ICANN/DNSO
DNSO Mailling lists archives

[ga-full]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] RE: How to steal a domain name.....



This has been a known vulnerability for some time, and is just one more reason to emphasise to Registrants the necessity of having up-to-date WHOIS data.

-- 
Alex Kells
Hostmaster & Customer Services Manager, Frontier Internet Services Ltd
Tel: 029 2082 0073 Fax: 029 2082 0035 http://www.frontier.net.uk
Statements made are at all times subject to Frontier's Terms and 
Conditions of Business, which are available upon request.

-----Original Message-----
From: George Kirikos [mailto:gkirikos@yahoo.com]
Sent: 05 November 2002 08:55
To: ga@dnso.org; discuss-list@opensrs.org
Cc: cgomes@verisign.com; touton@icann.org
Subject: How to steal a domain name.....


Hello,

Today's lesson is on how to steal a domain name.....

Step 1. Find a high value domain name with an invalid administrative
email address, preferably one that is not actively being used so that
it won't be noticed.

Example: nigger.com, nigger.net, nigger.org (owned by NAACP)

Step 2. Note in the WHOIS that the admin email is thawley@BAWAVE.COM,
which until yesterday was on a domain (BAWAVE.com) that had long
expired and been deleted.

Step 3. Register the aforesaid domain name in Step #2. Oh my, some
folks have caught on, as you can see the WHOIS for BAWAVE.com, freshly
registered yesterday:

Registrant:
  Nigger Inc spring888@hotmail.com +62.3189598
  Hendra Gunawan
  JL. Bengawan 56
  Surabaya,Jawa Timur,Indonesia 60000

Domain Name:bawave.com 
Record last updated at 2002-11-04 20:31:57
Record created on 2002/11/4

Step 3a: Ideally, make the registrant in step 3 very obscure, like in a
far away land. ;)

Step 4: Activate the domain in Step #3 so that email is working, namely
the email address in Step 2.

Step 5: Initiate a transfer request, and accept using the email in step
4.

Step 6: Enjoy

Given the NAACP's inability to fix the problem (I emailed them about
this months ago), I acquired a SnapBack, in case someone tried to take
the name. I imagine now that the process is unveiled, someone at
Verisign (Chuck?) or at ICANN will do something.....(maybe someone in
Washington, DC can give the NAACP a call, or something....

Since we're now potentially at Step 5, the time to act is now, guys and
gals...

Your kind Samaritan,

George Kirikos
http://www.kirikos.com/

__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html



<<< Chronological Index >>>    <<< Thread Index >>>