It's been a very long time since humanity has had an unknown frontier to explore. I am constantly learning about cyberspace occurrences for which I am hard-pressed to find real-life analogies. For instance, is a domain name really like a plot of virtual land? Is that land subject to taxes and licensing? Does a bigger landowner have the right to simply buy out your property? Does the government have the ability to take over your URL in the name of eminent domain? Is it okay to take a hacker that steals your URL, out back to be shot?
|
"I know that cheating bastards can wreak havoc on a website. I guess I just never knew a script kiddy ... could take your land right from under you." |
The other day on the Cozy Campus message boards came a rather sad post from Dave at Adult Browser:
"Hello, this is to inform everyone that The Adult Browser was domain Highjacked. I have no control over the domain and I have no way to even view the site anymore because I was port blocked."
I own a domain name. Unlike many Adult Internet types, I only have the one. I don't even use it. I bought it because it had the word sex in it. I've never really figured out what to do with it. I let it sit in its little place on the DNS server that hosts it for free. I'm not a cyber squatter. My fully paid for and registered domain isn't some reworking of a famous trademark. My domain just happens to contain the most typed-in keyword of all keywords. I believe that someday, I may be able to find a proper use for my domain. Until then, I thought the only thing I had to do to keep my fabulous easy-to-remember dot com was to continue paying for it every two years.
I am so very wrong.
I'm not saying I've been out of the loop. I have seen the various big-time and small-time web sites get hacked over the few short years of the Internet. I guess I was just always under the assumption that those attacks were viruses resulting in Denial of Service nightmares for their victims. I've seen other webmasters complain of image theft and site redirection. I know that cheating bastards can wreak havoc on a website. I guess I just never knew a script kiddy or even a major corporation could take your land right from under you.
How does the coder cowboy rustle your domain away from you? All it takes is an anonymous remailer program for faking your email address, good timing and an email account at a free mail provider such as Hotmail.
With this arsenal, a domain thief can look up your registration information by using a WHOIS search. From the results, the thief will have the required information you submitted to your domain registrar. They can then go to site such as Securiteam.com and easily find a step-by-step guide on how to change your contact information and/or the steps needed to transfer your domain to their server and possession.
An article directly from the Securiteam site says:
"The problem with Internic authentication is that they do NOT send a confirmation email if the request is sent from the same email as the person owning the contact or the domain name itself! Therefore, utilizing this flaw one could spoof anyone's email address and change any domain name's information."
A hacker can just fake your email and change everything for you. I won't give the details on how that's done in this article. If you want to protect your site by understanding to what end it can be attacked, there are many How-To pages already in existence.
I will reassure you there is a fix for this problem. You can enable passwords and authentication through devices such as MAIL-FROM, CRYPT-PW, and PGP. Contact your registrar about ways to protect your domain from dirty scum.
Untitled Page
Unfortunately, there is another kind of domain threat that cannot be defeated by lame weapons such as password protection and fees paid.
In 1998, a woman named Cybele Emanuelle registered the domain for a page she envisioned to be a portal to the best of black pride & empowerment on the net. The site was named African-American OnLine Search. The URL was www.aolsearch.com. Unfortunately for Cybele, a huge "Internet Company" had recently decided to feature a brand-name search engine on their site.
She received an initial notice from "The Company's" lawyers accusing her of copyright theft. She refused their demand to transfer the domain over to them and heard little else until a month later when she received an auto-generated domain transfer request from her "Domain Registrar". The request was for approval to transfer possession of her domain to "The Company". Cybele immediately got on the phone with her "Domain Registrar" and was reassured that all was well and her ownership was secured. A week later, her site went dead and Internic records stated the domain was property of "The Company".
Explanation from her "Domain Registrar" blamed a scenario that sounds alarmingly similar to the bait-and-switch tactic used by the dirty cattle thieves described in paragraphs above. Only this time I'd have to be an idiot to suggest that a major Company would stoop to such robber baron tactics. I'm sure it was just an email glitch. The domain is now owned by "The Company" and Cybele Emanuelle has not been heard from since 2000.
In the days when America was constructing it first railroads many a private landowner came up against the ugly phrase: eminent domain. Eminent Domain means private land for public use. Honorable people had to forfeit great stretches of acreage to contain public railroad track. Landowners of the time had no legal recourse because the lawmakers were in control.
While the behaviors of hackers and a major Internet service are not representative of eminent domain, they are examples of ways you can have something you thought you owned taken from you. I can inform you about password protection and caution you to name what domain you register carefully.
I can forewarn you to the possibility that someday a government representative may decide your domain or your bandwidth are needed for public use and you may have to give up your property. What I cannot tell you is what new problems you face as a site owner down the road.
That's the dilemma of we who are exploring uncharted territories. Like the cowboys and pioneers in days of old might warn, "Always sleep with one eye open".