Latest news of the domain name industry

Recent Posts

Famous Four bosses gave “forged documents” to court

Kevin Murphy, December 28, 2017, Domain Registries

The leaders of Famous Four Media produced “forged documents” during a lawsuit filed by the company’s former chief operating officer, according to Gibraltar’s top judge.

The new gTLD registry’s chairman and CEO were both, along with four other unidentified former employees, involved to some degree in “forging” invoices to an affiliated registrar and/or documents relating to a rights issue, according to a ruling by Chief Justice Anthony Dudley.

The ruling was made in October, but appears to have been published more recently.

Former Famous Four COO Charles Melvin is suing CEO Geir Rasmussen and Iain Roache, chair of parent Domain Venture Partners, over a rights issue that diluted his holdings in a related company, according to a court document.

There’s little in the public record about the specifics of the suit. The complaint is not available publicly and neither man wished to comment while the trial is still ongoing.

But Dudley’s ruling shows that the original claims seem to have been sidetracked by Melvin’s new allegations that the “forged” documents demonstrate that Roache, Rasmussen and others engaged in “fraud” and “conspiracy to pervert the course of justice”.

Nick Goldstone, a partner at Gordon Dadds and a lawyer for Rasmussen and Roache, told DI that they both deny any dishonest behavior and that there has been no finding of dishonesty by the court.

He said in an emailed statement: “both of the individual defendants deny (if it be alleged) that they are dishonest and both deny that they have been engaged in the creation of any forged documents in the wider sense, as alleged by counsel for the opponents in the Court case, or at all.”

According to Dudley’s ruling, the defendants’ trial lawyers have claimed that errors in the invoices provided to the court were the result of “honest incompetence”, which the judge said has “a ring of truth” to it.

Dudley, having decided Roache and Rasmussen “have historically been guilty of serious shortcomings in relation to their disclosure obligations” at some point ordered that metadata be gathered from various documents handed over during the disclosure phase of the trial.

This metadata showed that some documents “were created after (in some instances long after) the date on the face of the documents”, which led the judge to conclude they were technically “forged documents”.

But Goldstone told DI that the documents in question were “forged” only in “explicitly a narrow characterisation of the term”, adding that they had been created by former employees who have all since been fired.

The documents included 10 invoices from Famous Four to AlpNames, also based in Gibraltar, the affiliated registrar responsible for selling hundreds of thousands of cheap names in Famous Four gTLDs.

They also included documents concerning a rights issue in a company called Myrtle Holdings that reduced Melvin’s stake to a negligible amount. Again, dating seems to have been an issue.

Dudley wrote in his decision (pdf):

It is accepted by the respondents that the material produced by them contained inaccurate and misleading information; and that the forged documents have been deployed in the litigation and relied upon in pleadings and witness statements. It also formed part of the material provided to the expert witnesses, whose opinions are consequently tainted.

But Goldstone told DI: “no conclusion has been reached in the ruling as to any ‘dishonesty’ or ‘forgeries’ in the wider sense.”

The trial had been due to kick off in October, but it’s been delayed due to the fact that a lot of evidence and testimony has to be reevaluated.

Roache and Rasmussen had proposed to settle the case with a buy-out offer earlier this year, but that offer was rebuffed by Melvin, according to Dudley’s ruling.

Famous Four runs 16 new gTLDs including .science, .download, .loan and .bid.

Many of its TLDs have been offered at super-cheap prices that have boosted sales volumes but have often attracted high levels of abuse.

Cybersquatter jailed for seven years after prison break

Kevin Murphy, April 20, 2015, Domain Policy

Fraudster Neil Moore, who escaped from prison by cybersquatting, has reportedly been handed a seven-year sentence by a British court.

As we reported last month, Moore escaped from Wandsworth prison merely by sending an email ordering his release from an hmcts-gsi-gov.org.uk email address.

He’d registered the name, a typo of the genuine hmcts.gsi.gov.uk used by the UK court service, on a smuggled smartphone.

He was being held on remand for an unrelated fraud at the time.

Today’s sentencing follows Moore pleading guilty to eight counts of fraud (it doesn’t seem those were related to cybersquatting) and one count of wrongful escape from custody.

New domain scam? ICANN issues vague warning

Kevin Murphy, July 16, 2014, Domain Services

ICANN has warned internet users about a domain name scam that exploits the ICANN name and logo.

Not giving away much information, ICANN said in a statement:

It has been brought to ICANN’s attention that some online entities have attempted to sell fraudulent “certificates”, which they claim are required to protect generic top-level domain names. The perpetuators of this scam threaten registrants on the protection service with the objective of securing a fee from the registrant. The “certificates” look official and include an unauthorized use of the ICANN logo.

Please note that ICANN does not issue certificates to registrants and does not collect fees from registrants directly.

It’s not clear whether the scam is related to the “ICANN certificates” fraudsters sometimes demand as part of domain appraisal scams, which have been well-documented online.

The reference to a “protection service” and new gTLDs suggest this might be something new.

I asked ICANN for a sample of the scam in question yesterday but haven’t heard back yet.

UPDATE: The certificates look like this:

and this:

Will new gTLDs really increase phishing?

Kevin Murphy, December 17, 2011, Domain Policy

The US Federal Trade Commission has come out swinging against ICANN’s new generic top-level domains program, saying it will increase online fraud and should be scaled back.

In an open letter to ICANN’s top brass yesterday, the FTC’s four commissioners claimed that “the dramatic introduction of new gTLDs poses significant risks to consumers”.

Saying that more gTLDs will make it easier for scammers to acquire domain names confusingly similar to existing brands, the commissioners said the program should be rolled out as a limited pilot.

The FTC commissioners wrote (pdf):

A rapid, exponential expansion of gTLDs has the potential to magnify both the abuse of the domain name system and the corresponding challenges we encounter in tracking down Internet fraudsters. In particular, the proliferation of existing scams, such as phishing, is likely to become a serious challenge given the infinite opportunities that scam artists will now have at their fingertips. Fraudsters will be able to register misspellings of businesses, including financial institutions, in each of the new gTLDs, create copycat websites, and obtain sensitive consumer data with relative ease before shutting down the site and launching a new one.

The letter demands better Whois accuracy enforcement, better ICANN compliance programs, and a cap on approved new gTLDs in the first round perhaps as low as a couple dozen.

The FTC’s claims that new gTLDs will increase phishing may not be supported by reality, however.

The latest data (pdf) from the Anti-Phishing Working Group shows that in the first half of the year only 18% of domain names used in phishing attacks were registered by the attacker.

That was down from 28% in the second half of 2010. Phishers are much more likely to compromise a domain belonging to somebody else – by hacking a web server, for example.

Of the 14,650 maliciously registered domains 10,444 (70%) were used to phish Chinese targets, “overwhelmingly” the e-commerce site Taobao.com, the APWG found.

Furthermore, only 2% of these domains – just 1,816 over six months – were judged to have been registered due to their confusing similarity with the brands they target.

The APWG said (emphasis in the original):

These are the lowest numbers we have observed in the last past four years, and show that using domain names containing brand strings has fallen further out of favor among phishers.

the domain name itself usually does not matter to phishers, and a domain name of any meaning, or no meaning at all, in any TLD, will usually do. Instead, phishers almost always place brand names in subdomains or subdirectories

The APWG found only one gTLD that ICANN has introduced – .info, with 4.5% – in its top ten phishing TLDs. The .com space accounts for 48.9% of all phishing domains.

Will the increase in the number of gTLDs reverse these trends? The FTC seems to think so, but the claims in its letter appear to be based largely on guesswork and fear rather than data.

I suspect that the FTC’s letter is more concerned with ICANN’s ongoing bilateral talks with registrars over law enforcement-demanded amendments to the Registrar Accreditation Agreement.

These talks are completely separate and distinct from the new gTLDs program policies, but in the last few weeks we’ve seen them being repeatedly conflated by US lawmakers, and now the FTC.

This may be ignorance, but it could just as well be an attempt to apply political pressure on ICANN to make sure the RAA talks produce the results law enforcement agencies want to see.

ICANN does not want to be forced into an embarrassing retreat on its hard-fought gTLD expansion. By producing a strong RAA, it could deflect some of the concerns about the program.

Another 2,000 .uk fraud domains taken down

Kevin Murphy, November 18, 2011, Domain Policy

Nominet has suspended over 2,000 .uk domain names allegedly being used to sell counterfeit goods on the instruction of the Metropolitan Police.

The Met said in a statement today that the crackdown was designed to protect online shoppers in the run-up to Christmas. It did something similar last year and the year before.

The sites were allegedly selling bootleg products purportedly from brands such as Ugg, Nike and Tiffany.

Nominet said that it worked with is registrars to coordinate the suspensions, and that the registrants were all informed before their domains were taken down.

All the registrants were in breach of terms and conditions, it said.

A Nominet working group is currently in the final stages of creating a policy that will streamline the process of law enforcement domain suspensions, as I reported for The Register today.