RE: [gnso-irtp-pdp-jun08] Domain Name "Hijacking" and transfer disputes: How Common?

["James M. Bladel" <jbladel@xxxxxxxxxxx>]

<html><body><span style="color: rgb(0, 0, 0);"><font size="2"><span 
style="font-family: verdana,geneva;">Additional information from our Fraud / 
Dispute teams:<br><br>The "vast majority" (sorry, can't release exact figures 
or percentages) of disputed transfers involved compromised email 
accounts.&nbsp; Typically, this is a free accounts (Gmail, Yahoo, Hotmail, 
etc.)<br><br>We base this conclusion if, during the course of an investigation, 
we note that there are often automated Change of Password activities on the 
account prior to the disputed transfer, meaning the likely sequence was 
(a)email account compromised, (b) password reset, and (c) fraudulent transfer 
attempted.<br><br>In any event, it is becoming clear that for any real or 
potential chain of approval for transfers, email remains the weakest 
link.<br><br>Thanks--<br><br>J.&nbsp;<br><br></span></font></span><br>
<blockquote webmail="1" style="border-left: 2px solid blue; margin-left: 8px; 
padding-left: 8px;">
-------- Original Message --------<br>
Subject: [gnso-irtp-pdp-jun08] Domain Name "Hijacking" and transfer<br>
disputes: How Common?<br>
From: "James M. Bladel" &lt;jbladel@xxxxxxxxxxx&gt;<br>
Date: Wed, August 13, 2008 1:04 pm<br>
To: "IRTP-A " &lt;Gnso-irtp-pdp-jun08@xxxxxxxxx&gt;<br>
<br>
 <font color="#000000"><font size="2"><font 
face="verdana,geneva"><br></font></font></font>Colleagues:<br><br><br>During 
yesterday's call I was tasked with gathering some data on the frequency of this 
issue, and the prevalence of (alleged) domain name "hijacking."&nbsp; Barbara 
mentioned that Verisign has addressed approximately 250 incidents since the 
IRTP was adopted in 2004, but I would submit that this figure represents only 
those cases in which the Registrars involved have failed to reach an accord, so 
they involve the Registry and/or file a TDRP.<br><br>For example, our Domain 
Services team has the equivalent of 1-2 full-time employees dedicated to work 
on this specific issue.&nbsp; Since January 2008, this team has received over 
1000 claims of domain name "hijacking," and has taken action to restore the 
original registrant in 533 of these cases, and upheld the transfer in another 
504.&nbsp;&nbsp; On average, the investigation of each claim takes 5-10 
business days.<br><br>Some of these incidents are internal (e.g. Change of 
Registrant) transfers, versus inbound transfers from other registrars.&nbsp; I 
apologize that I do not have the exact breakdown of each type.&nbsp; But it 
should be noted that AuthInfo keys are only involved in the latter 
case.<br><br>The bottom line is that the prevention and remediation of domain 
name "hijacking" is a significant operational burden for registrars, and the 
figure reported by Verisign is just the tip of the iceberg.&nbsp; We should 
consider this in our discussions of Question II, as it pertains to security 
concerns.&nbsp; Of course, the loss of even a single domain name through 
"hijacking" can be personally and financially disruptive to a registrant, and 
involve a significant liability potential for the affected 
registrar.<br><br>Thanks--<br><br>J. 
</blockquote></body></html>