Everyone likes a quick solution to something. In our society, we are consumed with getting desired results with minimal effort. A great example of this is weight loss via diet pills or even fast food. We barely wait on anything anymore. Unfortunately, with this consummation come other, more devastating avenues to get results in the “get rich quick” scheme of things.
With the internet, as with most things, people will find ways to cheat their way to the top. And as clever as thieves can be, their actions are generally prompted by pure monetary greed. One of the most disturbing cases of internet thievery is domain hijacking, where identity theft is used to trick the domain registrar into allowing the hijacker to change the registration information to steal control of an unexpired domain from the legitimate owner.
Ever heard of the Sex.com case, one of the biggest internet rip offs in history?
There was a man named Gary Kremen, who in 1994 found the newly forming internet a potential gold mine. He figured that domain names would be crucial to success on the Web. He caught on early registering generic names like Jobs.com, Autos.com, Housing.com and Sex.com with Network Solutions, LLC, a technology company that today manages over 7.6 million domain names. And he got all those names for FREE!!
Kremen never developed a site around Sex.com, he just held the rights to it, or so he thought.
During Kremen’s successes, Stephen Cohen was just being released from jail. Apparently he got a thrill from the convict lifestyle, because the eventual hijacking of Sex.com from Kremen began shortly after his freedom began.
Cohen was no dummy. He spent time creating and sending fake, forged documents to Network Solutions, LLC and convinced them to transfer the domain name of Sex.com over to him. Cohen then covered his tracks by stringing the domain name through a series of corporate websites.
There ensued an 11 year trial in which Kremen desperately tried to regain his domain name as well as the profits incurred by Cohen (averaged around $750,000 per MONTH) through use of the stolen domain. Kremen lost nearly everything trying to cover court cost and was down to his last pennies; finally the court ruled in his favor.
Kremen regained control of the Sex.com domain and Cohen was required to pay him damages of $65 million, plus interest and all assets purchased with the stolen money.
After the decision, Cohen fled the country to avoid arrest and was later found in Tijuana, Mexico living off money he stashed outside U.S. borders. He was arrested and deported back to the United States where he currently resides in the Elmwood Men’s Correctional Facility of Milpitas, CA. Cohen refuses to cooperate with officials in locating all of his assets, thus preventing Kremen from collecting the remaining assets and fortune amassed from the hijacked Sex.com domain.
Until Cohen confesses, he will remain detained.
In 1998, Kremen filed suit against Network Solutions for breach of contract and was subsequently awarded about $20 million.
So, after all that mess, it begs the question…..what exactly are domain registrars doing to protect domain name rights?
In reading various articles about the domain hijackings, some authors unsuccessfully tried contacting the registrars, who were either unavailable for contact or gave unhelpful statements such as “we do have measures.”
I decided to conduct my own research and went undercover to get the answers rather than demanding them and flashing a press pass. I contacted the top eight domain name registrars according to RegistrarStats.com (I had to omit the other two from the top 10 because they were in German).
Here are some solutions offered by these companies to reduce domain name hijacking:
Lock the domain name, so no one will able to transfer it without your permission (another site said they would do this for you and the domain cannot be unlocked without the owner of the domain logging into the account and doing it him or herself)
The locking of the domain prevents the domain name from being removed from the account either intentionally or accidentally, unless you unlock it
Update the Registrant contact email address so no one will have access to your account to make changes
Some registrars have a domain protect option (which is apparently different from a registrar lock, although WHOIS software cannot detect a difference)
As quoted “when someone requests a transfer of your domain to their account, you will receive an email. When domain protect is off, if you do not respond the domain will be transferred over to the other party. You must respond that you do not agree with the transfer to stop the transfer.
However, when domain protect is on, even if you do not respond to that email, the domain will not be transferred. Even if you respond and agree to the transfer, the domain protect will stop the transfer and the domain will be listed as Registrar-lock in a WHOIS lookup.”
And last but not least is the response given to me by Network Solutions:
“Based on your request, we have a lock on each domain name to make sure it will not be ‘hijacked’ or transferred unauthorized.
Domain Protect adds an extra layer of protection to your domain name registration, guarding it against unauthorized domain name transfers.
Every domain name registration with Network Solutions comes with the free Domain Protect feature enabled:
• When turned on, Domain Protect helps to block the transfer of your domain name to another Registrar. It provides protection from “domain hijackers,” or others who may attempt to authorize a transfer of your domain name registration.
• With Domain Protect turned on you can still perform legal name changes, account consolidation or transfers between Network Solutions accounts. To transfer a domain name to another Registrar, you must first turn off Domain Protect.
Note Only the Account Holder/Primary Contact of record on the account can turn Domain Protect on or off.”
So, when in doubt, to protect you site from being hijacked, look into who your registrar really is and how they will keep your site safe. But it never hurts to do some of your own security checks.