Man held former company’s name for ransom and redirected it to porn site.
Travis Tso worked for an IT company in Phoenix. In 2011 he renewed an account for the company with GoDaddy.
Fast forward to 2015, when the company decided to update its contact information with GoDaddy. The company reached out to Tso and asked for the account login info. According to the statement Tso made in a plea deal, Tso lied and told them he didn’t have it.
He then changed the contact info on the account several times and made changes to the account so the website was redirected and email didn’t work. He asked the company for $10,000 if they wanted the domain back. When they refused, he redirected the domain to a porn site.
Tso was sentenced Monday to four years of probation and will pay $9,000 restitution.
While someone at a company has to have registrar login credentials, it’s important to have security protocols in place to make sure this type of hijacking doesn’t happen. Also, the domain shouldn’t be registered in the name of an employee.
Do you think he would have been charged if he didn’t originally work for the company first?
In my opinion if he didn’t work for the company then he would have never been charged for anything.
What are your thoughts Andrew?
Not so sure about that. The key was they knew who it was and he was local. It’s nice to see the authorities taking this seriously.
What a small penalty.
The judge said it appeared to be a one time lapse in judgment
Looks like he broke these laws of the Computer Fraud and Abuse Act
(7) with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any—
(A) threat to cause damage to a protected computer;
(B) threat to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access; or
(C) demand or request for money or other thing of value in relation to damage to a protected computer, where such damage was caused to facilitate the extortion[7]