Mayor and his son accused of hacking into email and then illegally accessing GoDaddy account to cancel domain name registration.
West New York mayor Felix Roque and his son were arrested after allegedly working together to hack into an email account to gain access to a GoDaddy account and take down a domain name related to a recall effort against the mayor.
The complaint alleges that Roque’s son, Joseph Roque, was first able to compromise the email address for the owner of RecallRoque.com. Once he had access to the email he then was able to reset the password on the GoDaddy account that held the domain name. He subsequently logged in to cancel the registration, taking the recall web site down.
The complaint also alleges that the pair accessed communications from the registrant’s email account to harass people who were contributing information to Roque’s recall campaign.
It’s a rather fascinating read about how someone used the internet to figure out how to hack into an email account, and subsequently access a registrar account.
Forget worrying about losing your job as mayor. How does ending up in the slammer sound?
[note: the title of this post was updated to avoid confusion. The mayor’s son compromised an email account which was then used to do a password reset at GoDaddy.]
Glen Naughty says
GoDaddy is not secure
GoDaddy no es seguro
you should NEVER put government officials in jail because that might make people more honest and nobody wants to hear the truth.
Just to clarify what happened here – Go Daddy’s account system is extremely secure and was not “hacked” or compromised in any way. For more specifics and to confirm there is no mention of a system failure on Go Daddy’s end, please review the entire complaint located at the bottom of this article: http://www.nj.com/news/index.ssf/2012/05/west_new_york_mayor_arrested_b.html
This article seems like a ploy to get traffic. The headline should be revised instead of leaving a note on the bottom.
Is the major involved? Or was his son a solo act? What are the details of the case? Leaving a small note at the bottom explains nothing about this GD case.
Why doesn’t Godaddy simply remove the “cancel domain button”?
It is true that occasionally it can be useful when you don’t want anymore a domain. But turning off the auto-renew and letting expire is 99% as good to solve that specific problem. (because the main thing when you want to get rid of a domain is obviously that you get rid of the domain, the “when” can be more or less important but often not very important, and always secondary).
So the “cancel domain” button adds really little value. However if it “backfires” it can be “nuclear devastation”: just think of someone with a whole portfolio of domains built with tremendous effort along years and under an account at Godaddy. And now imagine someone finding his password… and he starts making use of the “cancel domain” button… If domainers have a common worst nightmare, it must of be this one.
In my opinion, the “cancel domain” button should win an award as the WORST domain registrar tool ever created.
It’s just terrible… In my opinion, if its not yet possible, Godaddy should at least give the option for the account owner to disable it.
John Berryhill says
“GoDaddy is not secure”
Did you read the article? The father and son allegedly hacked the guy’s email.
What does that have to do with GoDaddy?
If you have an insecure email address, then it doesn’t matter how secure your credit card account, bank account, registrar account, etc. are. Any system that uses email as a contact method is only going to be as secure as your email account. There’s not a whole lot that any online service provider can do about that. This is particularly true of systems which have a lost password reset/recovery method which asks you for your email address and then sends you your password or a reset link. Now, some of these systems will require a non-transmitted piece of information, such as answers to security questions, and so on. But, more often than not, I forget the answers to my own security questions.
Glen Naughty says
all this tech mumbo jumbo confusion
perhaps just a cover, moving Godaddy jobs India so distraction is necessary
From time to time there are emails coming like Sender’s Address is shown to be Godaddy.com and ask to take a certain action.But,it is not actually sent by Godaddy.com. So, domain registrars should make it their policy not to click any link in their emails to their clients.
Correction of the above message.
So, domain registrars should make it their poicy not to ask their clients to click any links in their emails to them(clients). Or their emails should never include any links.
Sorry for the inconvseniences.
Nuno Oliveira says
You should be required to contact the support team to delete a domain. That button can lead to confusion or deliberate problems.
Dave Zan says
How not so smart….I want to say more..
oh my ….
back to biz
Paul wrote: “So, domain registrars should make it their poicy not to ask their clients to click any links in their emails to them(clients). Or their emails should never include any links.”
Good thought. Regretfully, ICANN wants to make registrars do just that to verify the accuracy of the registrants email address.