[gnso-irtp-b-jun09] more on identity theft case
Some more data to think about Another Domain Theft: UDRP On Prince.com Filed With Owner Alleging The Domain Was Stolen (TheDomains.com, 100510) http://www.thedomains.com/2010/10/05/another-domain-theft-udrp-on-prince-com-filed-with-owner-alleging-the-domain-was-stolen/ The former owner of the domain name Prince.com, Andrew Prince has filed a UDRP on the domain, claiming the domain which was sold by Mediaoptions.com for $235,000 in August was stolen. The domain is currently at Moniker.com showing the buyers whois info but is locked by the registry so the respondent of the UDRP (as it is referred to below) is Moniker.com This follows on the story of Chris Hartnett who was the victim of identity theft we wrote about yesterday. Matter of fact in his telling of his story Dr. Hartnett mentioned that he was contacted in reference to this exact domain Prince.com: “A few weeks ago John Mauriello from SnapNames/Moniker called me to see why I hadn’t paid an invoice for $35,000. “For what I asked?” “He said because I had sold the domain, Prince.com privately but I signed a 90 day exclusive with Moniker and the domain was in the August Showcase auction.” “I told him I never owned that domain name.” “This person put the domain up for auction using my name” The story regarding Prince.com, as far as I have been able to piece it together from the information I already have from Dr. Hartnett, and the claims of Andrew Prince from his UDRP is that around the beginning of April 2010 the domain name was stolen. The domain was submitted to the SnapNames.com monthly showcase auction for August. As part of submitting the domain to the SnapNames.com auction the domain was transferred into Moniker.com and as part of that process Moniker got a 90 day exclusive contract to sell the domain. The reserve in the SnapNames.com auction was in excess of $350K. The domain did not sell. Shortly thereafter MediaOptions.com was retained to sell the domain and completed a sale sometime after the showcase auction ended but still in August for $235,000. The original owner of the domain Andrew Prince is claming that the domain was stolen and sold without his permission and he did not not get any of the purchase price. The buyer who paid $235,000 is now showing as the owner of the domain on the whois, but the domain is locked at the registry and not in the buyers control. >From the Complaint this is what Andrew Prince had to say about this domain: “On April 4, 2010 the Registrar had changed.” “That transfer at the beginning of April this year was undertaken without my knowledge or consent.” “I have at no time had any contact with the Respondent or anyone acting for them. ” “The only information that I have on the transfer is what I have been told by Claranet Limited the hosting company and the Technical contact for the Domain Name while it was in my name. In a telephone conversation on September 28, 2010 with Ian Davis, a team leader at Claranet I was informed that they received an email on March 24, 2010 from “Andrew Prince” using the account NOC1@xxxxxxxxxxxxxxx purporting to come from me and requesting the transfer. The following day the sender of that email provided Claranet with the first and last letters of my password and that on March 30, 2010 they transferred the Domain Name.” “I confirm that I have never contacted Claranet with a view to arranging transfer of the Domain Name, nor have I instructed anyone to contact them on my behalf. The Domain Name has been stolen from me.” “I do not begin to understand what has happened. I have never sought to sell the Domain Name to anyone. From the sums of money mentioned, it is apparent that the Domain Name has a very high value. It is inconceivable that anyone would be paying that sum of money for an asset without checking very carefully the chain of title to that asset. In the UK if one purchases, a car which has been stolen one does not obtain title to the car. The responsibility is on the purchaser and any intervening dealers to conduct proper checks. With an asset said to be worth over half a million dollars it would be crass not to conduct in depth investigations. Failure to do so is strongly indicative, I suggest, that those involved in the theft and subsequent dealings in the Domain Name were aware either that the Domain Name had been stolen or was likely to have been stolen.” The purpose of this Complaint is simply to recover my stolen property. I reported the theft to the Police on September 27, 2010. “The Domain Name is confusingly similar to my registered UK trade mark no. 2123377, PRINCE (word and device) dated February 11, 1997 in classes 41 and 42. Details of my trade mark registration taken from the database of the United Kingdom Intellectual Property office are at Annex 6. The mark comprises the word ‘PRINCE” and the device of a frog, the former being the more prominent. The mark is held in the joint names of my wife and myself. At Annex 7 is a communication from my wife confirming that she supports this complaint and agrees that, if the Complaint is successful, the Domain Name should be transferred into my name, as before.” “Self-evidently, the Respondent has no rights or legitimate interests to the Domain Name. The Respondent stole it. It is currently in use merely to resolve to the Google UK homepage.” “I respectfully request the Panel to interrogate the Respondent and the underlying registrant and anyone else involved as to (a) precisely how and when and by whom the relevant transfers were effected and (b) what title checks were conducted to verify the title to this asset valued by the Respondent at over half a million dollars. ” “Self-evidently, again, the Domain Name has been acquired by the Respondent in bad faith and while I can have no idea what plans the Respondent has for the Domain Name it is fair to assume that the planned use is abusive. No use of a stolen name can be anything other than abusive. Currently, if one enters the URL www.prince.com into the browser it resolves to the Google UK homepage. I assume, but do not know that the Respondent is rewarded in some way by Google.” “Indeed I contend that any use of a stolen domain name must constitute an abusive use.” A few observations: First of all I’m not sure if a UDRP is a proper venue for such a claim, that is the return of a stolen domain name that seems to have been bought by an innocent third party. Maybe one of the lawyers that frequently comment on this blog can address that issue. Second there is a LOT of time from the beginning of April when Mr. Prince says the domain was stolen until late September when this complaint was filed. Moniker.com/SnapNames.com typically publicizes its showcase auctions pretty heavily and Prince.com was one of the stars of the auction. One would hope if they owned as Mr. Prince says a domain worth over a half of million dollars, you would catch some news of the auction of the domain. Thirdly based on the brief connection with Mr. Hartnett as decribed above, I would have to assume the same person that hacked into Hartnett computer, and took his identity and domains, is the same person involved here. Therefore this would be a second victim of the same thief. -----Original Message----- From: owner-gnso-irtp-b-jun09@xxxxxxxxx [mailto:owner-gnso-irtp-b-jun09@xxxxxxxxx] On Behalf Of Diaz, Paul Sent: Monday, October 04, 2010 4:29 PM To: <Gnso-irtp-b-jun09@xxxxxxxxx> List Subject: [gnso-irtp-b-jun09] Identity theft case FYI ALERT: Identity Theft Hits NameJet (TheDomains.com, 100410) http://www.thedomains.com/2010/10/04/alert-identity-theft-hits-namejet-dr-chris-hartnett-it-can-happen-to-you/ This is some pretty scary stuff. REALLY SCARY stuff and its happening to domainers Identity theft, impersonation, and if one victim is correct, there is a thief among us, someone with a lot of knowledge about the domain industry, how the business works, who the players are. Dr. Chris Hartnett is here to warn you. Dr. Chris Hartnett, is no ordinary domainer. Dr. Chris is a member of the Domain Hall Of Fame, and was the subject of A Cover Story by Ron Jackson’s DnJournal.com back in June 2008. This week he was the victim of identity theft at NameJet.com. Here the REALLY scary part: Dr. Chris says It hasn’t been the first time. He thinks he was targeted because he is in the domain business. and he is warning it could happen to you. Let's review what we know. On the morning of September 30th I got three separate emails from three separate people that watch the NameJet.com auctions all letting me know that several domains had been put back into auction due to a non payment with the bidder ID: bidder9999, which these domainers associated with Dr. Chris. The domains effected included Solars.com which “sold” for $6,100 on September 21, TradeWire.com which “sold” for $4,600 and W3W.com which sold for $3,200 on September 23rd. These weren’t the only domains “won” by that bidder ID, but these totaled almost $15K in bids alone. The emails I received from the concerned domainers all suggested the same thing. Dr. Chris “used to have money” what happened to him that he can’t pay for his auctions. In the business world about all you have is your reputation so I immediately wrote to Dr. Chris and the GM of NameJet. Here’s the bottom line Someone set up an account at NameJet.com in Chris Hartnett’s name, furnishing NameJet.com with a North Carolina’s drivers license, with Dr. Chris’s home address but with a different picture. This person then put in stolen credit card numbers into Namejet.com system to pay for his purchases. Some of the purchases went through, and the domains we transferred to the fake Dr. Chris Harnett account so that the whois of these domains now reflect the owner to be “Hartnett, Chris”. Other domains won by auction under this bidder id were not paid for, some where over the credit card limit of $5K set by NameJet.com, like Solars.com. Namejet.com has had a policy since its inception that any auction ending in $5K or more had to be paid by wire transfer. Other NameJet.com bidders were pushed up by the bids placed by fake Chris bidding account in some cases by increasing their bids by thousands of dollars. At this point Namejet.com recognizes that the fake Chris account is just that, a fake account set up with fake Id and stolen credit cards. NameJet.com will be commenting on this story later sometime today and I will let them figure out how they are going to handle the effected bidders. Back to the REALLY scary part: This is not an isolated instance. This is one of several identity fraud situations Dr. Chris has faced over the last few months, including the loss of a few of his domains (still unretrieved). In Dr. Chris own words, he details what has happened to him: “So far over the last 6 months they have hacked into several registrar accounts where my domains are kept.” “The hacker put a Key Logger on one of my computers that watched every word I typed.” “Then he got into all my email accounts (5) and changed the forward to his hotmail email address and when I was in one of the accounts just as they were changing the email forward address they knew then that I was on to them.” “So within minutes I received an email stating that they “owned me” knew where I lived and they had control of my life. They said if I wanted them to leave me alone I had to transfer these 3 major domain names I own to them within 24 hours.” “I was in Vancouver at the time and the head of security at a major registrar told me I couldn’t get back into my account because I wasn’t Chris Hartnett. He said that he had talked to Chris Hartnett a number of times over the last few weeks and I wasn’t him. He said he had a photo copy of Chris Hartnett’s North Carolina drivers license in hand. I said, “really” how old is Chris Hartnett? He said, “37″. I told him I was 56 at the time and asked him for his email address and I took a picture of my drivers license and my passport and emailed it to him with another picture of me while I was on the phone.” “I told him to Google me and see if I am 37 or 56 and gave him my hotel phone number in Vancouver to call me back through the switch board. He called back and apologized and put a hold on my entire account and 15K domains.” “There were 380 of my best domains scheduled to be transferred out within the next few days. I lost 3 domains in the process, the rest were saved. By the time I figured what was gone, all three were flipped and purchased at auction or sold privately for pennies on the dollar within days.” “The hacker sent me an email calling me “a stupid asshole” for not checking my accounts in over three weeks. He probably had a point but I wouldn’t have put it that way.” “I had a old employee of mine who could hack into anything on earth spend the next three days getting my life back for me. He told me that this crook was very very good and he had also loaded three, not one but three Key Loggers on my computer and he knew every word that I typed, probably for months.” “This crook is obviously a domainer because he is all over our space.” “Last week a got a letter from a guy who wanted a domain name I owned. It turned out I didn’t own it but the domain was using my whois info with a different email address but my home address here at heavenly mountain.” “These guys are slick.” “Let’s say they somehow get a key logger onto one of your computers. (very easy to do.) They quietly watch what you are doing.” They see you log into one of your domain accounts by watching every keystoke you make over a few weeks. ” Now they can hack into your domain account when you aren’t looking. Quietly over a few weeks or months they go into your account and they look at all your domains.” They pick some good ones but not great ones that you wouldn’t instantly miss and steal some of the good ones.” They transfer those names out quietly and they change the email forwarding address on your account long enough so that they get the transfer notice and not you. They then switch the forwarding email back to you as soon as the notice comes from your registrar saying that you have transferred out a name or changed the email address or something like that. Now they have got your name and you may not notice that it is even missing from the account (which is what happened to me).” “They change the whois info on your stolen name to my name and address (Chris Hartnett’s) and open an auction account, put up a valid yet stolen credit card on that new account and they start auctioning off names for a few hours or days. Eventually they sell something and take the money and run.” “This guy probably figures that he can’t get cash or gems or gold on the internet but if he targets a domainer and gets control of his accounts, he can transfer out domains, put them up for quick auction, get the cash out that way.” He also is using my name when he wants to auction off an important domain because he figures it is believable that I would own such a name.” “A few weeks ago John Mauriello from SnapNames/Moniker called me to see why I hadn’t paid an invoice for $35,000. “For what I asked?” “He said because I had sold the domain, Prince.com privately but I signed a 90 day exclusive with Moniker and the domain was in the August Showcase auction.” “I told him I never owned that domain name.” “This person put the domain up for auction using my name” “John apologized for the mistake” “Bottom-line. There is a very very very smart thief amongst us and we should all beware.” Thanks to Dr. Chris for bravely telling his story. As domainers we are particular in danger of identity theft. We have a LOT more at stake than most people, assets that are protected only by log in access to registrars accounts and those other companies in the domain space. So we have someone or a group of people who are pretty brazen. Fake Id’s Stolen credit cards and I have been told by mulitple parties he has no problem getting on the phone to assert that he is the person he is pretending to be. Scary Be careful out there.