[ALAC] Domain Hijacking - For Discussion and Action

Garth Bruen gbruen at knujon.com
Sun Feb 2 21:43:11 UTC 2014 

Dear Colleagues,

This is an ugly topic which has come up frequently but for which little has
been done. Thanks to Dev, I have become aware of a high-profile domain theft
case in my region. Because the victim is in the United States I am bringing
he concerns to the community and will be pushing for serious attention on
the problem. The full story can be found here:
https://medium.com/p/24eb09e026dd, but basically an attacker used various
social engineering methods to steal a domain name and then used it as
collateral to steal a Twitter account from the same person. Here the domain
was the vector and not the target, but it does not matter. The domain should
have never been hijacked. 

The registrant in the case did everything right: paid bills, didn't abuse
the domain name, a model domainer. There is clearly something very wrong
with the way registrant identities are verified (or not) and a lack of
procedure on ICANN's end for dealing with these domain customer issues.
Obviously, the Twitter issue is beyond our prevue but the domain theft here
could happen to anyone of us.

In Buenos Aires I presented two cases to At-Large: 1) A non-English-speaking
community group in Asia/Pacific who has their domain hijacked and did not
even know where to begin to get help and 2) The case of Frederick Harris who
claims he brought his hijacking case to Compliance and was turned away:
http://www.circleid.com/posts/20131021_icann_can_not_be_trusted_to_protect_d
omain_registrants/

There are multiple problems here starting with the registrant's information
not being protected, to using payment systems as identification, to
registrant education, to poor customer service, to a lack of process at
ICANN, etc. etc.

I'm calling here for the beginning of a true look into the problem, it's
extent, and possible solutions. 

Thanks, Garth


-------------------------------------

Garth Bruen
Chair of ICANN At-Large North America (naralo.org)
http://www.linkedin.com/pub/4/149/724

"If history is deprived of the Truth, we are left with nothing but an idle,
unprofitable tale" -Polybius

More information about the ALAC mailing list