others

Posted by timothy on from the low-down-dirty-rotten dept.

An anonymous reader writes "Chris Coyer at css-tricks.com has had his domain transferred from GoDaddy.com to a registrar in Australia where it's being held for ransom. Several other domains have experienced the same theft by what seems to be the same person, and the registrars seem helpless to do anything about it."

13 of 147 comments (clear)

  1. Don't Use GoDaddy by sexconker · · Score: 5, Interesting

    Don't use GoDaddy.
    If you needed any more reasons to stay far away from GoDaddy and their shitty advertising, RTFA.

            So far they have found this has happened to around 12 accounts, all within the "Web Design" genre (so most likely a targeted attack).
            There is no accessible log from with your GoDaddy account to see what/when things happened.
            They do [claim to] have access logs, but they can't [won't] share that information with me.
            The domain was transferred away from GoDaddy the evening of Nov 20th
            They [claim to] have, but cannot [won't] provide me with, the email address used to transfer the domain away.
            GoDaddy confirmed my global account email has never been changed, but it WAS changed for the domain css-tricks.com prior to the move.
            The request to unlock the domain happened on Nov. 14th at 4:30pm Mountain Time. Normally there is a 5-7 day waiting period, but GoDaddy offers instant transfer and they remarked that it was unusual that the hacker chose not to do that.
            They confirmed no other domains have left my account.

    [Stuff in brackets is mine.]

    1. Re:Don't Use GoDaddy by Anonymous Coward · · Score: 5, Interesting

      Don't use GoDaddy.

      To be fair, this wasn't strictly a GoDaddy Issue. TFA stated:

      This is not isolated to GoDaddy. Original registrants varied, see below.

      Which then listed multiple GoDaddy's, a 1and1.com, and a NetworkSolutions.com. This sounds more like the fact that GoDaddy happens to be the big horse (ala Microsoft) so it's likely going to be attacked me most. Not using GoDaddy might be good advice but it seems like it's also not a guarantee.

      The bigger issue is that there's no authoritative way to quickly re-gain such lost domains. And domain name disputes are always a huge PITA. Given the value of a domain name and how easy it is to sit on it once stolen, costing some business tons of money, I wouldn't be surprised if this starts happening more.

      One thing that keeps popping out is the fact that they're all being xfered to PlanetDomain.com. ICANN needs to revoke their ability to register domains.

  2. For the curious by Anonymous Coward · · Score: 5, Informative

    That phone number looks like a valid aussie mobile number. Who answers?

    Domain Name: CSS-TRICKS.COM
                Reseller..............: PlanetDomain Ltd Pty
                Created on............: 4 Jul 2007 16:26:57 EST
                Expires on............: 4 Jul 2019 16:26:57 EST
                Record last updated on: 21 Nov 2011 16:20:33 EST
                Status................: ACTIVE

          Owner:
                oca
                  (465144)
                    Bakulina 12,
                Kharkiv, gras 61166
                Austria
                Phone: +61.4354353455
                Email:
          Administrative Contact, Billing Contact:
                oca
                  (465143)
                    Bakulina 12,
                Kharkiv, gras 61166
                Austria
                Phone: +61.4354353455
                Email:
          Technical Contact:
                oca
                  (465145)
                    Bakulina 12,
                Kharkiv, gras 61166
                Austria
                Phone: +61.4354353455
                Email:

          Domain servers in listed order:

          No name servers present.

  3. Re:Umm.... by John+Hasler · · Score: 5, Informative

    It's certainly a crime, but it is fraud, not theft (just as copyright infringement is not theft). Theft involves deprivation of possession of chattel property.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  4. Re:So out of curiosity, by John+Hasler · · Score: 5, Informative

    > Who is a reputable registrar these days?

    Gandi.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  5. Gmail problem by Albanach · · Score: 5, Interesting

    it looks like the big problem here is that 4 years on it's still apparently possible for websites to silently create filters on gmail accounts if a logged in user visits their site. That effectively allows a malicious site to compromise hosting accounts, bank accounts and much more.

    1. Re:Gmail problem by cultiv8 · · Score: 5, Informative
      As noted in 2008 on Mashable:

      According to a proof of concept by Geek Condition, there is a security flaw in Gmail that allows an attacker to forward GoDaddy account reset information to the offending party unbeknownst by the victim. This is done by creating a filter that forwards GoDaddy’s “change of password” mail to the attacker and deletes it from your inbox.

      --
      sysadmins and parents of newborns get the same amount of sleep.
  6. Same thing happened back in 2000 to me and others by Nethead · · Score: 5, Interesting

    http://www.wired.com/politics/law/news/2000/01/33571

    Network Solutions' administrative policies are once again being blamed for Internet domain hijackings that took at least brief control over some major Web domains.
    Beginning Saturday, an unidentified individual began attempts, some successful, to seize control over domains including major Web hosting service Exodus, Web standards body World Wide Web Consortium and Emory University.
    And all the misappropriation required was a simple spoofing of email addresses.

    The only good thing about it was getting my name in Wired.

    --
    -- I have a private email server in my basement.
  7. Re:So out of curiosity, by tomp · · Score: 5, Informative

    Gandi rocks, no doubt about it. However, they cannot protect a domain owner from the US government.

    I have my domain there because they respect the rights of a domain owner far more than other registrars, but there's nothing they can do if the US government wants a domain in a US-hosted top level domain. When it comes .com, .net, or .org, NSI is all that matters. And unfortunately, they don't care about domain owners.

  8. Re:Umm.... by the+eric+conspiracy · · Score: 5, Informative

    Legally fraud is a form of theft, i.e. theft by deception.

  9. Re:ICANN by Tacvek · · Score: 5, Informative

    ICANN cannot technically do that, since they don't actually control the content of the TLD. The Domain Registry (Verisign) could technically reverse the transfer, but are bound by ICANN policies that likely prevent them from doing anything. ICANN in conjunction with Verisign could get the transfer reverted, but since that requires two entities working in concert, I would not count on it happening.

    Of course the Australian registry could determine that the transfer was fraudulent, and transfer it back to Go Daddy as a registrar (who is bound by contract to return it to the control of Chris Coyer), and provide information about the fraud to the police, but since that is not in their interests, they will never do that either.

    --
    Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
  10. Re:So out of curiosity, by The+Blue+Meanie · · Score: 5, Informative

    Nope, you misunderstand. I got them to issue one of the free certs for one of my domains (I use Gandi for all of my registrations), and it works perfectly with all major browsers out of the box.
    All you have to do is add Gandi's intermediate certificate (the cert that links their signature on your free cert to the base CA cert that's in everybody's browser), but you do that on your server (web/mail/whatever) and offer it up as part of the SSL negotiation. It works perfectly, and transparently. It is definitely NOT like the hassle of a self-signed certificate, where you DO have to either add the "security exception" to every client's browser, or get them to install your cert into their browser ahead of time.

    --
    "I feel that if a person can't communicate, the very least he can do is to shut up." -- Tom Lehrer
  11. Re:Umm.... by mysidia · · Score: 5, Informative

    and secondly, godaddy can't actually do anything about it because they don't own the domain anymore.

    There are things they can do about it, the ICANN Inter-Registrar Transfer Policy says so, so does the ICANN Transfer Dispute Resolution Policy,

    The Gaining Registrar must retain, and produce pursuant to a request by a Losing Registrar, a written or electronic copy of the FOA. In instances where the Registrar of Record has requested copies of the FOA, the Gaining Registrar must fulfill the Registrar of Records request (including providing the attendant supporting documentation) within five (5) calendar days. Failure to provide this documentation within the time period specified is grounds for reversal by the Registry Operator or the Dispute Resolution Panel in the event that a transfer complaint is filed in accordance with the requirements of this policy.

    If either a Registrar of Record or a Gaining Registrar does not believe that a transfer request was handled in accordance with the provisions of this policy, then the Registrar may initiate a dispute resolution procedure as set forth in Section C of this policy.

    Registry Operator must undo the transfer within fourteen calendar days unless a court action is filed. The notice required shall be one of the following:

    Agreement of the Registrar of Record and the Gaining Registrar sent by email, letter or fax that the transfer was made by mistake or was otherwise not in accordance with the procedures set forth in this policy;