.

Hacked/Stolen Domains

<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Wed Dec 26, 2007 7:11 pm

Hacked/Stolen Domains

Hey there guys, I happened to come accross a pretty sad sounding case where a guy, David Airey, had his Gmail account hacked.. and then his domain name stolen.  Kind of a creepy problem, and it's an interesting read.  Basically the guy is asking for any help from any people who might know how he should go about trying to regain his domain.  The hacker is sending him emails blackmailing him to get his domain name back.  I'm sure any help any of you could provide the guy would be appreciated, and might be an entertaining diversion for you.. as he appearently has 2 of the hacker's email addresses, and a 'name'.  (though probably fake).

http://www.davidairey.co.uk/StaticPage.html

Hacker emails/'name'
pay.irv@gmail.com
ba_marame_pooli@yahoo.com
Peyam Irvani

Ohh, and the ip addy from his email to the guy's fraudulent ticket to change the guy's domain creds.
207.36.162.100

Cheers, and happy Holidays

g00d_4sh

"Hail to the King Baby!"
"Bad.. Good?  I'm the guy with the gun"
<<

LSOChris

Post Wed Dec 26, 2007 8:51 pm

Re: Hacked/Stolen Domains

he needs to call his registar and tell them what happened, hopefully he still has the receipt where he registered it or has enough infromation to prove he is the real person who registered the domain name
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Thu Dec 27, 2007 11:06 am

Re: Hacked/Stolen Domains

Chris is dead on.  If a domain is stolen it is usually a legal or contractual issue rather than a technical one.  You are going to have to show that you have exclusive ownership rights to the sight and that the WHOIS information is no longer accurate.  ICANN requires that the WHOIS information be accurate and they can hold the domain registrar partially responsible if it isn't.  That will give you some leverage with them.  Also review any of the contractual language that you had to accept when the domain was setup.  Usually there will be language in there that says they will not move or alter your domain without permission from the owner.  If you can show that the real owner never approved of the changes then that will also give you some leverage.  Be careful here, though.  If you push the point too hard then you are basically forcing the company to admit that they screwed up and allowed an invalid transfer.  I read through the comments on the guy's blog, and he's already been given most of this advice.  It sucks, but he is going to either have to give up the time and money to get the site back or just let the thing go. 

On a side note, right in the middle of the replies you will see where an anonymous poster put the hacker's email and IP into the /b forums of 4chan.  If some of those guys decide to pick up the cause for the blogger, then the hacker is in for a really bad time.  They won't stop at trying to get the domain back, they'll hack his whole life.  That makes me feel all warm and fuzzy.  Does that make me a bad person? 
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Thu Dec 27, 2007 11:11 am

Re: Hacked/Stolen Domains

Hmm, nothing like replying to your own reply, but I thought I'd officially end the thread by letting everyone know that David got his domain back.  How did he do it?  Someone that read his post knew the CEO of GoDaddy, which is where his stolen domain was parked.  They worked with David to confirm that he was the official owner (driver's license, signature, etc) and then transfered ownership back to him.  Just goes to show that it isn't what you know, its who you know.

http://www.davidairey.co.uk/
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Thu Dec 27, 2007 11:24 am

Re: Hacked/Stolen Domains

Well, that's definately a good thing to hear.  I was researching something yesterday, and for some odd reason David's site came up in my google search and I just looked it over for a moment.  Kind of glad I did, and glad to hear good news about a resolution for the guy. 
"Bad.. Good?  I'm the guy with the gun"
<<

jdurban

Newbie
Newbie

Posts: 1

Joined: Fri Mar 21, 2008 4:02 am

Post Fri Mar 21, 2008 4:29 am

Re: Hacked/Stolen Domains

If you are a godaddy customer and your domain is stolen forget getting it back without spending thousands to get it back. Godaddy does not deploy any safety net to prevent someone from the inside or outside from stealing a domain. All they do is send you a confirming email tha the act has already occured. The email states if you did not intentially transfer the domain you can alert Godaddy "customer service" and they would remedy the situation. Not true. I followed their procedure and no one could care less. I even ask them to review their server logs as the thief surely left an I.P. to trace. Again it all fell on deaf ears.

The thief actually offered to sell it back to me for a grand!

Here's what I posted at ICANN tonight...

If someone steals something of value here in the states we call the police and they take a statement and initiate an investigation. Sometimes the property is recovered and the thief prosecuted. All this is undertaken without cost locally  and without attorneys or empaneled "impartial" arbiters.

If however someone working at Godaddy a U.S. company steals a domain from a customer in the U.S. the victim can't call the police because unlike all other thefts this one falls under some obscure remote little known foreign body located on the other side of the planet where really good chocolate comes from. Now here we have a U.S. crime and a U.S. victim yet the victim cannot remedy the crime in his or her  own country. The process of recovering a stolen domain involves the hiring of an attorney that specializes in domain theft and bloated ICANN rules and procedures. This attorney will then send a warning letter to the offending basically requesting that they not continue their naughtiness and to return the stolen domain. If after some statutory period of time the crook fails to change his evil ways then the victim can escalate the process by paying ICANN to empanel a few objective justice seekers to take the helm. Now from here who knows what will transpire but the victim will wind up paying thousands of dollars to recover a ten dollar domain. There is something seriously wrong with this bizarre and counter intuitive process that needs to be completely revamped. Seriously could this goofy process be any more arcane or asinine? I think not. Sorry I am an engineer and I can't seem to adapt to nonsensical impractical conditions. I always assume that systems evolve and improve according to a Darwinian like model. If Darwin was faced with recovering a stolen domain he would have shredded his works and let man know that his days were numbered as evolution would cease at the monolith called ICANN.

Jack Durban, victim of domain theft and ICANN ineptness and obsolescence.

Return to Incident Response

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software