Acro.net – Technology Rants & Raves by Acroplex®

As I was putting the groceries into the trunk of my car today, a nice looking lady in her mid 40′s approached me. She was well-dressed, at least by Florida standards and considering the temperature was in the low 90′s. I thought she wanted some sort of assistance, when she started with “Sir, sorry to bother you…”

The next string of words that came out of her mouth immediately put me into alert mode: “Can I have a couple of dollars for gas?”

Over the years, I’ve donated a few cool thousands to charities and people in need. Even street beggars. But I would never get suckered by a “dame in distress” who puts on a show like this. Her attempt at faking tears was pathetic.

My response was brief and to the point: “Nope, sorry.”

She took off faster than you can imagine, into her dark green vehicle and away from the lane where I was parked. I could not even see whether she drove off alone or with someone else in the car! Considering how she can keep looping around the parking lot looking for suckers, all it takes is a few fake tears and some sprays of cheap perfume.

By the way, her perfume was nasty.

What happens usually is that once you open up your wallet, these people or an accomplish will present a weapon or forcibly take it away from you. Bye-bye credit cards, driver’s license etc. So even if you are presented with the dilemma of not knowing whether the person in distress is indeed in need of cash, ask them to go to the very entrance of the store, where they can easily be apprehended if needed.

In the same manner, online begging is equally easy to occur. People can assume all types of personalities and even fake their gender, in order to establish the necessary definition of a person in need.

Always suggest a public, well-established means of support such as the church, the local authorities or organizations that cater for the people in financial need, such as the Salvation Army. It’s better than losing your money along with your faith in helping others.

It was in early 2000 when one of my few – back then – domains got hijacked by a Turkish hacker. He picked that particular domain because it’s a very common Greek cussword, shared equally among our eastern neighbors. The domain was registered with Network Solutions, which offered back then an update process via email. With each WHOIS info change, an email was sent out to be acknowledged or denied by the administrative contact.

The problem was its predictability: its format was identical each time, the changes to be made were obvious and the information conveyed was unencrypted. All a hacker had to do – and many did – was to initiate an update via the NetSol web site and then send out a fake email that appeared to come from the administrative contact, authorizing the changes!

Simple and brilliant.

What’s not simple and brilliant is that eight years later other companies continue to make the same mistakes in the way they program authorization of updates in transactions. In a recent scheme, a Sedo seller received an offer for a 3-letter .com domain; the price was agreed upon and consequently he was emailed, being told that the payment had been received and that the domain should be pushed to the buyer’s account.

The email ended up being fake, the perpetrator once again originating from Iran (oh, the surprise!). The scammer simply replicated a response email, sent often by Sedo to the participants of a transaction and spoofed the originating address, thus making the seller believe that the payment had been made. The seller pushed the domain to the scammer’s acount with Moniker. Later on, Sedo notified the seller that no such email had been sent, that the payment was still pending and that the buyer was apparently trying to defraud the seller.

Luckily, the domain was returned due to the strict safety policies of Moniker. It was proved stolen and it was returned to the owner. Sedo must stop sending out these full communication emails; they must simply prompt the parties involved in a transaction to log into their Sedo accounts to perform whatever step is needed. This way, no personal data is disclosed and no spoofing is possible. Sedo must take example from Escrow.com that has streamlined the domain transfer process to the highest degree; if they were also a registrar it’d be the ultimate in domain reselling security. Other options exist, such as Moniker’s escrow (requires the domains to be transferred to Moniker first), Afternic and the newly founded venture EscrowDNS.

It’s important to learn from the lessons of the past, to avoid the anguish in the future.

From behind the iron curtain of a middle Eastern nation known for its anti-American sentiment, a self-proclaimed hacker seems to be the perpetrator of a series of recent, high profile purchases of domains – using stolen credit cards.

Using proxy servers located in Iraq, he took control of a Network Solutions user account and its main domain, Get-Hosted.com. Then, using either a credit card associated with the account or other stolen credit cards, he made purchases of domains offered for sale via the Network Solutions marketplace. These domains are brokered by two major players in the domain after-market field, BuyDomains and Fabulous.

Apparently, he tried the fraud scheme first at Fabulous, as their domains are typically priced lower. After testing the waters of his process by making several small purchases, he turned his attention to the higher-priced domains offered by BuyDomains. A week or so later, his appetite was large enough that one of these purchases made it on DNJournal: DomainTools.net was sold for $4,088.

Fabulous reacted quickly, reversing between 5 and 6 purchases of about $350 each and regaining control of the domains within days of the incident. The perpetrator, having gained experience from this test run, then decided to alter his process; the roughly 6 large purchases he made from BuyDomains were immediately transfered out to the compromised Network Solutions account and WHOIS protection was added.

Having used stolen credit cards – in other words, other people’s money – it was time now for the hacker to capitalize on the value of the assets; an estimated $25,000 worth of domains. Not too shy about declaring his location (Iraq), he created two accounts at DNForum and offered the domains for a quick sale, at extremely low prices. These aged or otherwise generic names were being offered for $200 to $500 each, with a couple of others seeking offers.

The DNForum sales thread about one of these domains, xdev.com, had a short lifespan; the domain was still listed for sale at Afternic by BuyDomains with a hefty $9,700 price tag on it. And yet, the seller was eager to take any amount of money, ranging from $1,500 up to a BIN price of $5,000. After all, he never paid a penny out of pocket for these domains. The DNForum community was quick to determine that the sale was extremely suspicious and to alert the moderators about the ongoing scam.

Other domains offered for sale included Getting.net, DomainTools.net, DoTrust.com and OrbitPay.com – all of them were being offered at unreasonably low prices. Thankfully, DomainTools.com maintains historical data on domain ownership; it was easy to see that all these domains followed the same pattern: they were sold recently by BuyDomains and were instantly transferred to Network Solutions, to an account with WHOIS shield.

It’s probably the first time that several major players in the domain market were involved as the direct victims of a scam:

• BuyDomains and Fabulous were defrauded, giving up domains in exchange for stolen funds
• Network Solutions & potentially Afternic were used as a Trojan Horse to facilitate the purchases through their respective marketplaces
• Sedo was consequently used by the scammer as a point of sale for some of these domains

Additionally, Visa and Mastercard obviously had to reimburse funds and to reverse charges to the legitimate owners of these credit cards.

Currently, all of the domains appear to have been recovered in a special trust account at Network Solutions. The investigation is ongoing, with regards to the legal ramifications of this act which could amount to tens of thousands of dollars in billable time. It would not be surprising if finally the FBI and Interpol are involved in this case.

Over the course of recent years, Internet scams have proliferated into segments of the global market that were left untouched by traditional crime. It’s imperative that international politics ensure a smoother relationship and cooperation between nations, instead of leaving predatory “black holes” such as Iran, Iraq and North Korea. These criminals operating from such countries feel untouchable by the lack of law and punishment in their own countries and often engage in these acts as a “sport” or a “hobby” – gaining bragging rights among their peers.

However, when other people’s money is involved, it’s not a game anymore.