If someone approached you on the street and offered to sell an iPod to you for $10, what would you think? You’d think it was hot merchandise (stolen). But what if you posted a wanted ad for an iPod that retails for $300 and someone offered one to you for $200? Would you think it was stolen or just someone who no longer valued the iPod at $300?
A few weeks ago I posted a wanted ad for domain names at DNForum. I received a number of responses and bought a couple domains. I received a response from someone offering to sell me a 3 character .com and .net domain for $5,000. This is a fairly low price for a 3 character domain although some have sold in this range. But this was a good 3 character domain: LBF.com/.net. If you Google “LBF†you’ll see a number of companies that would like to have the domain.
I agreed to buy the domain and the seller set up a transaction at Escrow.com. I needed to wire the money to Escrow.com, the seller would transfer the domain, and then the money would be released to the seller. Simple enough.
But I had an uneasy feeling in my stomach. Was this deal too good to be true? I decided to do a little research.
First, I looked up the past ownership records in Whois.sc. The domain was registered to a New York resident until June 2005 when it suddenly showed up with the following WhoIs:
Registration Service Provided By: regiSTAR.com
Contact:
Visit: http://www.regiSTAR.com
Domain name: lbf.com
Registrant Contact:
L.B.F.
Ahmet Oguz ()
+90.5322546594
Fax: +90.2324639021
Sirinyer Cad. No.1002
Izmir, 35200
TR
Administrative Contact:
L.B.F.
Ahmet Oguz ()
+90.5322546594
Fax: +90.2324639021
Sirinyer Cad. No.1002
Izmir, 35200
TR
Technical Contact:
L.B.F.
Ahmet Oguz ()
+90.5322546594
Fax: +90.2324639021
Sirinyer Cad. No.1002
Izmir, 35200
TR
Billing Contact:
L.B.F.
Ahmet Oguz ()
+90.5322546594
Fax: +90.2324639021
Sirinyer Cad. No.1002
Izmir, 35200
TR
Then a few days later it showed up with a new WhoIs:
Registrant:
LBF
Mithatpasa Cad. No:1035 D.4
Izmir, Konak 35280
TR
Registrar: DOTSTER
Domain Name: LBF.COM
Created on: 16-JUL-95
Expires on: 15-JUL-06
Last Updated on: 14-JUN-05
Administrative, Technical Contact:
Kocak, Erk
LBF
Mithatpasa Cad. No:1035 D.4
Izmir, Konak 35280
TR
00905324761075
I decided I should ask Erk where he got the name so I could cover my bases. He said he bought it from the previous owner (prior to Ahmet Oguz) who he said sold out his domain portfolio. I then asked Erk who Ahmet Oguz was. He said that was just another one of his profiles at Dotster because he trades adult names and didn’t want to have some under his name, so he accidentally transferred it to that profile first. Very suspicious.
I did a Google search on Erk’s name and came across a thread at DNForum that made me really suspicious. Someone using a different screen name than the person who contacted me apparently had the same Whois information as Erk. I emailed Erk and asked him if he ever had another DNForum screenname. He said no.
Using the phone number from an old WhoIs record, I decided it was time to contact the previous owner of the domain to make sure he had actually sold it to Erk. The previous owner explained that both of the domains were stolen in June and he is fighting to get them back. WhoIs records show that he owned the domains since 1995. I forwarded him all of the e-mail correspondence I had with the seller, which will hopefully help him.
Sadly, domain theft is rampant. The most famous case is Sex.com, which a thief stole in the 90s by social engineering with a Network Solutions employee. Another famous case is King.com, which the victim eventually got back and sold for six figures this year.
Stealing a domain is not that difficult. Many people use Yahoo or Hotmail addresses in their Whois contact information. They might forget to login to the email system for a few months and have their account terminated, making the email address available again. A thief can register that e-mail address and then request a transfer of the domain to another registrar. You can protect yourself by keeping your email address current. But there are other ways, with a little social engineering and ingenuity, that someone can steal a domain.
There are ways to dispute a stolen domain, but this frequently must be done within six months of losing the domain. Some people with thousands of domains might not realize its missing. And the process is not simple.
What can be done? The first step is for people to look at sellers with a cautious eye. Do a Whowas search at Whois.sc to verify ownership history before shelling out big bucks for a domain. Ask questions of the seller. An honest seller will answer the questions without hesitation. Verify the seller’s credentials. And above all, Caveat Emptor.
with so much up-coming developments in domains industry, i believe newbie like me will get drown and would fall into such trap!
This is a good source to alert ourself especially it is highlighted that stealing a domain is not that difficult! dont lost your hard built domain.
Thz for giving us valuable guide in prevention measures.
James
If someone steals something of value here in the states we call the police and they take a statement and initiate an investigation. Sometimes the property is recovered and the thief prosecuted. All this is undertaken without cost locally and without attorneys or empaneled “impartial” arbiters.
If however someone working at Godaddy a U.S. company steals a domain from a customer in the U.S. the victim can’t call the police because unlike all other thefts this one falls under some obscure remote little known foreign body located on the other side of the planet where really good chocolate comes from. Now here we have a U.S. crime and a U.S. victim yet the victim cannot remedy the crime in his or her own country. The process of recovering a stolen domain involves the hiring of an attorney that specializes in domain theft and bloated ICANN rules and procedures. This attorney will then send a warning letter to the offending basically requesting that they not continue their naughtiness and to return the stolen domain. If after some statutory period of time the crook fails to change his evil ways then the victim can escalate the process by paying ICANN to empanel a few objective justice seekers to take the helm. Now from here who knows what will transpire but the victim will wind up paying thousands of dollars to recover a ten dollar domain. There is something seriously wrong with this bizarre and counter intuitive process that needs to be completely revamped. Seriously could this goofy process be any more arcane or asinine? I think not. Sorry I am an engineer and I can’t seem to adapt to nonsensical impractical conditions. I always assume that systems evolve and improve according to a Darwinian like model. If Darwin was faced with recovering a stolen domain he would have shredded his works and let man know that his days were numbered as evolution would cease at the monolith called ICANN.
Jack Durban, victim of domain theft and ICANN ineptness and obsolescence.