Blast from the distant past: Network Solutions and domain security

It’s been almost five years since I released some information on domain security, as implemented by Network Solutions in the past; those were the days that domain registration was a monopoly.

In a post titled “Sedo scammers take advantage of email predictability“, I referenced the method that domain hijackers used in the late 90’s to scoop valuable domain names from under their owner’s noses; sometimes just to prove a point, other times in order to profit from their act.

That method does not work today, because the implementation of domain locking and the use of authorization keys, has provided the minimum layer of security in order to fend off a particular type of attacks. However, other methods, such as the use of phishing emails and trojans or that of social engineering one’s way to an account password, still prevail.

Today, I’m releasing email communication from 2000 – the single time that I had a domain hijacked, using a security hole that existed in the Network Solutions authentication process.

I have removed the full name of the person who contacted me, and their domain name. As more than a decade has passed, it’s an interesting insight into the type of frustration domain owners faced back then. TGIF! 😀

I just read your article and I’m just livid! I know exactly how you feel!!!!

My name is Becky R*, the President of United4*.com.
I am just speechless as after days of searching the internet for
others who’ve perhaps found themselves in my situation.

Your article relating to Domain Name Hijacking and Network Solutions all read as if I had recited them myself! Unbelievable!

The very same thing happened to me and my company this past
weekend! The perpetrator was able to transfer my domain simply
by “spoofing” my email. To make matters worse, Network
Solutions had previously warned us that someone had attempted
to transfer my domain. I replied, “NO” to this transfer request.

None-the-less, they sure transferred it alright! What has been most devastating and damaging to me and my company is that after the perpetrators stole my domain, they hosted it on HyperMart and displayed a highly defamatory, malicious and flat out lie about my company! Here is what they had plastered on my stolen domain for 5 days!!!!!
====================
“This site is currently under investigation by governing internet agencies due to reports of fraud and improper business conducts.
Refunds are available on request by emailing support@clickbank.com.
Please include your name, email and transaction number when
requesting a refund.”
====================
I can’t begin to tell you how awful and damaging this has been.

This illegal domain transfer took place late this past Friday
night. When I contacted Network Solutions first thing on
Saturday morning, they told me they couldn’t do anything and
I’d have to call back Monday!

Further, it was NOT Network Solutions that shut down the
fraudulent site displaying that damaging message, but
Clickbank Security!

It wasn’t until Wednesday until Network Solutions transferred
my domain (United4*.com) to me!

I haven’t been able to get any cooperation from the companies
who the perpetrator used to transpire this! HyperMart, Hotmail,
MailandNews, etc …

I had to sent multiple documents in order to prove that I owned
the domain, etc …. Then, it turns out that Network Solutions
said it happened because someone “spoofed” my email.
I asked them what they were going to do about it and they said,
“nothing”. I just can’t believe it.

I requested that they at least send a letter that admonishes my
company so that I may make this available to my members,
who’ve so many believed we were a scam, etc … Network
Solutions won’t even do that for me. People want me to
“prove” these terrible things happened they way they did and
I’m not able to get these people to help me after all of priceless
damage that occurred because of them!

I have filed a complaint with the IFCC and the FBI, but this
investigation could take a long time! Too much time to go
by that these companies whom the perpetrator used will
no longer have logs of his server, etc….

I cannot understand how all of these companies can continue
to turn their backs on the individuals and businesses that are
being preyed upon!

Thank you so much for your time.

Regards — you are not alone!

Becky R*
President, United4*.com

 

Speak Your Mind

*