[svlug] Re: Please help Josef Grosch.....

[Rick Moen]

begin Ian MacLure quotation:

> Notwithstanding Josef getting his domain back, it appears there is
> still a problem if, as some of our more cynical list members suspect,
> the "ooops" is actually a scam.

Indeed.  "Oh, it was simply an unfortunate staff error when we
transferred your domain's ownership to ourselves and then offered to
sell it back to you -- now that you turn out to have an army of
pissed-off sysadmins behind you.  We apologise profusely, and will
correct our unfortunate error Real Soon Now."

Which, one notes, has not yet occurred.

> Anybody have any further information? If the offender is a scam artist
> something ought to be done "pour decourager les autres" so to speak

I did do some Google searches for the fellow's name, and was eventually
going to get around to also checking DejaNews.  Nothing came up on
Google.


But it's interesting to contemplate:  How _did_ Aaron Downey / Virtual
Shopper, Inc. grab the bafug.org domain?  The records don't seem to
support a supposition that Josef's registration expired:  The dates look
wrong.  It _might_ have been that, but I doubt it.

If it wasn't expiration, then it was a transfer of the Registrant
record, carried out at Josef's registrar, Tucows/OpenSRS, prior to
transferring the domain to Register.com.  If OpenSRS's policy about
domain-ownership transfer is typical, it would require mailed or faxed 
signed letterhead from the old Registrant (Josef) stating that he's 
reassigning the domain to the new one (Downey), plus a new registration 
fee.  Such a letter could be forged -- which would likely be a criminal
act.

Here's what I wrote to Josef, about examples of that sort of fraud that
are known to have occurred in the recent past:


About the only counter-measure customers might exercise to prevent such
attacks would logically seem to be picking one's registrar on the basis
of domain-transfer policy.  However, it's difficult to come by comparative
information.  http://www.domainnamebuyersguide.com/ is a start, but doesn't
specifically address that issue, only the domain _dispute_ issue (on which
it says "We don't rank this, because everyone's supposed to follow ICANN's
UDRP."

That ratings site wags its finger disapprovingly at my favourite registrar,
Domain Discover of San Diego, for having a "very cumbersome paper-based
system for transferring domains."  Hey, "cumbersome" sounds pretty good to
me, at the moment!

Following is the other information I've dug up on-line:


Article:  Domain Name Theft: When Someone Steals Sex, You Can Get It
Back If It's In Cyberspace  (gives example of fraudulent registrant
transfer using a faked transfer letter with a forged signature)
  http://www.domainnotes.com/news/article/0,,5281_524111_1,00.html

web.net has a domain theft (successfully!) performed on it.  Unfortunately,
the author of this write-up is clueless:  http://www.web.ca/hijack.html

Slightly less clueless account of the same case, which however fails to 
detail how the thief "asked" a registrar to change the Registrant
identity:  http://www.networlddomain.com/domain/theftstory.html

Adds the detail that Tucows/OpenSRS allegedly accepted some Registrant
change request, but fails to state how:
http://www.kkc.net/toronto-star/2000/0608/

More thefts, effected via forged transfer letters:
http://www.internetnews.com/bus-news/article/0,,3_401471,00.html

A Montreal theft steals some of internet.com's domains using forged
transfer letters sent in via fax:
http://www.businessweek.com/bwdaily/dnflash/june2000/nf00613f.htm

Mostly about trademark-related domain issues, but it has a paragraph
about "domain name hijacking".  (Owning a federal trademark matching
your domain, and using that trademark in business, gives you a trump
card in UDRP domain disputes.)
http://www.patents.com/dno.htm

On-line discussion thread about the problem:
http://www.nsiregistry.com/maillist/rrp/200006/0000.html
This follow-up suggests that Department of Commerce regulations are
partly at fault: 
http://www.nsiregistry.com/maillist/rrp/200006/0001.html

Makes an argument that a recent US court ruling that "domains are not 
property" means that everyone should use off-shore registrars for
com/org/net (and, particularly, stay the hell away from NSI):
http://ecommerce.internet.com/news/insights/ectech/article/0,,9561_382341,00.html

Typical of many other clueless articles that incorrectly call it "domain
theft" when someone has merely changed the technical, admin, or billing
contact, but not the Registrant:
http://www.internetnews.com/bus-news/article/0,,3_386441,00.html

Another article sadly clueless about the distinction between Registrant
and the other contacts:
http://harkless.org/dan/mirrors/dnspolicy.net/articles/00/02/09/094220.html

Here's an irony:  Register.com offers a $99 "Domain Lockdown"
anti-hijack service.  Of course, this alleged "protection" seems pretty
laughable.  http://www.register.com/corporate/lock-down.cgi?1|2567959216|
http://investor.register.com/ireye/ir_site.zhtml?ticker=rcom&script=460&layout=1&item_id=89083

-- 
Cheers,           "I don't like country music, but I don't mean to denigrate
Rick Moen         those who do.  And, for the people who like country music,
rick at linuxmafia.com         denigrate means 'put down'."      -- Bob Newhart