[gnso-irtp-b-jun09] Identity theft case

["Diaz, Paul" <pdiaz@xxxxxxxxxxxxxxxxxxxx>]

FYI

ALERT: Identity Theft Hits NameJet (TheDomains.com, 100410)
http://www.thedomains.com/2010/10/04/alert-identity-theft-hits-namejet-dr-chris-hartnett-it-can-happen-to-you/
 

This is some pretty scary stuff.

REALLY SCARY stuff and its happening to domainers

Identity theft, impersonation, and if one victim is correct, there is a thief 
among us, someone with a lot of knowledge about the domain industry, how the 
business works, who the players are.

Dr. Chris Hartnett is here to warn you.

Dr. Chris Hartnett, is no ordinary domainer.

Dr. Chris is  a member of the Domain Hall Of Fame, and was the subject of A 
Cover Story by Ron Jackson’s DnJournal.com back in June 2008.

This week he was the victim of identity theft at NameJet.com.

Here the REALLY scary part:

Dr. Chris says It hasn’t been the first time.

He thinks he was targeted because he is in the domain business.

and he is warning it could happen to you.

Let's review what we know.

On the morning of September 30th I got three separate emails from three 
separate people that watch the NameJet.com auctions all letting me know that 
several domains had been put back into auction due to a non payment with the 
bidder ID: bidder9999, which these domainers associated with Dr. Chris.

The domains effected included Solars.com which “sold” for $6,100 on September 
21, TradeWire.com which “sold” for $4,600 and W3W.com which sold for $3,200 on 
September 23rd.

These weren’t the only domains “won” by that bidder ID, but these totaled 
almost $15K in bids alone.

The emails I received from the concerned domainers all suggested the same thing.

Dr. Chris  “used to have money” what happened to him that he can’t pay for his 
auctions.

In the business world about all you have is your reputation so I immediately 
wrote to Dr. Chris and the GM of NameJet.

Here’s the bottom line

Someone set up an account at NameJet.com in Chris Hartnett’s name, furnishing 
NameJet.com with a North Carolina’s drivers license, with Dr. Chris’s home 
address but with a different picture.

This person then put in stolen credit card numbers into Namejet.com system to 
pay for his purchases.

Some of the purchases went through, and the domains we transferred to the fake 
Dr. Chris Harnett account so that the whois of these domains now reflect the 
owner to be “Hartnett, Chris”.

Other domains won by auction under this bidder id were not paid for, some where 
over the credit card limit of $5K set by NameJet.com, like Solars.com.

Namejet.com has had a policy since its inception that any auction ending in $5K 
or more had to be paid by wire transfer.

Other NameJet.com bidders were pushed up by the bids placed by fake Chris 
bidding account in some cases by increasing their bids by thousands of dollars.

At this point Namejet.com recognizes that the fake Chris account is just that, 
a fake account set up with fake Id and stolen credit cards.

NameJet.com will be commenting on this story later sometime today and I will 
let them figure out how they are going to handle the effected bidders.

Back to the REALLY scary part:

This is not an isolated instance.

This is one of several identity fraud situations Dr. Chris has faced over the 
last few months, including the loss of a few of his domains (still unretrieved).

In Dr. Chris own words, he details what has happened to him:

“So far  over the last 6 months they have hacked into several registrar 
accounts where my domains are kept.”

“The hacker put a Key Logger on one of my computers that watched every word I 
typed.”

“Then  he got into all my email accounts (5) and changed the forward to his 
hotmail email address  and when I was in one of the accounts just  as they were 
changing the email forward address they knew then that I was on to them.”

“So within minutes I received an email stating that they “owned me” knew where 
I lived and they  had control of my life. They said if I wanted them to leave 
me alone I had to transfer these 3 major domain names I own to them within 24 
hours.”

“I was in Vancouver at the time and the head of security at a major registrar 
told me I couldn’t get back into my account because I wasn’t Chris Hartnett. He 
said that he had talked to Chris Hartnett a number of times over the last few 
weeks and I wasn’t him. He said he had a photo copy of Chris Hartnett’s  North 
Carolina drivers license in  hand. I said, “really” how old is Chris Hartnett? 
He said, “37″. I told him I was 56 at the time and asked him for his email 
address and I took a picture of my drivers license and  my passport and emailed 
it to him with another  picture of me while I was on the phone.”

“I told him to Google me and see if I am 37 or 56 and gave him my hotel phone 
number in Vancouver to call me back through the switch board. He called back 
and apologized and put a hold on my entire account and 15K domains.”

“There were 380 of my best domains scheduled to be transferred out within the 
next few days. I lost 3 domains in the process, the rest were saved.  By the 
time I figured what was gone, all three were flipped and purchased at auction 
or sold privately for pennies on the dollar within days.”

“The hacker sent me an email calling me “a stupid asshole” for not checking my 
accounts in over three weeks. He probably had a point but I wouldn’t have put 
it that way.”

“I had a old employee of mine who could hack into anything on earth spend the 
next three days getting my life back for me. He told me that this crook was 
very very good and he had also loaded three, not one but three Key Loggers on 
my computer and he knew every word that I typed, probably for months.”

“This crook is obviously a domainer because he is all over our space.”

“Last week a got a letter from a guy who wanted a domain name I owned. It 
turned out I didn’t own it but the domain was using my whois info with a 
different email address but my home address here at heavenly mountain.”

“These guys are slick.”

“Let’s say they somehow get a key logger onto one of your computers. (very easy 
to do.) They quietly watch what you are doing.”

They see you log into one of your domain accounts by watching every keystoke 
you make over a few weeks. ”

Now they can hack into your domain account when you aren’t looking. Quietly 
over a few weeks or months they go into your account and they look at all your 
domains.”

They pick some good ones but not great ones that you wouldn’t instantly miss 
and steal some of the good ones.”

They transfer those names out quietly and they change the email forwarding 
address on your account long enough so that they get the transfer notice and 
not you. They then switch the forwarding email back to you as soon as the 
notice comes from your registrar saying that you have transferred out a name or 
changed the email address or something like that. Now they have got your name 
and you may not notice that it is even missing from the account (which is what 
happened to me).”

“They change the whois info on your stolen name to my name and address (Chris 
Hartnett’s) and open an auction account, put up a valid yet stolen credit card 
on that new account and they start auctioning off names for a few hours or 
days. Eventually they sell something and take the money and run.”

“This guy probably figures that he can’t get cash or gems or gold on the 
internet but if he targets a domainer and gets control of his accounts, he can 
transfer out domains, put them up for quick auction, get the cash out that way.”

He also is using my name when he wants to auction off an important domain 
because he figures it is believable that I would own such a name.”

“A few weeks ago John Mauriello from SnapNames/Moniker called me to see why I 
hadn’t paid an invoice for $35,000.

“For what I asked?”

“He said because I had sold the domain, Prince.com privately but I signed a 90 
day exclusive with Moniker and the domain was in the August Showcase auction.”

“I told him I never owned that domain name.”

“This person put the domain up for auction using my name”

“John apologized for the mistake”

“Bottom-line. There is a very very very smart thief amongst us and we should 
all beware.”

Thanks to Dr. Chris for bravely telling his story.

As domainers we are particular in danger of identity theft.

We have a LOT more at stake than most people, assets that are protected only by 
log in access to registrars accounts and those other companies in the domain 
space.

So we have someone or a group of people who are pretty brazen.

Fake Id’s

Stolen credit cards

and I have been told by mulitple parties he has no problem getting on the phone 
to assert that he is the person he is pretending to be.

Scary

Be careful out there.