Latest news of the domain name industry

Recent Posts

Registrar threatened over “stolen” Facebook domain

Kevin Murphy, April 21, 2011, Domain Registrars

ICANN has threatened to terminate the domain name registrar EuroDNS for failing to transfer a typo domain lost in a UDRP case to Facebook.

But EuroDNS says it is subject to a court case in its home country, Luxembourg, which has prevented it handing over the name.

The original registrant of facebok.com lost a slam-dunk UDRP case back in September 2010. He didn’t even bother defending the case.

But over half a year later, he’s still in control of the domain, and he’s using it to recruit folk into a shady-looking (but probably legal) subscription text messaging service.

EuroDNS is the registrar of record for the domain, and like all registrars is responsible for transferring domains lost under the UDRP to the winning party, in this case Facebook.

ICANN’s compliance department – my guess is under pressure from Facebook – has therefore threatened EuroDNS with termination unless it hands over the domain in the next three weeks.

This is noteworthy because EuroDNS isn’t the kind of tiny, fringe outfit ICANN usually files compliance notices against. It’s a generally respectable business. It even shows up to ICANN meetings.

EuroDNS deputy general counsel Luc Seufer tells me that the company was fully prepared to transfer the domain – it had even sent the authorization codes to Facebook – but it found itself on the receiving end of a lawsuit claiming that the domain had been “stolen”.

Somebody in Luxembourg, it seems, has sued to reclaim an obvious typo domain that’s probably going to be transferred to Facebook anyway.

“We are therefore in an incredible position where if we transfer the name before the judge’s ruling we will be accountable in our own country and if we don’t transfer the name we are in breach of the [Registrar Accreditation Agreement],” said Seufer.

The Luxembourg case has not yet made it to court, hence EuroDNS’s delay, he said. ICANN is aware of the action, and has seen the court papers, he said.

According to ICANN’s breach notice (pdf), the only way for EuroDNS to avoid its obligation under the UDRP is to show proof that the original registrant has sued Facebook to keep the domain.

But the case in question was filed by a third party claiming to be the rightful owner of the domain, not the original registrant. EuroDNS seems to be trapped between a rock and a hard place.

Seufer said the company is prepared to hand over the domain, adding:

Should we simply ignore a judiciary court case against us in our own country – that could prevent us from operating the transfer since it is was asked of the judge – because of our RAA’s obligations?

The domain in question, facebok.com, currently redirects to a series of sites asking visitors to fill in a survey to win a Mac.

Those who are duped by it are actually signing up to a text service that costs, in the UK, £4.50 ($7.40) per week.

Namecheap poaches 20,000 domains from Go Daddy

A protest promo launched after Go Daddy CEO Bob Parsons came under fire for shooting an elephant appears to have netted Namecheap about 20,000 domain name transfers.

The company tweeted from its official account last night: “Thank you Namecheap customers, new and old! We have raised $20,433 to savetheelephants.org. We appreciate your support!”

Given Namecheap had offered to donate $1 for every domain transferred using a special $4.99 coupon code, it looks like it received 20,433 transfers over the last week.

Parsons won’t lose any sleep over this. Go Daddy’s domains under management ticks up by the same amount every five hours.

It may be a more significant amount for Namecheap, which says it has over a million domains under its belt.

UPDATE: As Adam Strong notes in the comments, the 20,000 domains did not necessarily all come from Go Daddy, as the offer was open to anybody.

NetSol to alert cops over domain hijacking

Network Solutions intends to “notify the proper authorities” after a high-profile customer had his account hijacked over the weekend.

Stephen Toulouse, head of policy and enforcement for Microsoft’s Xbox LIVE, lost access to stepto.com, including his web site and email, for several hours yesterday, after a disgruntled teenaged gamer persuaded a member of NetSol’s support staff to hand over the account.

In a statement published on its blog, the domain name registrar said it was an “isolated incident directed at a specific customer account”, adding:

We maintain a well developed processes to ensure that Social Engineering attempts or any identified security concerns are immediately alerted to a Supervisor, who will expedite the investigation, usually with the help of the Network Solutions Security team. In this case, the procedure was not followed, and we apologize for any trouble caused to our customer.

Our Security team continues to investigate this matter. Additionally, because we take this matter very seriously, we intend to notify the proper authorities with the evidence that we have gathered, so that they may investigate the person(s) responsible for the fraud.

According to a new YouTube video released by the person claiming responsibility for the attack, “Predator”, he’s 15. He blamed Toulouse for his frequent Xbox LIVE bannings.

While he said he perpetrated the attack to highlight insecurities in Xbox LIVE, he also offered to hijack other gamers’ accounts for up to $250.

Comments posted in response to his first post-attack video claim to reveal his true identity, but of course comments on YouTube are not what you’d call reliable evidence.

The video itself does reveal a fair bit of information, however, so I can’t imagine tracking him down will be too difficult, especially if Microsoft has his parents’ credit card number on file.

His YouTube channel also has videos of him operating a botnet. That’s a whole lot more serious.

Xbox security chief gets domain hijacked

The head of Xbox Live policy and enforcement at Microsoft has had his domain name compromised by a disgruntled gamer using a social engineering attack on Network Solutions

Stephen Toulouse, who goes by the screen name “Stepto” and has the domain stepto.com, seems to have also lost his email, hosting and, as a result, his Xbox Live account.

He tweeted earlier today: “Sigh. please be warned. Network solutions has apparently transferred control of Stepto.com to an attacker and will not let me recover it.”

Somebody claiming to be the attacker has uploaded a video to YouTube showing him clicking around Toulouse’s Xbox account, whilst breathlessly describing how he “socialed his hosting company”.

It’s a bit embarrassing for Toulouse. He was head of communications for Microsoft Security Response Center for many years, handling comms during worm outbreaks such as Blaster and Slammer.

Now at Xbox Live, he is, as the attacker put it, “the guy who’s supposed to be keeping us safe”.

But it’s probably going to be much more embarrassing for Network Solutions. When the tech press gets on the story tomorrow, difficult questions about NSI’s security procedures will no doubt be asked.

Toulouse has already made a few pointed remarks about the company on his Twitter feed today.

Social engineering attacks against domain name registrars exploit human, rather than technological, vulnerabilities, involving calling up tech support and trying to convince them you are your victim.

In this case, hijacking the domain seems to have been a means to control Toulouse’s email account, enabling the attacker to reset his Xbox Live password and take over his “gamer tag”.

The same technique was used to compromise the Chinese portal Baidu.com, that time via Register.com, in late 2009. That resulted in a lawsuit, now settled.

The attacker, calling himself Predator, was apparently annoyed that Toulouse had “console banned” him 35 times, whatever that means.

He seems to have left a fair bit of evidence in his wake, and he appears to be North American, so I expect he’ll be quite easy to track down.

Predator’s video, which shows the immediate aftermath of the attack, is embedded below. It may not be entirely safe for work, due to some casually racist language.

UPDATE (April 5): The video has been removed due to a “violation of YouTube’s policy on depiction of harmful activities”. I snagged a copy before it went, so if anybody is desperate to see it, let me know.

Go Daddy CEO catches flak for “elephant snuff film”

Kevin Murphy, March 28, 2011, Domain Registrars

Bob Parsons has come in for criticism for a recent video diary in which he headed to Zimbabwe to hunt elephant.

A petition launched yesterday at Change.org, entitled “Tell Go Daddy’s CEO: Real Men Don’t Kill Elephants” has attracted over 400 signatures.

The petition describes Parsons’ video as “basically a gruesome, 4-minute elephant snuff film”.

You can watch it here, if you can stomach the AC/DC soundtrack, photos of Parsons grinning over the corpse, and the scene where dozens of Zimbabweans (many wearing Go Daddy baseball caps) greedily tear up the elephant’s carcass.

The justification presented in the video is that “problem” elephants have been destroying crops, putting farmers’ livelihoods at risk.

The petitioner says there are better, more humane ways of dealing with the problem.

I expect this kind of PR plays well to the NASCAR crowd. To desk-bound, liberal-elite media, city-boy vegetarians such as myself, less so.