It happened in December of 2007. A designer named David Airey was on a much needed vacation from work, computers, and the technical life. His relaxing vacation soon became one of stress and worry when he was notified by friends that his domain name was forwarding to another site. As David investigated, he quickly,realized that his domain name (www.davidairey.com) had been hijacked. When David contacted the perpetrator to recover the name, he was asked what he was willing to pay to get it back. The hijacker was holding David’s domain for “ransom” and wanted the highest dollar value he could get to return it.
In David Airey’s case, as in many others, a part of his livelihood was stolen. At the time of the hijacking, David’s website was receiving 2,000 daily unique hits, which was responsible for a large portion of David’s income from his logo design business. When his domain name was hijacked, he literally lost not only his storefront, but all of his potential customers and resulting revenue as well.
This isn’t the first story of domain name hijacking, and it won’t be the last. Domain Hijacking, also known as domain theft, occurs when a domain name is illegally stolen from the rightful owner, often times using identity theft, allowing the hijacker to change the domain name registration info and transfer it to themselves.
The most highly publicized cases of domain hijacking include high valued domain names, such as the well-known sex.com case. Instances of domain hijacking are not limited to just high valued domain names though, as demonstrated in David’s case, nor are they hijacked only for extortion purposes.
Threats of Domain Hijacking
As domain names increase in value, they become greater targets for theft, putting domain owners in greater danger.
- Extortion: A large percentage of domain hijackings are done simply to extort money from the rightful owner. As in David’s case above, the hijacker was willing to give the domain back for an exorbitant fee. br>
- Resale: Popular domain names can draw tens of thousands of visitors per day, making it extremely attractive to potential buyers. In some instances, domain names have been hijacked and sold before the rightful owner was able to do anything about it. br>
- Brand Tarnishment: Some domain names have been hijacked for the sole purpose of embarrassing the rightful owner. For instance, companies with disgruntled customers or shady competitors. br>
- Monetary Theft: In some instances, particularly with websites that deal with money, such as online merchants, banks, and financial institutions, a domain hijacker can collect user accounts, passwords, etc and use these to withdraw or transfer funds. br>
- Business Interruption: While it’s easy to see how the business interruption resulting from a hijacked domain could cause significant monetary loss to a large corporation, it’s important to realize that this is also a threat to small and medium sized businesses as well. As demonstrated in David’s case, his small logo design business was his livelihood and when his domain was hijacked, he lost his source of income. br>
- Identity Theft: A domain hijacker often has already partially stolen an identity in order to hijack the name in the first place. However, once hijacked, they gain the ability to re-route email, eavesdrop, collect personal information, or impersonate you online.
According to ICANN, “if domain hijacking for extortion or resale becomes as lucrative a criminal activity as identity theft, fraudulent transfer requests will increase significantly.” The good news is that there are steps you can take to prevent your domains from possible hijacking.
Protecting Your Domains
So what can a person do to protect their domains?
The way to avoid a potential hijacking disaster is by using simple, common sense practices that every internet user (especially one who conducts any kind of business online) should already be following:
- Choose your Registrar wisely: Register your name with a reputable ICANN-approved Registrar. While you may find a “too good to be true” registration price elsewhere, it often really is too good to be true. A reputable company will take the proper steps to protect your name from being hijacked and will help you recover your name if it does get hijacked. When looking for a Registrar, choose one that offers domain “locking” and sends a transfer confirmation email prior to transferring a domain name. br>
- Consider private registration: When you opt for private domain name registration, your contact information will be hidden in the WHOIS database, giving you added protection against potential domain hijackers and identity thieves. br>
- Stay up to date: Most hijackings occur when a perpetrator gets access to the victim’s email account. You can’t expect your Registrar to know when your contact information changes. If you move offices, switch phone numbers, or change your email address, immediately update your domain name records also. It’s a good idea to review your Registrant information on an annual basis as well. br>
- Stay locked up: Contact your Registrar and request that your domain name be ” locked ”, which prevents a hijacker from transferring the name to another Registrar. This free service offers you an extra layer of protection. br>
- Update your passwords: Create secure passwords and update them on a regular basis. Long, complicated, alpha-numeric passwords are hard to crack. Using your birthday or the name of your daughter is an invitation for trouble. Do not share your passwords with anyone unless they are a trusted individual and have an absolute reason to know. Remember that your Registrar will never ask for your password, especially in an email. br>
- Report abnormalities: Monitor your domain portfolio and if anything seems out of place at any time (for instance, if you get a suspected Registrar email saying, “Here’s your password”), immediately report it to your Registrar.
By following these steps, you will greatly reduce the likelihood that your domain names will be hijacked.
Recovering a Hijacked Name
In the event that your name is hijacked, there are two companies you should contact immediately:
- Your Domain Registrar
- The Current Domain Registrar
Explain to each company that your domain was hijacked and find out what they can do to help recover the domain. If the name transfer process is not complete, your Registrar may be able to use UNDO procedures. If the transfer is complete, ICANN has a TDRP (transfer dispute resolution policy) available for Registrars to dispute transfers. If your domain name is part of a trademark, you can file a UDRP arbitration with ICANN. It’s important to note that neither of these channels are a quick fix, with decisions taking 2 months or more. Additionally, the process can be costly, with UDRP cases costing approximately $2,000.
If you’ve exhausted your options with your Registrar, you may want to pursue legal action against the hijacker or the third party who purchased the domain from the hijacker.
In pursuing legal action, it’s important to look for a lawyer with a background in domain name legal issues. Legal action can be difficult though as U.S. courts have not set any real precedence concerning jurisdiction over domain names. It becomes even more difficult if the new Registrant or Registrar are outside the United States. Until legislation sets some guidelines, or the court system sets a clear precedence, hijackings are going to be difficult and costly (often more than the value of the domain itself) to fight.
What this all boils down to is prevention. While the cheapest and most sure way of getting a hijacked name back may be to simply pay the ransom, you can take many steps to safeguard your domain names and prevent a hijacking from occurring in the first place.