Blogger Thwarts $30k domain hijacking attempt

[nt81]

Cliffnotes,

Blogger has domain hijacked.
Domain shows up on Flippa
Blogger finds out
Bogger calls Domain Registrars
Domain Registrars do NOTHING but acknowledge the hijack
Blogger calls the FBI
Blogger scams the scammer.

A decent read!

http://mashable.com/2014/04/02/ramshackle-glam-hacking

Happy Friday everyone.

 

[Data Glasses]

i think the fbi have been involved in a few incidents like this , we just do not hear about them all, cheers

 

[chris]

Thanks for sharing, very interesting reading.

 

[plano]

Her discussion on mashable is just ignorant rambling she doesn't seem to understand what has happened and this ignorance extends to her thinking that her web hosting company is somehow responsible or otherwise has an interest in the ownership or change of ownership of the domain names of websites hosted with them.

Her mention of the youtube warning and no mention of a change of domain name ownership notification email indicates she was using a gmail account as the registrant contact email and it is this gmail account which was hacked not the 'website' which was instead 'hijacked'.

If this is correct it would be the second hijacking of a domain name recently discussed here on dntrade which was due to the hacking of a gmail account.

The last one I thought but didn't comment that if you want to secure your domain names (and ergo your websites) then use a registrant email address which you own not a third party free email account.

If anyone 'steals' a domain name which has or had a privately owned registrant email address then there is a clear trail of the registrant email address being changed (unless of course the email address belongs to the domain name which has been stolen.)

If someone 'hacks' a gmail account then the owner of the domain name doesn't change, there is no trail showing the domain name has a new owner.

There is a lesson in this somewhere, a more relevant lesson than 'if you lose control of your domain name then contact your web host and tell them they have to do something about it'.

 

[plano]

On second thoughts things might be a bit more complicated than I have outlined if the 'hacker' has control of the actual website rather than just the domain name but the article does not really explain what has been hacked. From my reading it is not possible to know what has happened. Please explain ...

 

[nt81]

Explain what?

With the chances of getting your site back after something like this - I think it was a good effort and worth merit.

 

[plano]

It is all very exciting but rather than get caught up in the experiential narrative maybe you could explain exactly what has been 'hacked'.

Is it the ownership of the website (through the registrant email address)? Is it the hosting account (I can't understand how this would work)? Is it the domain name registration account?

I have postulated what I think has happened if you have any other suggestions or ideas then I would like to hear them but to suggest that it is exciting so therefore doesn't require explanation doesn't really cut it with me.

 

[plano]

A simple narrative of what has happened without the rambling is:

1/ Unauthorised party takes control of domain name / (website?) and offers it up for sale
2/ Original owner pays $30,000 into escrow for it using a third party buyer and thereby resumes control
3/ Original owner seems to expect to have the $30,000 refunded to her from the escrow service

It is actually an interesting use of the escrow service where she agrees to the terms of the sale, the sale goes through, and she then apparently informs the escrow service that she wants the payment refunded because of a theft prior to the escrow agreement which she was aware of when she entered into the terms of the sale.

This puts the escrow service in a difficult position because the theft or fraud has nothing to do with the escrow service itself but instead is between the parties who agreed to the sale which proceeded as agreed. There was no theft or fraud involved in the actual sale transaction or escrow process itself.

This type of demand could have implications for other escrow services which proceed as agreed but then the buyer demands their payment is refunded because of some theft or fraud committed by the seller prior to the agreement being made and the buyer claiming to be fully aware of this theft or fraud when they entered into the sale agreement.

The OP has summarised this as the original owner "scamming the scammer", but this tactic could also be used to scam an innocent seller using escrow.

 

[nt81]

Yeah but this isn't an Escrow forum, it is a Domain forum...