THIS WAS WRITTEN A FEW YEARS AGO AND WILL BE REWRITTEN SHORTLY
Since the dot-com bubble burst in the early 2000’s the value and profile of domain names has again been on the increase. Apart from recent financial turmoil caused by the world recession the average value of domain names has increased dramatically and shows no sign of stopping.
Due to the higher profile of domain names and the value that this brought it has unfortunately resulted in a rather unsavory side effect. The number of stolen and hijacked domain names has increased dramatically over the last few years.
Now many of you may be forgiven for wondering how a virtual item can be stolen or hijacked. Domains as we know are not tangible items and are more virtual items. Over the course of this article I hope to make you aware of ways that can be used to steal your domain name. Only by knowing how domain names can be can we actually protect against it.
There are many attack vectors that can be used to gain control of your domain name. Let us run through them here:
For anyone that does not know reverse engineering is a method in which someone will pretend either to be someone else or pretend to be someone who should have certain information. Reverse engineering usually works on the premise that most people want to help or to be seen to help others as much as possible. Reverse engineering works by exploiting the most unreliable part of any process, the human interaction.
Sometimes all it takes for a successful reverse engineering attack is for the attacker to try to obtain a little sympathy. A lot of the time the person who is being attacked will more likely help if they believe the person is in a predicament. Now you might be wondering how this could assist in someone stealing your domain name, quite simple. If the person is talking to a GoDaddy representative for example (or any other registrar where your domain names may live) and they vie for a bi of sympathy and are pretending to be you the registrar representative may bypass the necessary security and help with minimal information.
Email Account Hacking
The most prevalent way that registrars contact owners of domain names is to email them. I have personally assisted a few people in obtaining their domain names back after they had been stolen. The method the thief stole in these instances was to hack the user’s domain name. If you for example hack an email address that someone uses for their registrar account you now have complete access to the person’s domain names. Once the thief has control of the email address it is a trivial issue to reset the password for the registrar then to change the domain details or to transfer these away. Gmail accounts in the past did have security holes that were used to steal domain names in this way.
The usual way for a registrar account to be compromised is to first gain access to the email address used to register however it has also been known for accounts to be compromised due to people usually using the same username and passwords between different websites. If for example you register on a website and the website is less than desirable it would be trivial for the website owner to retrieve your username and password and try these on the registrar websites.
There are of course other methods for gaining access to registrar accounts however these methods go beyond the scope of this article.
1 of the most dangerous times for a domain portfolio owner is when a sale is taking place. Many domain names are lost due to something going wrong with a sale and of course the payment is where this happens. It is quite easy for someone to gain access for example to a hacked Paypal account. At the time of the sale everything may look like it has gone through fine however it may become apparent a few weeks later that the transaction was fraudulent. The first time you become aware of this is usually due to a charge-back.
Many sales are carried out using the Paypal Mass Pay feature. The seller believes that this gives them security from charge-backs. Unfortunately these people are mistaken.
A reverse hijack is not necessarily considered theft however can be a real concern for any domain portfolio owner who has potential high value domain names. A reverse hijack is where a company/individual registers a trademark to try to prove that your domain name infringes their trademark. If the trademark was registered after you bought the domain name you of course could not have bought the domain in bad faith however the aim of the other party is to try to prove that you did register in bad faith as there is a registered trademark. The way in which the domain name is obtained is usually by filing a WIPO on the domain name.
To ensure that you are not a victim of this type of hijack make sure that you keep track of when you register your domain names as well as to scrutinize any information you are given as part of a WIPO complaint.
How To Protect Yourself
Most methods that you can use to protect yourself are self-explanatory and common sense however they should be mentioned anyway.
Avoid Using Free Email Hosts
Avoid using free email hosting companies including hosts such as Google. Free email hosts do not hold any liability caused by any security flaws they have. Once a security hole has been identified for these providers the information is usually disseminated throughout the internet quite rapidly.
Ensure Your Whois Email Is Different Than Your Registrar Email
When registering on registrar’s websites you should make sure that you are using a different email than you use for your whois information. Whois information is public knowledge. Although you can use whois privacy sometimes you have to pay extra. Not all extensions allow whois privacy either. If the email used to register with the registrar is unknown it will be harder for a thief to gain access to your account.
Secure Your Username And Password
Ensure that your username and passwords that you use for your registrar is not something that will be known by other people. The password should be as long as possible (10-15 characters) and should contain letters (uppercase and lowercase), numbers and symbols. Also avoid using words within your password. By adhering to these rules it will be harder for a thief to guess your details.
Ensure That Whois Details Are Always Up To Date
You must make sure that the whois information for your domain names is always up to date. It is not just a matter of your domains security that requires the whois to be kept up to date, it is in fact a Nominet requirement. If the details are incorrect Nominet are within their right to remove the domain name. You should also make sure that the information contained within the whois is kept up to date. If the email address for example is not correct you will not receive notifications of any issues (such as a WIPO claim) or even worse if the email address is no longer used or if the domain the email was for has expired someone could easily get this domain and create an email address for it and use this to obtain your domain.
Check Registrar Security Functions
Most registrars have enhanced security packages. Some of these registrars require you to pay a sum per domain name while others are per account. Be sure to check what added benefits these packages have and consider purchasing them. For reg fee domain names it may of course not be financially viable however if you have domains in the $x,xxx + price range it would be a bad idea not to do everything in your power to secure them.
Never Trust Anyone
Although this may sound a bit harsh you should not trust anyone especially when taking payments. If someone is asking you any information about your domain names or personal information be skeptical on why they are asking. You should also minimize information that you give out on social engineering sites and forums. Any information that you give out can be used for social engineering. Ensure you do not make it easy for the thief.
Monitor Your Domains
A lot of people who have portfolios tend to forget about their domain names until they come up for renewal. If you are serious about your portfolio and keeping it safe make sure you use a method for keeping track of your domain names. Even if the registrar supplies tools to do this it would be a good idea to use 3rd party tools to keep an eye on things such as the whois details and to monitor any changes that occur. If you do this however be sure to understand the limitations of the tools that you use.
In the past for example I used the tools provided by Domain Tools. Although the tools are very good I was amazed one day to find that it took around 2 months for their tools to notice that the nameservers for 1 of my domains had changed. If my domain had been stolen this would have been way too late to have done anything about it.
What Can I Do If My Domain Is Stolen
If you are unfortunate enough to find that you have had domains stolen the first thing you should do is of course to contact the registrar. The preferred method of contact is of course by making a phone call. To back this up I would strongly suggest emailing support so that there is a written version as well. If there is no phone support or the phone support is closed seek advice from live chat support if available or email the support.
Once you have contacted the registrar you should ensure that all of your accounts are secure. Change any password to make sure that if they managed to gain access that they no longer have any. Make sure that the profile on the registrar site matches your own details (especially the name, address and email).
Lastly make as much noise as possible. Most domains are stolen so that they can be sold on. Of course a thief would like to sell the domain as soon as possible so that they are not stuck with a domain that is unsellable as it is known to have been stolen. Register and log onto as many domain name forums and blogs (such as Namepros or DNForum) as possible and post as much information as you can get including current whois information, any contact made from the thief etc. Not only will this alert people about the stolen domain name and prevent them from buying it but it will also enable you to have many more people looking out for you. Some of these people will end up keeping an eye out on your behalf and may also give you any information they find out which can prove invaluable.
By following the simple steps within this article you will be going a long way to making life difficult for any thief that may have their eye on your domain names.
If you feel that I have missed out anything be sure to let me know. I will gladly revisit this article in future and of course rewrite any sections that are necessary. If you would like to syndicate this article feel free to ask.