It happened in December of 2007. A designer named David Airey was on a much needed vacation from work, computers, and the technical life. His relaxing vacation soon became one of stress and worry when he was notified by friends that his domain name was forwarding to another site. As David investigated, he quickly,realized that his domain name (www.davidairey.com) had been hijacked. When David contacted the perpetrator to recover the name, he was asked what he was willing to pay to get it back. The hijacker was holding David’s domain for “ransom” and wanted the highest dollar value he could get to return it.
In David Airey’s case, as in many others, a part of his livelihood was stolen. At the time of the hijacking, David’s website was receiving 2,000 daily unique hits, which was responsible for a large portion of David’s income from his logo design business. When his domain name was hijacked, he literally lost not only his storefront, but all of his potential customers and resulting revenue as well.
This isn’t the first story of domain name hijacking, and it won’t be the last. Domain Hijacking, also known as domain theft, occurs when a domain name is illegally stolen from the rightful owner, often times using identity theft, allowing the hijacker to change the domain name registration info and transfer it to themselves.
The most highly publicized cases of domain hijacking include high valued domain names, such as the well-known sex.com case. Instances of domain hijacking are not limited to just high valued domain names though, as demonstrated in David’s case, nor are they hijacked only for extortion purposes.
As domain names increase in value, they become greater targets for theft, putting domain owners in greater danger.
According to ICANN, “if domain hijacking for extortion or resale becomes as lucrative a criminal activity as identity theft, fraudulent transfer requests will increase significantly.” The good news is that there are steps you can take to prevent your domains from possible hijacking.
So what can a person do to protect their domains?
The way to avoid a potential hijacking disaster is by using simple, common sense practices that every internet user (especially one who conducts any kind of business online) should already be following:
By following these steps, you will greatly reduce the likelihood that your domain names will be hijacked.
In the event that your name is hijacked, there are two companies you should contact immediately:
Explain to each company that your domain was hijacked and find out what they can do to help recover the domain. If the name transfer process is not complete, your Registrar may be able to use UNDO procedures. If the transfer is complete, ICANN has a TDRP (transfer dispute resolution policy) available for Registrars to dispute transfers. If your domain name is part of a trademark, you can file a UDRP arbitration with ICANN. It’s important to note that neither of these channels are a quick fix, with decisions taking 2 months or more. Additionally, the process can be costly, with UDRP cases costing approximately $2,000.
If you’ve exhausted your options with your Registrar, you may want to pursue legal action against the hijacker or the third party who purchased the domain from the hijacker.
In pursuing legal action, it’s important to look for a lawyer with a background in domain name legal issues. Legal action can be difficult though as U.S. courts have not set any real precedence concerning jurisdiction over domain names. It becomes even more difficult if the new Registrant or Registrar are outside the United States. Until legislation sets some guidelines, or the court system sets a clear precedence, hijackings are going to be difficult and costly (often more than the value of the domain itself) to fight.
What this all boils down to is prevention. While the cheapest and most sure way of getting a hijacked name back may be to simply pay the ransom, you can take many steps to safeguard your domain names and prevent a hijacking from occurring in the first place.