I might add, which Shuttleworth didn't spell out, that if you need help to do anything with Linux, you're more likely to find online help on how to do it on Ubuntu than openSUSE, Fedora, Debian, or any other Linux. Ubuntu's popularity combined with that attitude of helping everyday users get the most from Linux has made it the go-to Linux for users who want and need a helping hand.
Some things you won't know unless you try. The genie is out of the bottle. He's asked for a solution in a very public forum, and been given the obvious one. Eventually someone where he works is going to come across this thread and smack themselves on the forehead - "why didn't we just do that and SEE what the billing info was!"
Obviously the poster is monitoring the threads if they're really looking for a solution. If he doesn't suggest it as an option, it's going to look very suspicious. I would draw the inference that maybe there's something in the billing or email info he doesn't want me to see.
Like I said, the genie is out of the bottle. He asked for solutions, and this is practical, non-technical, easy for anyone to understand - even the PHB types.
So, either:
the original post is a well-done troll, which I give about a 70% probability
the original post is an attempt to misdirect, 25%
the original post is genuine, 5%
Why so low a genuine probability? Because the guy has had a lot longer to think about it than you or I, is supposedly a systems admin, and didn't come up with the obvious solution.
We also don't see any evidence of him participating in the discussion (even anonymously) to try to refine ideas into something workable.
I'm not buying it, and not just because it's Troll Tuesday - the whole thing simply doesn't hang together.
They came to him and said, "You broke your agreement, and are competing directly with us," managing to produce the domain within 24 hours and hand it over sure looks like someone trying to make amends for wrongdoing, no matter what means was used to acquire the domain.
Riiiight.... suggesting they use a well-established, pretty much universal, simple, and quick procedure that even has downloadable forms to expedite the process is suddenly suspicious. Gee whiz, he should take a month to suggest it - then it won't look at all suspicious! There's the ticket!
No, delaying it will look both suspicious and incompetent.
Besides, he's not responsible for their actions, only his own. How they react is entirely up to them, and entirely beyond his control. All he can do is do what's right, and if they're not satisfied, then they weren't going to be satisfied anyway. He can suggest it, and if they refuse it, he'll know there's no going back and he should not waste any more time or brain cells on the matter. If they accept it, then what happens depends on what's in the billing and email info.
Now I'm convinced that slashdotters would take 9 minutes to boil three 3-minute eggs.
I would expect that a CxO-level officer with significant stock options will be seen as significantly different than us poor smelly peons:-)
My real question is - how do I get a $12 million dollar separation agreement? I know, most people would be saying "Who do I have to kill to get that kind of dough?" I want to sleep at night... though obviously, with that sort of money, I can sleep whenever I d***ed well want to...
If I had that sort of money, I would drop out of the corporate scene and go into pure research. Okay, I'd also host a party or two with lots of pizza. But at what point is enough enough? $12 million to sit on the sidelines for one year... go do some charity or advocacy work, write a book, do some guest lecturing, some inner-city mentoring, do something different. Heck, go an a world cruise if that's your thing.
I walked in on the sewing machine part. It grossed me out, the idea of some guy skinning women alive. You like that sort of thing, well, all I can say is that it must be a guy thing.
As for the "for the children" - I said "I think we'd agree that children below a certain age (as determined by their parents) shouldn't watch stuff like that". Are you saying that parents should not have the right to decide what is appropriate for them to watch in the home? Who would you give that power to decide to?
The problem isn't just that it might give them nightmares - too much exposure will also tend to desensitize them to it. Violent killings and rapes are something that should horrify. It's not entertainment in and of itself.
But your mom has nothing on Canada's former Minister of Defense, who fell for the "don't flash your lights" urban legend and issued an official warning. What a moron.
Now a few more people check the info out before forwarding that Bill Gates will pay them $2,450 to forward an email to 10 people, or that you shouldn't flash your headlights because they'll come after you and cut your head off or that antiperspirant causes breast cancer.
Or do you think it's okay to let 50 women, plus everyone THEY contacted, believe that they've exposed themselves to a higher risk of breast cancer?
He already has the infringing site under his name. Or did you not realize that's why he's in sh*t in the first place? The site is 100% legally his. No lawyer can change that fact.
This way, he can at least undo some of the damage, and possibly get the billing and bogus email address information.
The guy asked for a solution. Running to a lawyer, who cannot possibly solve this as quickly, is not a solution.
Shakespeare was wrong. Don't shoot the lawyers. Shoot the people who recommend the lawyers as a solution. Most lawyers are crooks - 7 out of 8 admit to overbilling their clients. The other one is either dirt poor or a liar.
In other words, you didn't do like I did- look at ALL the "To:" addresses, and send them all an email explaining that they should ignore the sender's message because it's just another hoax/scam/urban legend, and provide links to snopes, etc.
You'd be amazed at how quickly people stop sending you stupid stuff when you contact 50 of their friends to say "this is retarded."
He doesn't need any "login information." This is the same procedure you use when you accidentally change email accounts and forget to update the dns info. It's called a manual update. You send them an email, they ask for proof of identity (government photo id) and you fax it to them, along with the form, and you get control of the domain and they'll send you the authCode to transfer it elsewhere.
He can propose this to his boss, meet at work to fax the info from there and get the confirming fax back, do the transfer, and everyone can breathe a bit easier because at least ONE problem is resolved.
Then they can ask for the billing and contact details that were on record for the original registration, please fax to the same fax #.
What happens after that is between the parties. If they're not satisfied, say "Thank you very much, have a nice life, call me if you have any more problems" and leave, because it's hopeless, and a lawyer isn't going to change that.
No, it's what people do when they can't manage. When they're so crappy at it that employees naturally don't want to discuss things with them, don't trust them, and at a gut level know they (management) don't give a f*** about them.
"Probably the best thing he can do is talk to his employer, ask them what action in their mind he can take to absolve himself of the issue."
If they had a clue, they would have already told him. The sad fact is that most slashdotters, despite claiming all sorts of technical expertise, aren't aware of the basic procedure to recover a domain when the email info is screwed up. Everyone screaming "get a lawyer." You send them a copy of government photo id, and you get control of the domain. It's the same procedure as when you change email addresses and forget to update the registration info before the old email account lapses. You need to validate your identity with some photo id. You don't need a lawyer (and you don't have to be terribly competent) to figure that out.
What's talking to a lawyer going to do? A $1000 retainer, several hours of talking, and the lawyer will say that he'll contact the employer to suggest that the guy establish his identity as the one in the contact info, and transfer the domain to his boss.
Oh, and by now the retainer is all gone, and by the time the boss gets back to him (he's going to have to lawyer up as well) through HIS lawyer, and everyone jaw-jaws, the bill is $3,000, to do the exact same thing he can do now for free - email the boss with a link to this thread and say "I can try to steal the domain back and put whatever contact info you want into it. I can also try to get them to send us the billing and email address for the squatter."
The police? You are kidding, aren't you?
"With the billing information in hand (assuming it's fraudulent), the employer might then decide to engage the police."
They don't care. Was it more than $25,000? Was anyone injured physically? Is anyone pointing a gun at someone, or dealing drugs or molesting children? No? Sorry, we've got more important cases to deal with.
This doesn't even register on their radar - "We're talking about a $10 domain? You called us over a f***ing $10 domain? And they even paid the $10? They didn't steal your identity to siphon your bank account or charge stuff to you? GTFO! This is a civil matter. We don't do civil cases."
I can't believe how many people want to make a simple thing complicated. I guess that explains Java.
And if they don't like the idea...
... then they're screwing themselves. He's offered them a legal, quick way to resolve the outstanding issues. If they say "don't do this" then he should email back and say "Why? Is this a Joe job? Did YOU register it in my name as a pretext to fire me?" It's a logical question to ask, but it won't come to that. If he proposes to steal the domain back and get both the domain and the billing and email info into their hands, they'll jump on the opportunity.
Lawyer up, and they're going to be mighty p*ssed that he made them spend thousands of dollars and waste days when it could have been fixed with a couple of emails.
How many slashdotters does it take to take a dump? One, but he has to ask slashdot and then run the whole procedure by a lawyer first.
You fail to recognize the difference between the Internet and that MySpacized pile of crap that we call "Web 2.0 Social Media". How would nuking Facebook and Twitter be a bad thing?
Please read what I wrote. He cc's the boss on everything. And don't forget, once the registrar confirms his identity, they can send him a copy of the billing records attached to the account. And the email address. If it was paid for with a stolen credit card from the Ukraine, and the email address was for some gmail account that google traces to a user in Zagreb, he's in the clear.
Right now, the working assumption is that he is in control of the domain. The damage is done. And yes, he is the legal owner of the domain, thanks to the lax way that domain registrations are carried out. He has the opportunity to get the domain under his boss's control within a few hours. Now think for a moment - what happens if he doesn't do this?
The real danger for him, as of today
If I were his boss or a co-worker, and I read this thread next week, I would be really p*ssed off that he didn't take these simple and obvious steps, steps that could resolve everything in a day or two at no, or minimal, expense. I would draw one of two negative inferences:
That this appeal for help is just posturing, he really did register the domain, and that doing this would reveal that he paid for it, or
That he is a gutless wonder with no common sense, and I would pray he goes to work for my biggest competitor.
Either way, he would no longer be just suspended - he'd be fired, since his inaction jeopardized both the company and his position in it. And they'd be right. Someone gives you an easy way to clear everything up in 24 hours, and you don't at least bring it to their attention ASAP after a very public appeal for help? It wouldn't pass the smell test. All he has to do is forward a link to this thread, and ask the boss what information they want in the updated dns record. Problem solved.
Unless, of course, this request for help was a sham.
Steal it back!
Someone stole your identity, and you have a chance to steal it back, then you steal it back... And hope they're stupid enough to file a complaint, like the crackhead who went to the police to complain that they got cheated on a drug deal.
Not that he's really stealing it back - he is the owner of record already. If he weren't he wouldn't be in hot water up to his neck.
If you need to snoop on people to figure that out, you should be fired, because you are NOT "managing" the work. How complicated is that? There's a reason good managers do walk-arounds, have an open-door policy, and generally do what they have to to stay "in the loop".
He "owns" the domain. Since it has his contact info, he can get the domain into his boss's hands in 1 day. Since he is the official owner of record, all he has to do is tell them he wants the domain transferred to the company, and that the email address is inaccurate. They will ask him for proof of identity. He sends them, either by email or by FedEx, a copy of his drivers license, which has the right name and address on it, and they initiate the transfer.
Since he's also the official "owner", he can also ask for "his" billing info and what the email address on record was. It's not like the scammer will sue for identity theft.
End result? The employer has the domain, the scammer is out a domain, and he gets the billing info and email address quickly, all for the cost of a pizza. If the email address is for some place in China, and the cc info is stolen, then the only people unhappy are the scammer and the lawyer who didn't get a 4-figure retainer and manage to churn it into a 5-figure lawsuit.
That's 2 scams for the price of one. Stupid lawyers, trying to make everything into a lawsuit. Shakespeare had it right.
If he had published the company name, you can be pretty sure a few people would have done that by now:-)
And I can imagine what would be hosted... "Top 10 goatse hits", "Tubgirl the magnificent", "Martini dick", screen scrapes of the original site turned into parodies, you name it.
The worst part is that, even if everyone turned the sites over to the company for free, the company is then stuck maintaining the registrations forever, so that "domainers" don't register them if they drop. CompanyXSucks.com, F*ckCompanyX.com MyBossAtCompanyXIsIntoKiddyPorn.com...
Why do slashdotters insist on making things more complicated than they are? A court won't do anything for weeks, maybe months. My way, the domain name is in his boss's hands by supper tomorrow - AND he can request a copy of "his" billing records, since he IS the official owner of the domain. Ditto for the email. No need for a subpoena.
They stole his identity? Steal it back! What are they going to do - sue him for identity theft?
I swear, you guys would probably take 9 minutes to boil three 3-minute eggs.
The guy asked for solutions. I'm offering a solution that is quick, easy to understand, cheap, and may also provide proof to actually exonerate him. Delay will just make things worse.
A lawyer can't "fix" this problem. I'm sorry, but anyone who believes otherwise is engaging in wishful thinking. Any deal a lawyer will negotiate will not prevent them from telling a government investigator that he left under bad circumstances, and after dragging a lawyer into it, you can believe they're going to want to bad-mouth him. If you believe otherwise, you're VERY naive.
His hopes for a security clearance if he goes that route drop from next to none down to zero.
Priority # 1
His best bet is to tell the employer that there's a way to get the domain into their hands ASAP, and that they'll sort out the mess later. He can always bring a lawyer into the loop after. But doing so now does two things: it just delays any resolution (making people harden their positions), and it will put the employer on the defensive. NOT the place anyone wants to be - unless you're the lawyer milking it.
Yes, there's a killer depression going on. This may have already ruined his chance for future employment in his field - but a lawyer isn't to change that. Sh*t happens. The world is not fair. There is no money-back guarantee to life. Doing what I suggest will not give the impression that he had to leave after "getting caught."
How to fix the problem within 24 hours
It costs nothing to contact the registrar and cc his employer, stating that since HE is the one listed as the domain admin, that he wants the domain transferred to his employer, and to send them a pdf or fedex them a photocopy of his driver's license as proof of identity. First problem solved in 24 hours for less than the cost of a pizza.
After the domain is transferred, then either they sit down and work something out, or he's free to lawyer up. But until the domain is in someone other than the scammer's hands, nothing good is going to happen. The employer wants it in their hands. He can do it for them by suppertime tomorrow. Why not take that first step instead of whining "oh woe is me"?
The guy asked for a solution - why not give him one?
That everyone else is calling for lawyers instead of trying to solve the problem - this is pitiful. He came to slashdot looking for a solution. Instead, everyone else is turning it into an adversarial battlefield.
A lawyer doesn't know enough to even begin to suggest how to fix this. He'd have to educate the lawyer first. Good luck with that - most of them have a hard enough time understanding that the from: address on email can be faked. Imagine trying to explain how the registration system works?
Then I, as the legal owner of record, would sue the registrar for damages, in this case provable ones. They are clearly aiding and abetting identity theft, it has cost me a job, and the Streisand Effect would be a joy to watch. The monetary settlement would also be nice. I'd invite the employer to join in as a co-plaintiff. He can explain the potential damage to business, how handling this situation has disrupted his company and caused him to suspend and possibly fire someone, and that the registrar should verify identities before allowing a domain to be registered, instead of allowing people to use gmail or hotmail addresses and no follow-up verification - not even an sms to a cell phone. If google for business and facebook can do it, so can they. They are clearly negligent.
BTW - Putting the domain in lock means it's still up and resolves to a bogus domain.
As I pointed out elsewhere, you cc the company and ask them what info they want in the record when it's transferred.
Yes, people might think "you could have done something if you had wanted", but look at what people are posting here. Hundreds of comments saying "get a lawyer." Me saying "here's how you address the company's primary concern."
In other words, most people are automatically on the defensive and they go blank as far as thinking about the solution - their personal situation understandably overwhelms them and makes them think defensively - "fight or flight". The technical solution is obvious, and yet, here, one of the biggest tech sites in the world, and everyone goes "lawyer up."
Rule # 1: The problem is never a technical problem.
Rule # 2: The problem is always a people problem.
This is what's happened here - from the company and him not thinking clear-headedly and saying "let's solve the immediate problem of the bogus domain", to him focusing on his personal situation ("clearing my name"), to everyone else going down the same path. If the vast majority here didn't see the obvious way of addressing the company's immediate concerns, then he can't really be faulted for not seeing it either.
Then again, in many cases women tend to be better at this sort of thing - looking for a people-type solution rather than a technical one (and sometimes it really bugs the guys). He's looking at his personal situation and how to "fix" it, whereas he should be asking "what's really bugging them, and how can I address that?" by solving their problem, he has a fighting chance of solving his own.
See the difference? The second one is focused on the feelings of the employer - their feeling that they have been betrayed and that there's a bogus domain out there that can send a legit-looking email blast any time. Fix that, and they'll feel better, and certainly a LOT better than him walking into a meeting with a lawyer and no solution.
No - it proves nothing either way. If he could prove who was using the bogus email address, that would be another story. At this point, he can't. Maybe once he gets control of the domain into his boss's hands...
You seem to forget that he in fact already DOES have legal, though not physical, control the domain. That's why all he has to do is establish his identity and effect the transfer.
Heck, with a bit of luck he could even send the first email to the registrar tonight (cc to bosses, along with asking them what they want the info changed to, along with a link to this thread to put it into context), a color pdf with his drivers license to the registrar tomorrow morning when they ask for proof of identity, and have the domain in his boss's name in time for supper tomorrow night.
What it does is it addresses the problem of the scammer using the domain, for example, to send out a bogus solicitation. It also shows that the admin is on the ball, able to come up with a solution that fixes the company's problem, rather than concentrating on the personal aspects.
Hundreds of people shouting "get a lawyer". Me saying "fix the problem." If you were the boss, who would you want working for you? Who would you be more likely to believe? Someone who lawyers up, or someone who says "look, I have a fix to your main concern, and we can sort the rest of the stuff out later."
Slashdot Mirror
Ubuntu users haveStats say that more problems than all the other main distros combined, so I'm not buying it.
Obviously the poster is monitoring the threads if they're really looking for a solution. If he doesn't suggest it as an option, it's going to look very suspicious. I would draw the inference that maybe there's something in the billing or email info he doesn't want me to see.
Like I said, the genie is out of the bottle. He asked for solutions, and this is practical, non-technical, easy for anyone to understand - even the PHB types.
So, either:
Why so low a genuine probability? Because the guy has had a lot longer to think about it than you or I, is supposedly a systems admin, and didn't come up with the obvious solution.
We also don't see any evidence of him participating in the discussion (even anonymously) to try to refine ideas into something workable.
I'm not buying it, and not just because it's Troll Tuesday - the whole thing simply doesn't hang together.
Riiiight .... suggesting they use a well-established, pretty much universal, simple, and quick procedure that even has downloadable forms to expedite the process is suddenly suspicious. Gee whiz, he should take a month to suggest it - then it won't look at all suspicious! There's the ticket!
No, delaying it will look both suspicious and incompetent.
Besides, he's not responsible for their actions, only his own. How they react is entirely up to them, and entirely beyond his control. All he can do is do what's right, and if they're not satisfied, then they weren't going to be satisfied anyway. He can suggest it, and if they refuse it, he'll know there's no going back and he should not waste any more time or brain cells on the matter. If they accept it, then what happens depends on what's in the billing and email info.
Now I'm convinced that slashdotters would take 9 minutes to boil three 3-minute eggs.
My real question is - how do I get a $12 million dollar separation agreement? I know, most people would be saying "Who do I have to kill to get that kind of dough?" I want to sleep at night ... though obviously, with that sort of money, I can sleep whenever I d***ed well want to ...
If I had that sort of money, I would drop out of the corporate scene and go into pure research. Okay, I'd also host a party or two with lots of pizza. But at what point is enough enough? $12 million to sit on the sidelines for one year ... go do some charity or advocacy work, write a book, do some guest lecturing, some inner-city mentoring, do something different. Heck, go an a world cruise if that's your thing.
As for the "for the children" - I said "I think we'd agree that children below a certain age (as determined by their parents) shouldn't watch stuff like that". Are you saying that parents should not have the right to decide what is appropriate for them to watch in the home? Who would you give that power to decide to?
The problem isn't just that it might give them nightmares - too much exposure will also tend to desensitize them to it. Violent killings and rapes are something that should horrify. It's not entertainment in and of itself.
And Shakespeare was only echoing Jesus' attitude about lawyers ...
Funny the custom of swearing on a bible whose main character denounces the legal "profession".
Yes, Einstein said that when he was getting on in years, and his memory was starting to go ...
But your mom has nothing on Canada's former Minister of Defense, who fell for the "don't flash your lights" urban legend and issued an official warning. What a moron.
Now a few more people check the info out before forwarding that Bill Gates will pay them $2,450 to forward an email to 10 people, or that you shouldn't flash your headlights because they'll come after you and cut your head off or that antiperspirant causes breast cancer.
Or do you think it's okay to let 50 women, plus everyone THEY contacted, believe that they've exposed themselves to a higher risk of breast cancer?
This way, he can at least undo some of the damage, and possibly get the billing and bogus email address information.
The guy asked for a solution. Running to a lawyer, who cannot possibly solve this as quickly, is not a solution.
Shakespeare was wrong. Don't shoot the lawyers. Shoot the people who recommend the lawyers as a solution. Most lawyers are crooks - 7 out of 8 admit to overbilling their clients. The other one is either dirt poor or a liar.
You'd be amazed at how quickly people stop sending you stupid stuff when you contact 50 of their friends to say "this is retarded."
He can propose this to his boss, meet at work to fax the info from there and get the confirming fax back, do the transfer, and everyone can breathe a bit easier because at least ONE problem is resolved.
Then they can ask for the billing and contact details that were on record for the original registration, please fax to the same fax #.
What happens after that is between the parties. If they're not satisfied, say "Thank you very much, have a nice life, call me if you have any more problems" and leave, because it's hopeless, and a lawyer isn't going to change that.
No, it's what people do when they can't manage. When they're so crappy at it that employees naturally don't want to discuss things with them, don't trust them, and at a gut level know they (management) don't give a f*** about them.
If they had a clue, they would have already told him. The sad fact is that most slashdotters, despite claiming all sorts of technical expertise, aren't aware of the basic procedure to recover a domain when the email info is screwed up. Everyone screaming "get a lawyer." You send them a copy of government photo id, and you get control of the domain. It's the same procedure as when you change email addresses and forget to update the registration info before the old email account lapses. You need to validate your identity with some photo id. You don't need a lawyer (and you don't have to be terribly competent) to figure that out.
What's talking to a lawyer going to do? A $1000 retainer, several hours of talking, and the lawyer will say that he'll contact the employer to suggest that the guy establish his identity as the one in the contact info, and transfer the domain to his boss.
Oh, and by now the retainer is all gone, and by the time the boss gets back to him (he's going to have to lawyer up as well) through HIS lawyer, and everyone jaw-jaws, the bill is $3,000, to do the exact same thing he can do now for free - email the boss with a link to this thread and say "I can try to steal the domain back and put whatever contact info you want into it. I can also try to get them to send us the billing and email address for the squatter."
The police? You are kidding, aren't you?
They don't care. Was it more than $25,000? Was anyone injured physically? Is anyone pointing a gun at someone, or dealing drugs or molesting children? No? Sorry, we've got more important cases to deal with.
This doesn't even register on their radar - "We're talking about a $10 domain? You called us over a f***ing $10 domain? And they even paid the $10? They didn't steal your identity to siphon your bank account or charge stuff to you? GTFO! This is a civil matter. We don't do civil cases."
I can't believe how many people want to make a simple thing complicated. I guess that explains Java.
And if they don't like the idea ...
Lawyer up, and they're going to be mighty p*ssed that he made them spend thousands of dollars and waste days when it could have been fixed with a couple of emails.
How many slashdotters does it take to take a dump? One, but he has to ask slashdot and then run the whole procedure by a lawyer first.
You fail to recognize the difference between the Internet and that MySpacized pile of crap that we call "Web 2.0 Social Media". How would nuking Facebook and Twitter be a bad thing?
Stream away - when 99.9% of Social Media is crap, it won't be worth the time to find that 0.01%. Problem solved.
Google, you got my vote!
Right now, the working assumption is that he is in control of the domain. The damage is done. And yes, he is the legal owner of the domain, thanks to the lax way that domain registrations are carried out. He has the opportunity to get the domain under his boss's control within a few hours. Now think for a moment - what happens if he doesn't do this?
The real danger for him, as of today
If I were his boss or a co-worker, and I read this thread next week, I would be really p*ssed off that he didn't take these simple and obvious steps, steps that could resolve everything in a day or two at no, or minimal, expense. I would draw one of two negative inferences:
Either way, he would no longer be just suspended - he'd be fired, since his inaction jeopardized both the company and his position in it. And they'd be right. Someone gives you an easy way to clear everything up in 24 hours, and you don't at least bring it to their attention ASAP after a very public appeal for help? It wouldn't pass the smell test. All he has to do is forward a link to this thread, and ask the boss what information they want in the updated dns record. Problem solved.
Unless, of course, this request for help was a sham.
Steal it back!
Someone stole your identity, and you have a chance to steal it back, then you steal it back ... And hope they're stupid enough to file a complaint, like the crackhead who went to the police to complain that they got cheated on a drug deal.
Not that he's really stealing it back - he is the owner of record already. If he weren't he wouldn't be in hot water up to his neck.
"Run it by a lawyer" - like a lawyer has a clue as to how these things work. Know any retired judges or lawyers? Ask their opinion of lawyers, off the record. Even lawyers who aren't retired admit that most lawyers (7 out of 8 by one measure) are liars who routinely cheat their clients.
If you need to snoop on people to figure that out, you should be fired, because you are NOT "managing" the work. How complicated is that? There's a reason good managers do walk-arounds, have an open-door policy, and generally do what they have to to stay "in the loop".
You claim to be a lawyer, and your advice is:
He "owns" the domain. Since it has his contact info, he can get the domain into his boss's hands in 1 day. Since he is the official owner of record, all he has to do is tell them he wants the domain transferred to the company, and that the email address is inaccurate. They will ask him for proof of identity. He sends them, either by email or by FedEx, a copy of his drivers license, which has the right name and address on it, and they initiate the transfer.
Since he's also the official "owner", he can also ask for "his" billing info and what the email address on record was. It's not like the scammer will sue for identity theft.
End result? The employer has the domain, the scammer is out a domain, and he gets the billing info and email address quickly, all for the cost of a pizza. If the email address is for some place in China, and the cc info is stolen, then the only people unhappy are the scammer and the lawyer who didn't get a 4-figure retainer and manage to churn it into a 5-figure lawsuit.
That's 2 scams for the price of one. Stupid lawyers, trying to make everything into a lawsuit. Shakespeare had it right.
And I can imagine what would be hosted ... "Top 10 goatse hits", "Tubgirl the magnificent", "Martini dick", screen scrapes of the original site turned into parodies, you name it.
The worst part is that, even if everyone turned the sites over to the company for free, the company is then stuck maintaining the registrations forever, so that "domainers" don't register them if they drop. CompanyXSucks.com, F*ckCompanyX.com MyBossAtCompanyXIsIntoKiddyPorn.com ...
They stole his identity? Steal it back! What are they going to do - sue him for identity theft?
I swear, you guys would probably take 9 minutes to boil three 3-minute eggs.
The guy asked for solutions. I'm offering a solution that is quick, easy to understand, cheap, and may also provide proof to actually exonerate him. Delay will just make things worse.
His hopes for a security clearance if he goes that route drop from next to none down to zero.
Priority # 1
His best bet is to tell the employer that there's a way to get the domain into their hands ASAP, and that they'll sort out the mess later. He can always bring a lawyer into the loop after. But doing so now does two things: it just delays any resolution (making people harden their positions), and it will put the employer on the defensive. NOT the place anyone wants to be - unless you're the lawyer milking it.
Yes, there's a killer depression going on. This may have already ruined his chance for future employment in his field - but a lawyer isn't to change that. Sh*t happens. The world is not fair. There is no money-back guarantee to life. Doing what I suggest will not give the impression that he had to leave after "getting caught."
How to fix the problem within 24 hours
It costs nothing to contact the registrar and cc his employer, stating that since HE is the one listed as the domain admin, that he wants the domain transferred to his employer, and to send them a pdf or fedex them a photocopy of his driver's license as proof of identity. First problem solved in 24 hours for less than the cost of a pizza.
After the domain is transferred, then either they sit down and work something out, or he's free to lawyer up. But until the domain is in someone other than the scammer's hands, nothing good is going to happen. The employer wants it in their hands. He can do it for them by suppertime tomorrow. Why not take that first step instead of whining "oh woe is me"?
The guy asked for a solution - why not give him one?
That everyone else is calling for lawyers instead of trying to solve the problem - this is pitiful. He came to slashdot looking for a solution. Instead, everyone else is turning it into an adversarial battlefield.
A lawyer doesn't know enough to even begin to suggest how to fix this. He'd have to educate the lawyer first. Good luck with that - most of them have a hard enough time understanding that the from: address on email can be faked. Imagine trying to explain how the registration system works?
BTW - Putting the domain in lock means it's still up and resolves to a bogus domain.
Yes, people might think "you could have done something if you had wanted", but look at what people are posting here. Hundreds of comments saying "get a lawyer." Me saying "here's how you address the company's primary concern."
In other words, most people are automatically on the defensive and they go blank as far as thinking about the solution - their personal situation understandably overwhelms them and makes them think defensively - "fight or flight". The technical solution is obvious, and yet, here, one of the biggest tech sites in the world, and everyone goes "lawyer up."
Rule # 1: The problem is never a technical problem.
Rule # 2: The problem is always a people problem.
This is what's happened here - from the company and him not thinking clear-headedly and saying "let's solve the immediate problem of the bogus domain", to him focusing on his personal situation ("clearing my name"), to everyone else going down the same path. If the vast majority here didn't see the obvious way of addressing the company's immediate concerns, then he can't really be faulted for not seeing it either.
Then again, in many cases women tend to be better at this sort of thing - looking for a people-type solution rather than a technical one (and sometimes it really bugs the guys). He's looking at his personal situation and how to "fix" it, whereas he should be asking "what's really bugging them, and how can I address that?" by solving their problem, he has a fighting chance of solving his own.
See the difference? The second one is focused on the feelings of the employer - their feeling that they have been betrayed and that there's a bogus domain out there that can send a legit-looking email blast any time. Fix that, and they'll feel better, and certainly a LOT better than him walking into a meeting with a lawyer and no solution.
You seem to forget that he in fact already DOES have legal, though not physical, control the domain. That's why all he has to do is establish his identity and effect the transfer.
Heck, with a bit of luck he could even send the first email to the registrar tonight (cc to bosses, along with asking them what they want the info changed to, along with a link to this thread to put it into context), a color pdf with his drivers license to the registrar tomorrow morning when they ask for proof of identity, and have the domain in his boss's name in time for supper tomorrow night.
What it does is it addresses the problem of the scammer using the domain, for example, to send out a bogus solicitation. It also shows that the admin is on the ball, able to come up with a solution that fixes the company's problem, rather than concentrating on the personal aspects.
Hundreds of people shouting "get a lawyer". Me saying "fix the problem." If you were the boss, who would you want working for you? Who would you be more likely to believe? Someone who lawyers up, or someone who says "look, I have a fix to your main concern, and we can sort the rest of the stuff out later."