Buying domains with other people’s money

From behind the iron curtain of a middle Eastern nation known for its anti-American sentiment, a self-proclaimed hacker seems to be the perpetrator of a series of recent, high profile purchases of domains – using stolen credit cards.

Using proxy servers located in Iraq, he took control of a Network Solutions user account and its main domain, Get-Hosted.com. Then, using either a credit card associated with the account or other stolen credit cards, he made purchases of domains offered for sale via the Network Solutions marketplace. These domains are brokered by two major players in the domain after-market field, BuyDomains and Fabulous.

Apparently, he tried the fraud scheme first at Fabulous, as their domains are typically priced lower. After testing the waters of his process by making several small purchases, he turned his attention to the higher-priced domains offered by BuyDomains. A week or so later, his appetite was large enough that one of these purchases made it on DNJournal: DomainTools.net was sold for $4,088.

Fabulous reacted quickly, reversing between 5 and 6 purchases of about $350 each and regaining control of the domains within days of the incident. The perpetrator, having gained experience from this test run, then decided to alter his process; the roughly 6 large purchases he made from BuyDomains were immediately transfered out to the compromised Network Solutions account and WHOIS protection was added.

Having used stolen credit cards – in other words, other people’s money – it was time now for the hacker to capitalize on the value of the assets; an estimated $25,000 worth of domains. Not too shy about declaring his location (Iraq), he created two accounts at DNForum and offered the domains for a quick sale, at extremely low prices. These aged or otherwise generic names were being offered for $200 to $500 each, with a couple of others seeking offers.

The DNForum sales thread about one of these domains, xdev.com, had a short lifespan; the domain was still listed for sale at Afternic by BuyDomains with a hefty $9,700 price tag on it. And yet, the seller was eager to take any amount of money, ranging from $1,500 up to a BIN price of $5,000. After all, he never paid a penny out of pocket for these domains. The DNForum community was quick to determine that the sale was extremely suspicious and to alert the moderators about the ongoing scam.

Other domains offered for sale included Getting.net, DomainTools.net, DoTrust.com and OrbitPay.com – all of them were being offered at unreasonably low prices. Thankfully, DomainTools.com maintains historical data on domain ownership; it was easy to see that all these domains followed the same pattern: they were sold recently by BuyDomains and were instantly transferred to Network Solutions, to an account with WHOIS shield.

It’s probably the first time that several major players in the domain market were involved as the direct victims of a scam:

• BuyDomains and Fabulous were defrauded, giving up domains in exchange for stolen funds
• Network Solutions & potentially Afternic were used as a Trojan Horse to facilitate the purchases through their respective marketplaces
• Sedo was consequently used by the scammer as a point of sale for some of these domains

Additionally, Visa and Mastercard obviously had to reimburse funds and to reverse charges to the legitimate owners of these credit cards.

Currently, all of the domains appear to have been recovered in a special trust account at Network Solutions. The investigation is ongoing, with regards to the legal ramifications of this act which could amount to tens of thousands of dollars in billable time. It would not be surprising if finally the FBI and Interpol are involved in this case.

Over the course of recent years, Internet scams have proliferated into segments of the global market that were left untouched by traditional crime. It’s imperative that international politics ensure a smoother relationship and cooperation between nations, instead of leaving predatory “black holes” such as Iran, Iraq and North Korea. These criminals operating from such countries feel untouchable by the lack of law and punishment in their own countries and often engage in these acts as a “sport” or a “hobby” – gaining bragging rights among their peers.

However, when other people’s money is involved, it’s not a game anymore.