Latest news of the domain name industry

Recent Posts

Berkens sues Twitter over hacked account

Kevin Murphy, December 28, 2017, Gossip

Blogger and high-profile domain investor Mike Berkens of TheDomains.com has sued Twitter for allowing his account to be hacked and failing to rectify the problem.

As industry Twitter users will no doubt already be aware, Berkens’ account @thedomains came under the control of an unknown hacker on Friday last week.

The avatar was changed from the The Domains logo to the face of an East Asian man and tweets from the account began to sound out of character.

Despite the attack being reported to Twitter by Berkens and others (including yours truly), the account does not yet appear to have been returned to its proper owner.

In a complaint filed yesterday in Northern California, Berkens claims Twitter “still has done nothing to substantially acknowledge, investigate or respond to Plaintiffs’ complaint, and restore Plaintiffs’ access to the Account.”

The suit, which also names (as Does) the unknown hackers, has nine counts ranging from computer fraud to trademark infringement to negligence and breach of contract.

Berkens wants his account back, as well as damages. He’s currently tweeting from @thedomainscom as a temporary workaround.

The complaint, kindly donated by George Kirikos, can be read here (pdf).

Domain President? Dicker fallout continues as Schwartz unleashes tweetstorm

Kevin Murphy, June 12, 2017, Gossip

“Domain King” domain investor Rick Schwartz has twunleashed a twirade of Twitter twabuse about deleted podcasts that would put Donald Trump to shame.

Starting late Sunday night and apparently still ongoing at time of publication, Schwartz has been haranguing Michael Cyger, publisher of the DomainSherpa and DNAcademy investor sites, about dozens of deleted DomainSherpa podcasts.

So far, he’s hit send on scores of tweets. A very small sample:

Cyger was the host of the DomainSherpa video podcast, which regularly featured Schwartz and TheDomains publisher Mike Berkens as guests.

Also a regular guest was industry pariah Adam Dicker, who many domainers believe has used shady business practices in his dealings with others in the community.

After stories began to emerge of Dicker’s alleged wrongdoings, Cyger decided to stop using him as a guest. He subsequently removed all previous shows featuring Dicker from the DomainSherpa web site.

Now, Schwartz and Berkens are pissed that the hundreds of hours they volunteered into appearing on the show were wasted, and that hundreds of social media links they used to promote the shows are useless.

The three parties chatted by phone back in March, all seem to agree, about how to resolve this issue.

Cyger says it was agreed that the deleted shows would be replaced by an explanation that the show had been removed.

But Berkens and Schwartz claim that Cyger has in fact been ignoring their requests to reinstate the shows — hence the tweetstorm over the last 24 hours. Cyger denies that claim, and says he believes he did the right thing by removing the shows.

I, for the record, have no opinion on the matter.

Hacker hostage crisis at ICANN secret key ceremony! (on TV)

Kevin Murphy, March 24, 2017, Gossip

One of ICANN’s Seven Secret Key-Holders To The Internet got taken out as part of an elaborate heist or something on American TV this week.

In tense scenes, a couple of secret agents or something with guns were forced to break into one of ICANN’s quarterly root zone key signing ceremonies to prevent a hacker or terrorist or something from something something, something something.

The stand-off came after the secret agents or whatever discovered that a hacker called Mayhew had poisoned a guy named Adler, causing a heart attack, in order to secure his position as a replacement ICANN key-holder and hijack the ceremony.

This all happened on a TV show called Blacklist: Redemption that aired in the US March 16.

I’d be lying if I said I fully understood what was supposed to be going on in the episode, not being a regular viewer of the series, but here’s the exposition from the beginning of the second act.

Black List

Botox Boss Lady: Seven keys control the internet? That can’t be possible.

Neck Beard Exposition Guy: They don’t control what’s on it, just how to secure it. All domain names have an assigned number. But who assigns the numbers?

Soap Opera Secret Agent: Key holders?

Neck Beard Exposition Guy: Seven security experts randomly selected by ICANN, the Internet Corporation for Assigned Names and Numbers.

Bored Secret Agent: Max Adler’s wife mentioned a key ceremony.

Neck Beard Exposition Guy: Yeah, four times a year the key holders meet to generate a master key and to assign new numbers, to make life difficult for hackers who want to direct folks to malicious sites or steal their credit card information.

Botox Boss Lady: But by being at the ceremony, Mayhew gets around those precautions?

Neck Beard Exposition Guy: Oh, he does more than that. He can route any domain name to him.

That’s the genuine dialogue. ICANN, jarringly, isn’t fictionalized in the way one might usually expect from US TV drama.

The scene carries on to explain the elaborate security precautions ICANN has put in place around its key-signing ceremonies, including biometrics, smart cards and the like.

The fast-moving show then cuts to the aforementioned heist situation, in which our villain of the week takes an ICANN staffer hostage before using the root’s DNSSEC keys to somehow compromise a government data drop and download a McGuffin.

Earlier this week I begged Matt Larson, ICANN’s VP of research and a regular participant in the ceremonies (which are real) to watch the show and explain to me what bits reflect reality and what was plainly bogus.

“There are some points about it that are quite close to how the how the root KSK administration works,” he said, describing the depiction as “kind of surreal”.

“But then they take it not one but two steps further. The way the ceremony happens is not accurate, the consequences of what happens at the ceremony are not accurate,” he added.

“They talk about how at the ceremony we generate a key, well that’s not true. It’s used for signing a new key. And then they talk about how as a result of the ceremony anyone can intercept any domain name anywhere and of course that’s not true.”

The ceremonies are used to sign the keys that make end-to-end DNSSEC possible. By signing the root, DNSSEC resolvers have a “chain of trust” that goes all the way to the top of the DNS hierarchy.

Black ListThe root keys just secure the bit between the root at the TLDs. Compromising them would not enable a hacker to immediately start downloading data from the site of his choosing, as depicted in the show. He’d then have to go on to compromise the rest of the chain.

“You’d have to create an entire path of spoofed zones to who you wanted to impersonate,” Larson said. “Your fake root zone would have to delegate to a fake TLD zone to a fake SLD zone and so on so you could finally convince someone they were going to the address that you wanted.”

“If you could somehow compromise the processes at the root, that alone doesn’t give you anything,” he said.

But the show did present a somewhat realistic description of how the ceremony rooms (located in Virginia and California, not Manhattan as seen on TV) are secured.

Among other precautions, the facilities are secured with smart cards and PINs, retina scans for ICANN staff, and have reinforced walls to prevent somebody coming in with a sledgehammer, Larson said.

Blacklist: Redemption airs on Thursday nights on NBC in the US, but I wouldn’t bother if I were you.

Did Whois blow the lid off a Labour leadership coup, or is this just pig-fuckery?

Kevin Murphy, February 28, 2017, Gossip

A British Member of Parliament has been forced to deny he was behind the registration of several domain names promoting him as a future leader of the Labour party.

Clive Lewis, until recently a member of the shadow cabinet, told the Guardian yesterday that he did not register the batch of domains, which included cliveforleader.org.uk, cliveforlabour.org.uk and their matching .org, .uk and .co.uk domains.

“None of this is true: I haven’t done this,” he told the paper, following a Huffington Post article revealing the names had been registered June 29 last year, just a couple of days after he was appointed shadow defence secretary.

Lewis resigned from the shadow cabinet three weeks ago after refusing to vote in favor of triggering the Article 50 process that will take the UK out of the European Union.

The Labour Party has been dogged by stories about potential leadership challenges ever since Jeremy Corbyn — popular among grassroots party members, unpopular with voters — took over.

Questions about Corbyn’s leadership reemerged last week after a disastrous by-election defeat for the party.

The domains were taken as an indication that Lewis had been plotting a coup for many months, which he has denied.

The Whois records do not support a conclusion one way or another.

Under Nominet rules, individuals are allowed to keep their phone number, postal and email addresses out of Whois if the domains are to be used for non-commercial purposes, a right the registrant of the names in question chose to exercise.

Public Whois records show the .uk names registered to “Clive Lewis”, but contain no contact information.

They do contain the intriguing statement “Nominet was able to match the registrant’s name and address against a 3rd party data source on 29-Jun-2016”, a standard notice under Nominet’s Whois validation program.

But Nominet does not validate the identity of registrants, nor does it attempt to link the registrant’s name to their purported address.

The statement in the Whois records translates merely that Nominet was able to discover that a person called Clive Lewis exists somewhere in the world, and that the postal address given is a real address.

The .org and .com domains, registered the same day by the same registrar, use a Whois privacy service and contain no information about the registrant whatsoever.

Lewis himself suspects the batch of names may have been registered by a political opponent in order to force him to deny that he registered them, noting that fellow MP Lisa Nandy had a similar experience last July.

His initial statement to HuffPo, on which he reportedly declined to elaborate, was:

A lesson from LBJ [US President Lyndon B Johnson] in how to smash an opponent. Legend has it that LBJ, in one of his early congressional campaigns, told one of his aides to spread the story that Johnson’s opponent f*cked pigs. The aide responded: ‘Christ, Lyndon, we can’t call the guy a pigf*cker. It isn’t true.’ To which LBJ supposedly replied: ‘Of course it ain’t true, but I want to make the son-of-a-bitch deny it.’

Since then, along with his denial to the Guardian, he’s told his local Norwich newspaper that he’s tasked his lawyers with finding out who registered the names.

“I have instructed a solicitor to go away and look at this. They can try and make sure we find the identity, the IP address and the payment details,” he told the Eastern Daily Press.

Nigger.com returned to NAACP after expiration prompts $10,000 auction

Kevin Murphy, February 14, 2017, Gossip

US civil rights group the National Association for the Advancement of Colored People has reclaimed the domain name nigger.com after it expired and went to auction.

The names nigger.org and nigger.net were also affected, but according to Whois records the NAACP restored all three yesterday.

The names had been in pending renewal/delete status for three weeks, during which time the registrant was listed as Perfect Privacy, Web.com’s proxy/privacy provider.

While expired, the .com had been placed (presumably automatically) in a NameJet auction, as first reported by Raymond Hackney at The Domains.

At time of writing, the auction had attracted 72 bids and a high offer of $10,000.

It was a “Wish List Auction”, indicating that the domain’s prior registrant had not yet exhausted all options to have the name restored.

As Hackney noted, if these domains fell into the wrong hands it could have a negative impact on race relations in the US.

But the NAACP, which first got hold of the domains almost 20 years ago, seems to have had a remarkably lackadaisical attitude to them over the last few years.

Not only did it accidentally allow the names to expire, but DomainTools and Archive.org captures show that the associated web sites had been compromised repeatedly since late 2014.

Every capture since late 2014 shows taunting, racist messages from the hackers, at least one of which associated himself with troll group the “Gay Nigger Association of America”.