ICANN ICANN Email List Archives

[gnso-irtp-b-jun09]


<<< Chronological Index >>>    <<< Thread Index >>>

[gnso-irtp-b-jun09] more on identity theft case

  • To: "<Gnso-irtp-b-jun09@xxxxxxxxx> List" <gnso-irtp-b-jun09@xxxxxxxxx>
  • Subject: [gnso-irtp-b-jun09] more on identity theft case
  • From: "Diaz, Paul" <pdiaz@xxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 6 Oct 2010 15:31:16 -0400

Some more data to think about


Another Domain Theft: UDRP On Prince.com Filed With Owner Alleging The Domain 
Was Stolen (TheDomains.com, 100510)
http://www.thedomains.com/2010/10/05/another-domain-theft-udrp-on-prince-com-filed-with-owner-alleging-the-domain-was-stolen/
 

The former owner of the domain name Prince.com, Andrew Prince has filed a UDRP 
on the domain, claiming the domain which was sold by Mediaoptions.com for 
$235,000 in August was stolen.

The domain is currently at Moniker.com showing the buyers whois info but is 
locked by the registry so the respondent of the UDRP (as it is referred to 
below)  is Moniker.com

This follows on the story of Chris Hartnett who was the victim of identity 
theft we wrote about yesterday.

Matter of fact in his telling of his story Dr. Hartnett mentioned that he was 
contacted in reference to this exact domain Prince.com:

“A few weeks ago John Mauriello from SnapNames/Moniker called me to  see why I 
hadn’t paid an invoice for $35,000.

“For what I asked?”

“He said because I had sold the domain, Prince.com privately but I signed a 90 
day exclusive with Moniker and the domain was in the August Showcase auction.”

“I told him I never owned that domain name.”

“This person put the domain up for auction using my name”

The story regarding Prince.com, as far as I have been able to piece it together 
from the information I already have from Dr. Hartnett, and the claims of Andrew 
Prince from his UDRP is that around the beginning of April 2010 the domain name 
was stolen.

The domain was submitted to the SnapNames.com monthly showcase auction for 
August.  As part of submitting the domain to the SnapNames.com auction the 
domain was transferred into Moniker.com and as part of that process Moniker got 
a 90 day exclusive contract to sell the domain.

The reserve in the SnapNames.com auction was in excess of $350K.

The domain did not sell.

Shortly thereafter MediaOptions.com was retained to sell the domain and 
completed a sale sometime after the showcase auction ended but still in August 
for $235,000.

The original owner of the domain Andrew Prince is claming that the domain was 
stolen and sold without his permission and he did not not get any of the 
purchase price.

The buyer who paid $235,000 is now showing as the owner of the domain on the 
whois, but the domain is locked at the registry and not in the buyers control.

>From the Complaint this is what Andrew Prince had to say about this domain:

“On April 4, 2010 the  Registrar had changed.”

“That transfer at the beginning of April this year was undertaken without my 
knowledge or  consent.”

“I have at no time had any contact with the Respondent or anyone acting for 
them. ”

“The only information that I have on the transfer is what I have been told by 
Claranet Limited  the hosting company and the Technical contact for the Domain 
Name while it was in my  name. In a telephone conversation on September 28, 
2010 with Ian Davis, a team leader at  Claranet I was informed that they 
received an email on March 24, 2010 from “Andrew  Prince” using the account 
NOC1@xxxxxxxxxxxxxxx purporting to come from me and  requesting the transfer. 
The following day the sender of that email provided Claranet with the  first 
and last letters of my password and that on March 30, 2010 they transferred the 
Domain  Name.”

“I confirm that I have never contacted Claranet with  a view to arranging 
transfer of the Domain Name, nor have I instructed anyone to contact  them on 
my behalf. The Domain Name has been stolen from me.”

“I do not begin to understand what has happened.  I have never sought to sell 
the Domain Name to anyone. From the sums of  money mentioned, it is apparent 
that the Domain Name has a very high value. It is  inconceivable that anyone 
would be paying that sum of money for an asset without checking  very carefully 
the chain of title to that asset. In the UK if one purchases, a car which has 
been  stolen one does not obtain title to the car. The responsibility is on the 
purchaser and any  intervening dealers to conduct proper checks. With an asset 
said to be worth over half a  million dollars it would be crass not to conduct 
in depth investigations. Failure to do so is  strongly indicative, I suggest, 
that those involved in the theft and subsequent dealings in the  Domain Name 
were aware either that the Domain Name had been stolen or was likely to have
been stolen.”

The purpose of this Complaint is simply to recover my stolen property. I 
reported the theft to  the Police on September 27, 2010.

“The Domain Name is confusingly similar to my registered UK trade mark no. 
2123377,  PRINCE (word and device) dated February 11, 1997 in classes 41 and 
42. Details of my trade
mark registration taken from the database of the United Kingdom Intellectual 
Property office  are at Annex 6. The mark comprises the word ‘PRINCE” and the 
device of a frog, the former  being the more prominent. The mark is held in the 
joint names of my wife and myself. At  Annex 7 is a communication from my wife 
confirming that she supports this complaint and  agrees that, if the Complaint 
is successful, the Domain Name should be transferred into my  name, as before.”

“Self-evidently, the Respondent has no rights or legitimate interests to the 
Domain Name. The Respondent stole it. It is currently in use merely to resolve 
to the Google UK homepage.”

“I  respectfully request the Panel to interrogate the Respondent and the 
underlying registrant and  anyone else involved as to (a) precisely how and 
when and by whom the relevant transfers  were effected and (b) what title 
checks were conducted to verify the title to this asset valued  by the 
Respondent at over half a million dollars. ”

“Self-evidently, again, the Domain Name has been acquired by the Respondent in 
bad faith  and while I can have no idea what plans the Respondent has for the 
Domain Name it is fair to  assume that the planned use is abusive. No use of a 
stolen name can be anything other than  abusive. Currently, if one enters the 
URL www.prince.com into the browser it resolves to the  Google UK homepage. I 
assume, but do not know that the Respondent is rewarded in some  way by Google.”

“Indeed I contend that any use of a stolen domain name must constitute an 
abusive  use.”

A few observations:

First of all I’m not sure if a UDRP is a proper venue for such a claim, that is 
the return of a stolen domain name that seems to have been bought by an 
innocent third party.  Maybe one of the lawyers that frequently comment on this 
blog can address that issue.

Second there is a LOT of time from the beginning of April when Mr. Prince says 
the domain was stolen until late September  when this complaint was filed.

Moniker.com/SnapNames.com typically publicizes its showcase auctions pretty 
heavily and Prince.com was one of the stars of the auction.

One would hope if they owned as Mr. Prince says a domain worth over a half of 
million dollars, you would catch some news of the auction of the domain.

Thirdly based on the brief connection with Mr. Hartnett as decribed above, I 
would have to assume the same person that hacked into Hartnett computer, and 
took his identity and domains, is the same person involved here.

Therefore this would be a second victim of the same thief.


-----Original Message-----
From: owner-gnso-irtp-b-jun09@xxxxxxxxx 
[mailto:owner-gnso-irtp-b-jun09@xxxxxxxxx] On Behalf Of Diaz, Paul
Sent: Monday, October 04, 2010 4:29 PM
To: <Gnso-irtp-b-jun09@xxxxxxxxx> List
Subject: [gnso-irtp-b-jun09] Identity theft case


FYI

ALERT: Identity Theft Hits NameJet (TheDomains.com, 100410)
http://www.thedomains.com/2010/10/04/alert-identity-theft-hits-namejet-dr-chris-hartnett-it-can-happen-to-you/
  

This is some pretty scary stuff.

REALLY SCARY stuff and its happening to domainers

Identity theft, impersonation, and if one victim is correct, there is a thief 
among us, someone with a lot of knowledge about the domain industry, how the 
business works, who the players are.

Dr. Chris Hartnett is here to warn you.

Dr. Chris Hartnett, is no ordinary domainer.

Dr. Chris is  a member of the Domain Hall Of Fame, and was the subject of A 
Cover Story by Ron Jackson’s DnJournal.com back in June 2008.

This week he was the victim of identity theft at NameJet.com.

Here the REALLY scary part:

Dr. Chris says It hasn’t been the first time.

He thinks he was targeted because he is in the domain business.

and he is warning it could happen to you.

Let's review what we know.

On the morning of September 30th I got three separate emails from three 
separate people that watch the NameJet.com auctions all letting me know that 
several domains had been put back into auction due to a non payment with the 
bidder ID: bidder9999, which these domainers associated with Dr. Chris.

The domains effected included Solars.com which “sold” for $6,100 on September 
21, TradeWire.com which “sold” for $4,600 and W3W.com which sold for $3,200 on 
September 23rd.

These weren’t the only domains “won” by that bidder ID, but these totaled 
almost $15K in bids alone.

The emails I received from the concerned domainers all suggested the same thing.

Dr. Chris  “used to have money” what happened to him that he can’t pay for his 
auctions.

In the business world about all you have is your reputation so I immediately 
wrote to Dr. Chris and the GM of NameJet.

Here’s the bottom line

Someone set up an account at NameJet.com in Chris Hartnett’s name, furnishing 
NameJet.com with a North Carolina’s drivers license, with Dr. Chris’s home 
address but with a different picture.

This person then put in stolen credit card numbers into Namejet.com system to 
pay for his purchases.

Some of the purchases went through, and the domains we transferred to the fake 
Dr. Chris Harnett account so that the whois of these domains now reflect the 
owner to be “Hartnett, Chris”.

Other domains won by auction under this bidder id were not paid for, some where 
over the credit card limit of $5K set by NameJet.com, like Solars.com.

Namejet.com has had a policy since its inception that any auction ending in $5K 
or more had to be paid by wire transfer.

Other NameJet.com bidders were pushed up by the bids placed by fake Chris 
bidding account in some cases by increasing their bids by thousands of dollars.

At this point Namejet.com recognizes that the fake Chris account is just that, 
a fake account set up with fake Id and stolen credit cards.

NameJet.com will be commenting on this story later sometime today and I will 
let them figure out how they are going to handle the effected bidders.

Back to the REALLY scary part:

This is not an isolated instance.

This is one of several identity fraud situations Dr. Chris has faced over the 
last few months, including the loss of a few of his domains (still unretrieved).

In Dr. Chris own words, he details what has happened to him:

“So far  over the last 6 months they have hacked into several registrar 
accounts where my domains are kept.”

“The hacker put a Key Logger on one of my computers that watched every word I 
typed.”

“Then  he got into all my email accounts (5) and changed the forward to his 
hotmail email address  and when I was in one of the accounts just  as they were 
changing the email forward address they knew then that I was on to them.”

“So within minutes I received an email stating that they “owned me” knew where 
I lived and they  had control of my life. They said if I wanted them to leave 
me alone I had to transfer these 3 major domain names I own to them within 24 
hours.”

“I was in Vancouver at the time and the head of security at a major registrar 
told me I couldn’t get back into my account because I wasn’t Chris Hartnett. He 
said that he had talked to Chris Hartnett a number of times over the last few 
weeks and I wasn’t him. He said he had a photo copy of Chris Hartnett’s  North 
Carolina drivers license in  hand. I said, “really” how old is Chris Hartnett? 
He said, “37″. I told him I was 56 at the time and asked him for his email 
address and I took a picture of my drivers license and  my passport and emailed 
it to him with another  picture of me while I was on the phone.”

“I told him to Google me and see if I am 37 or 56 and gave him my hotel phone 
number in Vancouver to call me back through the switch board. He called back 
and apologized and put a hold on my entire account and 15K domains.”

“There were 380 of my best domains scheduled to be transferred out within the 
next few days. I lost 3 domains in the process, the rest were saved.  By the 
time I figured what was gone, all three were flipped and purchased at auction 
or sold privately for pennies on the dollar within days.”

“The hacker sent me an email calling me “a stupid asshole” for not checking my 
accounts in over three weeks. He probably had a point but I wouldn’t have put 
it that way.”

“I had a old employee of mine who could hack into anything on earth spend the 
next three days getting my life back for me. He told me that this crook was 
very very good and he had also loaded three, not one but three Key Loggers on 
my computer and he knew every word that I typed, probably for months.”

“This crook is obviously a domainer because he is all over our space.”

“Last week a got a letter from a guy who wanted a domain name I owned. It 
turned out I didn’t own it but the domain was using my whois info with a 
different email address but my home address here at heavenly mountain.”

“These guys are slick.”

“Let’s say they somehow get a key logger onto one of your computers. (very easy 
to do.) They quietly watch what you are doing.”

They see you log into one of your domain accounts by watching every keystoke 
you make over a few weeks. ”

Now they can hack into your domain account when you aren’t looking. Quietly 
over a few weeks or months they go into your account and they look at all your 
domains.”

They pick some good ones but not great ones that you wouldn’t instantly miss 
and steal some of the good ones.”

They transfer those names out quietly and they change the email forwarding 
address on your account long enough so that they get the transfer notice and 
not you. They then switch the forwarding email back to you as soon as the 
notice comes from your registrar saying that you have transferred out a name or 
changed the email address or something like that. Now they have got your name 
and you may not notice that it is even missing from the account (which is what 
happened to me).”

“They change the whois info on your stolen name to my name and address (Chris 
Hartnett’s) and open an auction account, put up a valid yet stolen credit card 
on that new account and they start auctioning off names for a few hours or 
days. Eventually they sell something and take the money and run.”

“This guy probably figures that he can’t get cash or gems or gold on the 
internet but if he targets a domainer and gets control of his accounts, he can 
transfer out domains, put them up for quick auction, get the cash out that way.”

He also is using my name when he wants to auction off an important domain 
because he figures it is believable that I would own such a name.”

“A few weeks ago John Mauriello from SnapNames/Moniker called me to see why I 
hadn’t paid an invoice for $35,000.

“For what I asked?”

“He said because I had sold the domain, Prince.com privately but I signed a 90 
day exclusive with Moniker and the domain was in the August Showcase auction.”

“I told him I never owned that domain name.”

“This person put the domain up for auction using my name”

“John apologized for the mistake”

“Bottom-line. There is a very very very smart thief amongst us and we should 
all beware.”

Thanks to Dr. Chris for bravely telling his story.

As domainers we are particular in danger of identity theft.

We have a LOT more at stake than most people, assets that are protected only by 
log in access to registrars accounts and those other companies in the domain 
space.

So we have someone or a group of people who are pretty brazen.

Fake Id’s

Stolen credit cards

and I have been told by mulitple parties he has no problem getting on the phone 
to assert that he is the person he is pretending to be.

Scary

Be careful out there.



<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy