The process of reclaiming stolen domain names isn’t easy; the main culprit appears to be the lack of a solid process that would handle such cases.
With ICANN rolling out dozens of new gTLDs, it’s important to ensure not only the security of the new domain names that will emerge, but to improve and streamline the process for existing TLDs.
Mr. Robert Biles, a lawyer and partner with a British law firm, had no idea about the amount of work involved, in order to reclaim his stolen asset, WTD.com.
After I provided the information regarding the method that the thief used to take control of the domain, Mr. Biles faced the bureaucracy, ineptitude or complete lack of action by the key authorities involved in the domain theft.
Says Mr. Biles:
I realised that access to the domain name registration account had been compromised in February of this year. It transpired that I had not received a renewal reminder for the renewal of the login domain name. I contacted Pacnames and they contacted GoDaddy but without any success. Pacnames ignored me until I complained to ICANN. It was not until I discovered your email that I appreciated you had tracked down the person who had bought wtd.com from the thief. I threatened the new registrant with legal action and he was surprisingly helpful and co-operative. I think this was due to the various correspondence you had sent him and the prospect of a legal action. It became clear to me that four months had elapsed and that it was going to cost me several thousand dollars to begin a legal action against domain name registrars who are used to this sort of thing and a new registrant who claims to have innocently purchased the domain name. This was with no guarantee of success.
As the domain had changed ownership prior to being moved out of Pacnames, GoDaddy essentially refused to take any course of action. The same lack of responsiveness occurred with the stolen domain gmix.com from its rightful owner; that domain’s ownership records had been altered prior to being moved from Moniker to GoDaddy. Gmix.com remains a stolen domain name, to this date.
Mr. Biles continues:
The main problem was Pacnames and its failure to send out a reminder email. It was also the Pacnames method of logging into accounts and the ability of people to pass themselves off as the registrant if the account has been set up a particular way. Although I have used Pacnames for over ten years it became clear that relying on its reminder system was not a suitable way of carrying on. Additionally not paying sufficient attention to the email addresses used for registrant contact, admin contact, technical contact and billing contact is dangerous.
It is important to note that WTD.com was sold by the thief on the Chinese domain auction platform, ename.com. Without checking the history records of WTD.com, another Chinese domainer bought it for the exceptionally low price of $4,000; that price is not justified by the quality of the letters or the age of the domain.
In his correspondence to me, Mr. Biles expressed his dismay about the “shocking things” that were apparent in the process of reclaiming the domain, WTD.com:
- ICANN allows approved registrars to carry on their business with a domain name logging in system.
- The complete lack of assistance from the authorities in recovering the domain name, particularly ICANN.
- The ability of the new domain name registration company (GoDaddy) to ignore complaints without any recourse from the authorities.
- The inability to get Pacnames to explain to me why they had failed to send out an email.
- Pacnames failure to communicate with me at all until I got ICANN involved.
- The fact that there are thieves out there who will brazenly steal domain names if they can by playing the system without risk of punishment.
During the stage of putting pressure on the DNForum member who bought the domain, it transpired that an otherwise established and well-respected member of the DNForum community, contacted the domain holder directly, offering to buy the domain. This occurred after the fact about the domain’s status as stolen was made public. It is shameful for the person who made that offer, to consider themselves a domain industry veteran, when they are willing to acquire stolen goods, at an opportunistic price. I won’t publicize their name at this time, but rest assured that I will never do business with them, ever again.
After calculating the cost, time and effort involved to pursue the domain legally, Mr. Biles paid the buyer their incurred costs, and received the domain. While this isn’t an ideal closure to this case, it’s still a solution as WTD.com is valued at mid five figures, minimum.
Mr. Biles ends his email to me, thus:
It was a relief to discover that there are people like you out there who fight against the vile thieves that lurk around the interweb. It is very much the Wild West and the police and ICANN need to do something to stop people profiting illegally in cases like this.
As I’ve done several times in the past, my involvement in researching the status of digital assets is driven by my professional and personal ethics. The lack of a transparent method to reclaim stolen domain assets is shocking and disappointing. ICANN must develop a new ownership module, that does not depend on the domain records as updated at the registrars. A personalized authorization key must be created and issued for every domain holder, without which domains cannot be authorized to be moved around, even if the accounts were compromised.
I would not have done it without the ability to research past WHOIS records at DomainTools.com.
Speak Your Mind