LEXIS-NEXIS Tell Me More
Copyright 2001 Prentice Hall Law & Business The Computer & Internet Lawyer July, 2001 SECTION: INTERNET; Vol. 18, No. 7; Pg. 1 LENGTH: 10292 words HEADLINE: Webjacking BYLINE: by Robert J. McGillivray & Steven C. Lieske; Robert J. McGillivray is a commercial litigation partner in the Minneapolis office of Oppenheimer Wolff & Donnelly, LLP and a member of the firm's domain name dispute team. He can be reached via email at email@example.com. Steven C. Lieske is an associate in the Minneapolis office of Oppenheimer Wolff & Donnelly, LLP. He practices in Internet, trademark, and patent law. He can be reached via email at slieske@oppenheimer. com. © 2000 Robert J. McGillivray & Steven C. Lieske. An expanded version of this article was published in the William Mitchell College of Law Journal, Vol. 27, Issue III. HIGHLIGHT: The Internet is like a vault with a screen door on the back. I don't need jackhammers and atom bombs to get in when I can walk through the backdoor. n1 n1 Anonymous at www.quoteland.com. BODY: Introduction A mid all of the hype over Internet security with respect to computer viruses, n2 denial of service (DOS) attacks, n3 and consumer privacy issues, n4 one of the Internet's "screen doors" -- Internet hijacking, also known as webjacking -- has been overlooked. By definition, the term "hijacking" refers to the seizure of a moving vehicle by use of force, especially to reach an alternate destination. n5 By extension, the term "webjacking" refers to the seizure of a domain name to force Web traffic to an alternate Web site location. n2 Mark Landler, "A Filipino Linked to 'Love Bug' Talks about His License to Hack," N.Y. Times, October 21, 2000, at C1. The Love Bug virus caused an estimated $ 10 billion in damages. n3 Matt Richtel, "Canada Arrests 15-Year-Old in Web Attack," N.Y. Times, April 20, 2000, at C1. In a DOS attack, a computer is bombarded with large amounts of meaningless data to bog the computer down so that it cannot respond to legitimate requests. n4 Erik Lipton, "2 Hired to Calm Fears for Web Privacy," N.Y. Times, March 8, 2000, at B3. DoubleClick announced these new hirings a week after it announced its intentions to use its vast amount of information about how individuals use the Internet. n5 The American Heritage Dictionary of the English Language 854 (3d ed. 1992). A webjacking is often accomplished by the webjacker sending a counterfeit email message to the registrar controlling a domain name registration. The counterfeit message appears to have been sent from someone with authority over the domain name, and the message instructs the registrar to "connect"
file:///C|/Documents%20and%20Settings/mwood/Desktop...odule%2010%20-%20Session%20Hijacking/WebJacking.htm (1 of 22)8/1/2006 2:28:53 AM
LEXIS-NEXIS Tell Me More
the domain name with a new Internet Protocol (IP) address. Once this connection is set up by the duped registrar, any Internet user who types the domain name in his or her Web browser is taken to whatever Web site the webjacker has installed at the new IP address. Sometimes the webjacker's Web site is a fraudulent copy of the original Web site, causing Internet users not to notice the webjacker's scam. Webjacking is a surprisingly easy way to take control of a Web site. While Web site owners fortify their systems with firewalls and other security measures, some have lost control of their sites as a result of a webjacker simply emailing the registrar. Unless the door that allows webjacking to occur is closed and locked, no amount of front-facing security will protect Web sites from such a rear attack. Web sites and the e-commerce that they provide have truly changed the structure of commerce. Before the Internet, although a crook could hold up a cashier for the money from the register, a thief could never take over an entire department store and pose as the owner. Generally, it would have been too costly for a scam artist to mail counterfeit catalogs. In contrast, Web sites are not hard to create. In fact, someone with intermediate computer skills can, in short time, create a forged duplicate of another Web site. Such forgeries have been reported a number of times. For example, The AJ Park law firm in New Zealand discovered that someone copied the code for its Web site at http://www.ajpark.com, changed the "New Zealand" references with references to Russia and routed three domain names to the bogus site. n6 Although these forgeries could be by some kid trying to learn hypertext markup language (HTML), they also could be by some start-up law firm trying to get a Web site up as soon as possible. Whatever the reason, these forgers do not pose a huge threat because when AJ Park's clients type www.ajpark.com in their Web browsers, they are not misdirected to the forged Web site, but are correctly steered to AJ Park's real site. n6 Reported by Damian Broadley (firstname.lastname@example.org) to the International Trademark Association (INTA) newsgroup on August 12, 2000. After AJ Parks complained to the registrant of the domain names, the registrant blamed a third party. The registrant has since instructed its ISP to redirect all Web traffic for the three domain names to AJ Parks' legitimate Web site. Webjackers, on the other hand, do pose a threat. Should AJ Park's Web site be webjacked, its clients would surreptitiously be sent elsewhere. If the webjacking were done for political reasons, the client might be sent to a Web page condemning the legal system, legal fees, and attorneys. If, however, the webjacking were done in an attempt to gain credit card or other information from unwary clients, clients could be redirected to a doppelganger, forged copy of the original, authentic site. Because the clients have typed in the proper domain name and are presented with what appears to be the proper Web site, they are easily fooled into revealing their private information. Because webjacking a domain name is not difficult to accomplish and does not require a great deal of computer skill, it may become a favorite con game of the 21st century. n7 n7 "DNS Intrusions Spotlight Security Debate," Network News (Eur.), May 3, 2000, available at 2000 WL 7833925.
file:///C|/Documents%20and%20Settings/mwood/Desktop...odule%2010%20-%20Session%20Hijacking/WebJacking.htm (2 of 22)8/1/2006 2:28:53 AM
n12 Id.net domain name.. The domain was registered by a small Internet service provider (ISP) to 3. Until the webjacking was reversed. n9 n8 "Internet Domain Names Stolen: Businesses Are Crippled after Pirates Take Over Their Web Site Addresses. at 2000 WL 9443184. nike. (June 8. n14 The thief faxed a request to the registrar and the registrar promptly switched control of the domain names to the webjacker. many cases go unreported.htm (3 of 22)8/1/2006 2:28:53 AM
. n9 "Hijacking Going High-Tech.A 21st Century Con Job A webjacking occurs when a registrar is tricked into connecting a domain name with the name server that resolves the domain name to the webjacker's IP address. webjacking promises to be another serious e-commerce problem. Although the sites were regained in several days. Although Internet trademark infringement issues and cybersquatting have received more publicity. consumers who typed www. "Companies Point Fingers over Nike Web Site Hijacking. a tourist portal for Bali lost its Web site due to webjacking. 2000. This caused the portal to lose substantial business.LEXIS-NEXIS Tell Me More
Webjacking -. Also in June. 1. the company's confidence in its registrar was not. June 30. It took the ISP a week of battling with the registrar to regain its domain name. at D3. 2000.m. Recent Webjackings in the News In May 2000. n10 The redirected traffic overloaded Firstnet's server." The London Free Press. Firstnet considered suing Nike for neglecting to secure its domain name registration. A number of webjackings have recently been reported and undoubtedly. thus sending unknowing consumers to a Web site controlled by the webjacker.500 nonprofit organizations.300 other domain names. 2000). n13 This large-scale webjacking was accomplished with merely a fax machine.." The Gazette (Montreal).com was webjacked. The next month. making the company unable to serve its legitimate customers.com in their Web browsers were automatically directed to a Web site in Scotland maintained by a group called S-11 and hosted by Firstnet On-Line Ltd. and virtually all of its business stolen. n15 n13 "NSI's webjacking Epidemic.odule%2010%20-%20Session%20Hijacking/WebJacking. n8 In the same month." Network World Fusion. n11 After the company billed Nike for the use of the servers.com. June 2. 2000. n11 Id. June 9.
file:///C|/Documents%20and%20Settings/mwood/Desktop." Wired News 3:00 a.nike. a $ 500 million public net media company had internet. n12 n10 Ann Harrison. a webjacker stole the web.
html. 2000). n19 "Judge Returns Sex.com/bus-news/ article/0.." Wired News 3:00 a. n16 The webjacker." Internet News. n20 n16 "Sex. at G01.LEXIS-NEXIS Tell Me More
n14 Id. n18 Clint Boulton. Nov.zdnet. 1998. Gary Kremen registered the domain name sex.m.com. com/zdnn/stories/news/0. n22 Leslie Walker. The Minneapolis Star Tribune.com. developed a pornographic Web site connected to the domain name and made millions.com Ruling: It Wasn't Stolen. 25. How a Webjacking Occurs Every registrar has a procedure for registering domain names. at www. the judge has frozen $ 25 million in Cohen's business assets. 2000. Post.00. n19 A related lawsuit against the registrar for allowing the webjacking to happen was dismissed. the domain names for Adidas. which usually can be done online or by sending an
file:///C|/Documents%20and%20Settings/mwood/Desktop. 2000. "Fake Message Sends AOL Email Astray. (Aug. (Aug. com n22 has been stolen.com Ruling: It Wasn't Stolen. Washington. 2000. LucasArts.htm.00.3_520901. "Sex. In addition to internet." Wash.com.com. Croatia. One of the longest publicized webjackings is still underway.m.com have all been webjacked. athttp://www.html. Oct. 2000.4586. 28. "Web Sites 'Stolen' by Cyberthugs. Stephen Cohen.. n17 "Judge Returns Valuable Porn Site to Original Owner. In October 1995. n21 Bob Sullivan.2580039. 25.htm (4 of 22)8/1/2006 2:28:53 AM
. n15 Id." ZDNet News.com Domain to Owner. 17. 2000).com site was allegedly stolen via a forged letter to the registrar. As one would expect. n20 "Sex. Nov. 29. In 1994. that Cohen was guilty of webjacking the site.com." USA Today.com: A Chapter of Prurient Jurisprudence Closes. the sex.odule%2010%20-%20Session%20Hijacking/WebJacking.com. and Canada. Nov. May 31." Wired News 3:00 a. as well as a procedure by which the registrant can update its registration information.com/life/ cyber/tech/cti845. 28. at http://www.internetnews. n18 Pending a final decision on potential damages. n21 Even aol. n17 It took Kremen two years of litigation before a court ruled on November 27. Viagra. Security Breach Changes Net Address.. it is the more highly recognized domain names that become the target of webjacking. 2000.com and sex.usatoday.
com it may just as well be listed as "Administration Group" with an email address of email@example.com (5 of 22)8/1/2006 2:28:53 AM
.odule%2010%20-%20Session%20Hijacking/WebJacking. n23 Webjackings can be divided into four primary phases: (1) planning the attack.com/makechanges (last visited Jan. "Domain Name Hijacking: It's Easier Than You Think. Some registrars operate under the rule that the administrative contract is the actual registrant.LEXIS-NEXIS Tell Me More
email message. n23 E. Webjackers are very interested in the contact information because it is this list of people who are authorized to change the domain name registration information.doe@company. 3. n25 This causes problems when the administrative contact leaves the company and the company then tries to get the registrar to update the records with a new administrative contact. 2001). Registrants can update their registration record with a new legal name or a new address. The administrative contact is usually the owner of the domain name or a representative of the company who owns it. although the administrative contact may be listed as "John Doe" with an email address of john. Carole Fennelly. Otherwise. At first glance. In response. n24 Http://www. the technical. these fields are not of concern. domain name administrators have had to set up a temporary mail account in the former employee's name and send the change request from this dummy account. n24 The registration lists the administrative. n25 The billing contact should be the person to whom the invoices for registration and renewal should be sent. Contacts are the second set of fields that can be added.. 2000.networksolutions. http:// www. Some webjackers may already be listed as one of the contacts because they are current or former angered employees of the domain name registrant who were previously set up as a contact. Thus. registrars have stated that the only way such a change request would be approved is if the request was made via the former employee's email address. (2) sending a counterfeit request to the registrar.networksolutions. one might assume that webjackers are concerned with these. Planning the Attack Registrars allow several fields in a domain name registration to be modified through a change request.com/cgi-bin/glossary/lookup?term=Contact/Agent (last visited Jan. and the billing contact. available at 2000 WL 14587742. 3. the webjacker chooses to impersonate one
file:///C|/Documents%20and%20Settings/mwood/Desktop. (3) having the registrar incorrectly determine that the request is authentic.. Domain name administrators say that in the past. The technical contact should be the person best able to answer questions about the Web site's host servers. For example. deleted.com. however. 2001). Contacts are agents. A Web site. JavaWorld." who represent the registrant on matters related to the registrant's domain name. and (4) transferring the registration to a new registrar so that the rightful registrant has a more difficult time recovering from the webjacking. is not based on the real or alleged name or street address of the registrant.g. or modified. July 18. either individuals or a group of individuals who act in a specific "role.. The entity listed as one of the three contacts should be the entity best able to answer questions about that particular aspect of the domain name registration and should be authorized to represent the domain name registrant.
3. networksolutions.com/cgi-bin/ whois/whois (last visited Jan. The webjacker must now figure out how to accomplish the impersonation. Most fakemail Web sites produce email the average reader would accept as real. http://www.com. The header information includes data about the sender -including his or her name and email address -. 71(1). All of the registration information for a given domain name is publicly available through the registrar's whois database. http://www.com/ fakemail. http://www.. n26 Planning a webjacking attack is easy because the contract information and name servers for a domain name can be discovered in less than a minute. n27 Based on the whois database.oppenheimer. June 12. In practice.LEXIS-NEXIS Tell Me More
of these contacts during the webjacking.itgo.com/ fakemail. 3. Network Solution's whois database can be accessed at http://www.net/mail-html. Each domain name registration lists an IP address for both a primary and secondary name server. n26 The "whois" name is quite descriptive of the database. inter alia." Fakemail messages are altered so that the message appears to have been sent by someone else. a name server is a computer that works as part of the domain name service (DNS) to resolve domain names to their corresponding IP addresses. when a Web user types a uniform resource locator (URL). since its purpose is to tell "whois" the registrant of a domain name.htm (6 of 22)8/1/2006 2:28:53 AM
. and http://fakemail. the secondary name server is used. 2001). Webjackers configure fakemail so that the administrative contact appears to be the sender. the hierarchical DNS is contacted and the primary name server assists in resolving the domain name to the proper IP address. n28 Such Web sites alter the headers that are traditionally attached to the beginning of email messages. sending fakemail is easy. To create a first-rate
file:///C|/Documents%20and%20Settings/mwood/Desktop.. 2001).odule%2010%20-%20Session%20Hijacking/WebJacking.and the route the message followed during delivery.com (last visited Jan. such as www. Unfortunately. Because the name server controls where Web traffic is directed for the domains within its network. 2000. The name servers are the third set of fields on the registration that can be updated." Computerworld. Sending Fakemail Email is often used as the impersonation tool because it is not difficult to do.hughesclan. There are several Web sites that allow anyone to create and send a rudimentary fakemail message.virtualdrawing. a webjacker usually seeks to change the listed name servers to ones within his or her control. n27 "Domain Name Game. the webjacker knows whom to impersonate in order to get the name servers changed. n28 Fakemail can be sent from. Fake email messages have been nicknamed "fakemail" and the process of sending them is known as "spoofing. If the primary server does not respond. As discussed previously.cyborg.htm.
30. n34 n29 E.." n30 These tutorials point out that fakemail is possible because all Internet email is managed with simple mail transfer protocol (SMTP). n30 Rourke McNamara. the registrar should first authenticate the request -verify that the sender in fact sent the email message. however.a.txt. and http:// hackersclub. n31 A hacker only needs to gain access n32 to an Internet-connected server. because colleges and universities often have lazy security. Mistaken Authentication Before any modification is made to a registration. a hacker does not need to limit his or her search for a server.edu" domain are the best ones to try for access.htm (last visited Jan..k. It is possible that some lax registrars may process service requests without even looking up the list of authorized contacts.txt (last visited Jan.com/km/library/ hack/gtmhh1-2. "The Wonderful and Evil World of Email: The Art of Email Forging and Tracing Explained in One Simple Text. A server in Europe or Asia works just as well as a server in the United States.htm (7 of 22)8/1/2006 2:28:53 AM
. it is difficult to state that all registrars have equally adequate authentication policies. requires more knowledge." n31 McNamara. the hacker can create and send a fraudulent service request through a fakemail message instructing the registrar to modify the registration information for the desired domain name. the hacker only needs to find one with inadequate security measures." a protocol that allows a user to log on to a remote computer system and then to issue commands as if the user were physically located at that other computer system. 3. the registrar is fooled into believing
file:///C|/Documents%20and%20Settings/mwood/Desktop. txt (last visited Jan. 2001). 3.LEXIS-NEXIS Tell Me More
fake message.com/km/library/hack99/Mail. supra n. n35 In addition. "The Fake Mail FAQ. http://hackersclub. the hacker can manually issue SMTP commands n33 to fool the server into believing it received the SMTP email instructions from another computer.com/km/library/hack99/Mail. Hackers can learn how to do this from the many documents available on the Internet. n33 STMP commands are simple. supra. a. Of the hundreds of thousands of servers worldwide. 2001).odule%2010%20-%20Session%20Hijacking/WebJacking.hackerscatalog. Mafia-man777. n35 The Mob Boss. Once connected to a server. Hackers say university servers in the ". "mail from" and "rcpt to" are two STMP commands. it is more likely that most webjacking takes place because although the registrar checks the list of contacts." at http://www. From this server. and check that the sender is one of the authorized contacts. As more registrars enter the market.g. because the Internet is not hampered by distances.com/ mailfaq. n32 Access is gained via "telnet. 2001). n34 McNamara." at http:// hackersclub. for example. n29 There is even a "Fake Mail FAQ.. "FAQ" stands for "frequently asked questions. 3. however.
even NSI cannot determine what the contact's correct password is.. From this point forward. 2001). networksolutions. the contact can ask NSI to reset the password. This is the least secure Guardian method. however.jhtml (last visited Jan. For domain name registrations protected by this method. NSI then follows a policy to attempt to ensure that the contact is legitimate before resetting the password. the CryptPassword method is not without its security concerns.
file:///C|/Documents%20and%20Settings/mwood/Desktop. 2000. NSI encrypts the password and compares it to the contact's previously encrypted master password. This is the method in which the contact chooses a password and all request messages must include that password. at http://www. the email's headers are checked and the "mail from" field must match the contact's email address that is listed in the whois database.com/en_US/help/guardian. If the contact forgets his or her password. registrars do not release details of the policies to prevent hackers from devising ways to circumvent them.Second Draft. 3. NSI now advertises that it has additional measures built in its policies to further authenticate users having the Mail-From Guardian method. For example. Each email request must then be accompanied by a password. If the passwords match. As with most authentication policies. but only NSI will be covered here. Of course. (2) Crypt-Password. n36 During the initial registration process. or leave themselves reminders on yellow stickies." "FTC Advisory Committee on Online Access and Security. n36 "Frequently Asked Questions about Authentication.ftc. Registrars must determine how to ascertain if an email message is authentic. one of the most commonly used passwords of all is 'password'. because the email addresses are publicly available through the whois database and because fakemail easily modifies the "mail from" field. NSI encrypts it as the master password.an authorization and authentication system that helps protect domain name registration records from unauthorized updates. n37 For these reasons and other reasons. for example. all registration contacts provide NSI with their email address. The webjacker could also try to guess the password or find an electronic or paper copy of the password kept by the contact. or (3) PGP. but not very secure.gov/acoas/ papers/ acoasdraft2. after the master password is encrypted NSI destroys the plaintext version of the password. n38 n37 The FTC noted that "[many] consumers use the same password at multiple places. Mail-From. a hacker could abuse this password resetting procedure as part of his or her webjacking scheme. the request is processed. this Guardian method is simple to use.odule%2010%20-%20Session%20Hijacking/WebJacking. Other registrars have similar authentication systems. or use obvious passwords that are easily guessed. Whenever NSI receives an email message requesting change to the registration record.htm (8 of 22)8/1/2006 2:28:53 AM
.. Network Solutions (NSI) has set up Guardian -. at http://www." May 8." Network Solutions.LEXIS-NEXIS Tell Me More
that the fakemail message was sent by one of the contacts.htm. To ensure that hackers cannot gain passwords from its system. Of course. Crypt-Password. When the contact first chooses his or her password. the registrant chooses from one of three Guardian methods: (1) Mail-From. Final Report -.
When the contact composes an email request to NSI.org/doc/pgpintro (last visited Jan. some registrants choose not to rely on PGP. For example. at http://www. Inc. passwords are easier to use and provide some safety. Tucows believes in its username/password method because it is unaware of any fakemail that has caused the OpenSRS to turn a domain name registration over to a fraudulent party. To "sign" the message. Using PGP can be bothersome because contacts are accustomed to the ease of traditional email messaging. the registrar responds
file:///C|/Documents%20and%20Settings/mwood/Desktop. n39 PGP operates by a contact setting up his or her digital signature. NSI does not currently support PGP digital signatures from Windows-based computer systems. 3. To make distributions of the public keys simple. PGP..htm (9 of 22)8/1/2006 2:28:53 AM
. Thus. and (2) a private key. n39 For a more comprehensive explanation of PGP and digital signatures. n40 n40 Telephone Interview with Ross Rader.LEXIS-NEXIS Tell Me More
n38 Webjackings have allegedly occurred even when password security has been in place. Tucows (Nov. Only Unix-based systems are supported. The specifics of PGP are beyond the topic of this article. All changes to the domain name registration must be accompanied by the proper username and password. they are often posted on certification servers throughout the Internet.. The three-tier Guardian system is NSI's security strategy. see "How PGP Works." Network World Fusion. Director of Product Management. Tucows' OpenSRS registrar system provides registrants with a username and password. passwords are only safe as long as they are not easily guessed and are kept from disclosure.1 documentation. The digital signature has two parts: (1) a public key. therefore only a simplified explanation will be offered here. If the message is successfully decrypted. 2000. Once the registrar uses its internal procedures to authenticate the email message. then NSI is assured that the message is really from the contact because the public key is the only key that will decrypt messages encrypted with the contact's private key. The contact can freely distribute its public key to anyone who may receive digitally signed email messages from the contract.pgpi. the contact "signs" the message before sending it.5. 2000). The most secure Guardian method is Pretty Good Privacy (PGP). "Companies Point Fingers over Nike Web Site Hijacking. This document is chapter 1 of the document "Introduction to Cryptography from the PGP.odule%2010%20-%20Session%20Hijacking/WebJacking." Network Associates. the contact must keep the private key confidential. 2001). June 30. Although the public key is widely distributed. This is a dual key." 6. The encrypted message is emailed to NSI and NSI attempts to decrypt the message using the contact's freely accessible public key. digital signature methodology.. 6. Other registrars have their own ways to provide registrant protection. Additionally. This further limits the usage of PGP. Of course. the entire email message is encrypted with the contact's private key. Ann Harrison. While not as technologically hip as PGP digital signatures. available at 2000 WL 9443184.
n41 Once the registration is transferred to a new registrar. If the information matches -.the new registrar submits the transfer request to the registry and the transfer is automatically completed. Although NSI and other registrars recognize that the current registrar transfer policy assists webjackers in their con games. the Internet Corporation for Assigned Names and Numbers (ICANN) -. n41 K.has not yet acted to improve the transfer system.LEXIS-NEXIS Tell Me More
by carrying out the request.odule%2010%20-%20Session%20Hijacking/WebJacking. Once these changes are processed. is sent an information message that the domain name will be transferred. there are a multitude of reasons regarding why webjackers do what they do. webjackers usually attempt to cover their tracks by "laundering" the domain name. the domain name has been webjacked. thus slowing down the process. The former registrar. Laundering the Registration After the webjacker is successful in gaining control of the domain name. transferring registrars is easy.com/ resources/dictionary (last
file:///C|/Documents%20and%20Settings/mwood/Desktop. to whom the webjacker sent the fakemail message and duped into turning over control of the domain name. The legitimate registrant will not be able to easily recover from the webjacking because its legitimate contacts are no longer authorized to make changes to the domain name registration.which controls the transfer policy -.computeruser. June 8. Then the registrar may fulfill the webjacker's request to change the address of the name server to one that will resolve the domain name to the webjacker's Web site. K. The webjacker contacts a new registrar and requests that the registration be transferred. If a webjacker's fakemail message evades detection and is authenticated. What Do Webjackers Gain? As with any improper conduct. n42 n42 "Computer User High-Tech Dictionary. or else the transfer occurs before the rightful registrant discovers that the domain name has been webjacked.htm (10 of 22)8/1/2006 2:28:53 AM
." http://www. All Web traffic will be automatically directed away from the legitimate Web site and to the webjacker's Web site.which of course it does after a webjacking -. however.. then the registrar may unknowingly replace the current contacts with fake contacts having email addresses controlled by the webjacker. The former registrar. The term "cybersquatter" refers to a person who buys a domain name hoping to resell it for a large profit when the company wants to open a Web site with that domain name.. The International Trademark Association (INTA) researched why cybersquatters knowingly register domain names that are confusingly similar to known trademarks. Unfortunately. is either not asked for approval. This addition of another third party adds complexity to the recovery of the registration. The new registrar compares the credentials of the requesting party against the whois database. the legitimate registrant must gain the assistance of both the original registrar and the new registrar in order to recover the domain name registration from the webjacker. Transferring the registration to another registrar accomplishes the laundering. "The Anatomy of a Domain Name Hijacking. Campbell. 2000." The Toronto Star.
The days where domain names sell for such large amounts may be over with the cooling of tech stocks.html (Datamonitor's estimate). webjackers may also gain (5) revenge. n46 n44 Id.5 million buying the domain name Business.com/ (last visited Jan. 1999). this is a 72 percent decrease from just one month earlier. was $ 5. n43 "Cybersquatting and Consumer Protection: Ensuring Domain Name Integrity. there are many similarities between the two and thus the reasons for their actions may be similar.redherring. President of International Trademark Association). The webjacker turned cybersquatter may also gain money from the domain name as part of the booming online pornography industry. Id.com and other similar domain names for $ 350. n47 Kenneth Li. (statement of Ann Chaser. the webjacker can easily redirect all traffic intended for the registrant's Web site to a pornographic Web site." at http://directory.LEXIS-NEXIS Tell Me More
visited Jan. a number of commercial Web sites exist that conduct domain name auctions. n44 In January 1999. Not all webjackers plan on making money from the heist.com/ investor/2000/1110/invurl111000. In the year 2000. at http://www. Warner Brothers was offered warner-records. 2000.000. "Silicone Valley: Porn Goes Public. the average sales price for a domain name from online auctioneer GreatDomains. in hopes of encouraging more sales." Before the US Senate Committee on the Judiciary (July 22.00. Although not all webjackers are cybersquatters.1151. 3. 2001).odule%2010%20-%20Session%20Hijacking/WebJacking. 3. pornographic Web site subscriptions. or (4) engaging in some sort of consumer fraud. As evidence. at http://www. n45 Lisa Meyer. November 10..html.. and in 1999.senate.google. experts predict the online sale of pornographic videos.19696. n43 In addition to these four reasons. n46 "Google Web Directory. n47 By capturing the registrant's domain name." TheStandard.com for $ 3 million. 2000.150. and the like will generate $ 1. According to registrar representatives. ECompanies spent $ 7.com in August 2000. Selling a domain name can be quite profitable.gov/ judiciary/72299ac. October 31. Bank of America bought the domain name Loans. and (6) counter-culture respect.thestandard.com/article/display/0. (3) using the well-known domain name in connection with a pornographic site. n45 As proof that domain name sales are big business.4 billion.com. (2) offering to sell the domain name registration to third parties.com." Redherring. at http:// www. including counterfeiting. many
file:///C|/Documents%20and%20Settings/mwood/Desktop.htm (11 of 22)8/1/2006 2:28:53 AM
. INTA found that cybersquatter conduct is usually associated with: (1) extracting money from the trademark owner.htm (Testimony of Chaser).com. Selling a domain name is not the only way to make money. 2001) for a list of domain name auctions. "URLiquidation.
May 3. "DNS Intrusions Spotlight Security Debate. such as a pornographic site. (OCC News Release. available at 2000 WL 7833925. the company registrant is harmed.LEXIS-NEXIS Tell Me More
Webjackers are just angry current or former employees who want to meddle with the Web site and domain name to retaliate against the registrant. They're just showoffs. The company loses online contact with its customers. customers may be offended and turn away. the fraudulent Web site might ask clients for password information or other financial information that would allow the hacker to later access the client's accounts or fraudulently obtain credit in the client's name. As one expert said. n49 Still other webjackings are done for fun. when several domain names were taken over and the corresponding Web sites displayed a coat of arms bearing the title "Kosovo is Serbia").odule%2010%20-%20Session%20Hijacking/WebJacking. 2. NSI (Nov. In July 2000. NR 2000-53. Chief Litigation Counsel. merchants who receive funds via the Internet could have their Web sites mirrored by the webjacker. n51 The OCC charters and regulates approximately 2. July 19.htm (12 of 22)8/1/2006 2:28:53 AM
.400 banks in the United States. Financial institutions and other companies transferring funds on the Internet may be vulnerable to direct monetary damage after a webjacking. Options for Webjacking Victims Registrants who are the victim of a webjacking have several options to recover the use of their domain name as well as damages resulting from the incident. n49 Alana Juman Blincoe. July 19. and are clearly communicated to their customers." n50 n48 Interview with Phil Sbarbaro. 2000. OCC.48. n48 Other webjackers are political protestors (e. n52 The alert pointed out that a webjacking could result in the loss of a bank's online identity and a misdirection of its customer communications. A customer or client might unknowingly make payments to the webjackers." Network News. If the domain is redirected to an offensive site. which account for over half of the nation's banking assets.. n50 Interview with Phil Sbarbaro. What Do Victims Stand to Lose? When a commercial Web site is webjacked. 2000).. 2000. 2000) n52 Alert 2000-9. are under their control. the Office of the Comptroller of the Currency (OCC) n51 issued an alert to financial institutions.g. supra n. For example. Even if the domain name is quickly recovered. If a financial institution has its domain webjacked.. "These [webjackers] are not 50 year olds. or simply to obtain respect from other hackers. Each course of action has its advantages and
file:///C|/Documents%20and%20Settings/mwood/Desktop. a company may lose customers as a result of the confusion or doubts regarding security. warning the banks to ensure their domain names are registered to them. challenge.
Although the registrars do not explicitly agree by contract to help a registrant recover a webjacked domain name." n55 n53 Tucows operates OpenSRS.0. n54 "Service Agreement. Appendix A of Registration Service Provider Agreement. NSI's and Tucow's n53 agreements explicitly state that the registrar makes "no warranty that [its] services will meet [registrant's] requirements. For example. For example. 2000). Tucow's agreement also makes no warranty that "defects in the Service will be corrected. Tucows Inc. Web hosting company. and after the registrar freezes the domain name registration so it will not be transferred to an unsuspecting new registrar.jhtml (last visited Jan. 3. 3.htm (13 of 22)8/1/2006 2:28:53 AM
. or error free. Because webjackings are a new and infrequent problem. It appears. and the courts are still learning how to respond appropriately." Network Solutions.. 2001). registrars realize that such a situation carries a strong customer service element.. a wholesale domain name registration service. it is important to prevent this transfer from occurring so the problem can be resolved more easily. the agreements offered by the various registrars offer little assistance to a webjacked registrant.networksolutions. some registrars have set up special teams that can be contacted with dispute resolution issues.0.tucows. the authorities. timely." n54 In addition.com/legal/serviceagreement. n56 Interview with Brenda Lazare.opensrs.domainmagistrate.odule%2010%20-%20Session%20Hijacking/WebJacking. at http://www.com (last visited Jan. n56 This is especially true because the registration business is no longer a monopoly. An ISP. n55 Tucows Registration Agreement. At www. (November 6. the next step is for the
file:///C|/Documents%20and%20Settings/mwood/Desktop.org/ OpenSRSDRAv3. IT consulting company or other e-commerce business can become a partner of the OpenSRS system. but rather a competitive field in which dozens of registrars battle for registration revenue.. NSI's special team can be reached at www.com. General Cousel of Tucows. "Form of Registration Agreement. that these special services are primarily directed toward trademark infringement disputes rather than recovery from a webjacking. As a result. 2001). however. at P 18 at http://www. the registrars.opensrs.LEXIS-NEXIS Tell Me More
disadvantages. 3. OpenSRS provides access to the domain registry and the tools necessary for the business to become a retail provider of domain name registration services. n57 Once the registrant contacts the registrar about the webjacking.pdf ( last visited Jan. Although the registrant and registrar enter into an agreement at the time of registration. Because a webjacking usually includes laundering by transferring the registration to a "clean" registrar." at P 17. or that the services will be uninterrupted. 2001) (Tucows Registration Agreement). secure. id.com or by email at resolution@netsol. Work with the Registrar Contacting the registrar is probably the best first response after discovering a webjacking.org or www.
it appears that in October 2000. Unfortunately. the victim of a webjacking may wish to avail itself of the Uniform Dispute Resolution Policy (UDRP) adopted by all registrars.odule%2010%20-%20Session%20Hijacking/WebJacking. The investigation may take seven to ten days. immediately webjacked many of the company's domain name registrations through the registrar by changing the domain servers. n59 In that
file:///C|/Documents%20and%20Settings/mwood/Desktop. A company purchased the domain name registrations and other assets of an Internet service provider (ISP) and hired the principal to act as president of its subsidiary. Some of the domain name registrations were changed between the proper registrant and the former president more than once over the course of several weeks.. The former president. General Counsel of Tucows and author's own experience. Because of this problem. was slow to respond and not very cooperative. the registrars can be so overworked that it is difficult for them to resolve the problem swiftly. by the time the registration is returned to the registrant. who controlled the server for a number of the domain names. the former president was still listed as the administrative contact and easily submitted a seemingly proper request to the registrar for the registration changes. Although the UDRP was intended to resolve cybersquatting and trademark disputes. the registrant lost a number of its customers and was forced to abandon certain of its service offerings. Although most of the domains were eventually regained. he apparently used fakemail to submit the requests. After the president failed to properly perform his duties for six months. to get fully resolved. the registrant may have lost both money and customers. n58 Interview with Brenda Lazare. however. The registrar. it was only after lengthy struggles with the registrar. For other registrations in which he was not the administrative contact. the former president was able to obtain and control all of the electronic traffic and emails directed to the webjacked domain names. the problems were not fully resolved.LEXIS-NEXIS Tell Me More
registrar to investigate and resolve the issue. Once he captured the domain name registrations and rerouted them to servers under his control. For some of these changes. Although registrars may see the need to quickly assist with the resolution of webjackings.. the UDRP was first used to recover a domain name that was Webjacked after a fakemail request was sent to the registrar. or even longer. Although the domain name registrations had been updated to use encrypted passwords. the company terminated him in the Spring of 2000.htm (14 of 22)8/1/2006 2:28:53 AM
. n58 n57 Id. the former president attacked again. the former president somehow managed to get the registrars system to again change the name servers. Several months later. The registrar's customer service department was contacted. One of the authors has experienced first hand the frustrations that can be encountered when working with a busy registrar after a webjacking. The UDRP is a relatively quick and inexpensive way to resolve domain name disputes. Even after the domain registrations were returned to the company after a number of days. Consider Using the UDRP In addition to working directly with a registrar.
eResolution. the domain name was laundered by being transferred to a new registrar.com and the recently changed electronic address for the administrative contact. and (3) respondent's domain name has been registered and is being used in bad faith. Soon thereafter. Once the changes were made. The change request was refused -. The email also requested that the address of the name servers be altered. n60 n59 Agent Host Co. the registrar received a second email message. In addition. at http://www. because Mikkelson operated a business over the Internet with the domain name. Mikkelson). the return address was not a genuine address for anyone. Although the panelist failed to state that the complainant had trademark rights to the domain name. the registrar made the changes after approval was given by a follow-up email message.htm (15 of 22)8/1/2006 2:28:53 AM
.e. 2000.. Gerald Mikkelson. Believing the request to be authentic.htm. Second. an eResolution clerk notified the respondent by an email message sent to firstname.lastname@example.org%2010%20-%20Session%20Hijacking/WebJacking. Noting that a thief does not have good title to what he steals. n60 In fact. 2000). the panelist first determined that because respondent controls the identical domain name through which complainant previously performed business. This message appeared to originate from Mikkelson. Mikkelson was listed with the registrar as both the administrative and billing contact.probably because the email message's return address was not the same as the current administrative contact for the domain name (i. The panelist appointed to the case noted in his decision that to obtain relief under the UDRP. Mikkelson filed an online complaint through eResolution on August 24. Mikkelson discovered that his domain name had been webjacked. eResolution. registered the domain name HOST. confusion is certain.. it appears that he had indeed obtained common law trademark rights to the mark HOST. COM.. the complainant must prove three elements. (2) respondent has no right or legitimate interests with respect to the domain name. again appearing to originate from Mikkelson.. Some time later. the panelist checked respondent's actions against
file:///C|/Documents%20and%20Settings/mwood/Desktop. n61 n61 Agent Host Co.com/services/dnd/ decisions/0343. AF-0343. v. technical. AF-0343 (October 16. Id. an email message was sent to the registrar requesting that the administrative. nearly six years after Mikkelson first registered the domain name. doing business as Internet Host Corporation. Case No. 2000. The respondent did not respond to any of the notices. In analyzing the allegations before him. namely that (1) respondent's domain name is identical or confusingly similar to a trademark in which the complainant has rights. On May 24. the panelist searched for any legitimate interests by the respondent in the domain name. Host Dot Com Investments. and billing contacts be changed. Case No. the complaint and accompanying materials were sent via registered mail to the respondent in Canada. The message requested that the contacts and domain name servers be changed.LEXIS-NEXIS Tell Me More
case. Five days later.
Because complainant proved all three elements: (1) the domain name is identical.e." and pointing to how respondent gained the registration of the domain name from the complainant (i. Seek Expedited Relief in Court
file:///C|/Documents%20and%20Settings/mwood/Desktop. because the UDRP does not provide for expedited relief and relief is limited to the transfer of the domain name (no damages are allowed). or other federal agencies.htm (last modified Oct.odule%2010%20-%20Session%20Hijacking/WebJacking. and (3) the respondent acted in bad faith -. and federal agents from the Secret Service. K.COM transferred back to complainant. as with anything related to the Internet..the panelist ordered HOST.LEXIS-NEXIS Tell Me More
the indicia set forth in the UDRP regarding what demonstrates rights in a domain name. Third. 24. although there are now federal statutes criminalizing certain Internet activity." The Gazette (Montreal).org/udrp/ udrp-policy-24oct99. however.. however. Because the intent of the UDRP was not for this purpose. a victim of webjacking should also contact the authorities." ICANN. the fakemail messages).htm (16 of 22)8/1/2006 2:28:53 AM
. Campbell. the panelist determined that the respondent had registered the name and was using it in bad faith.icann.COM case. the registrant purportedly releases the registrar from liability. n64 authorities may be slow or reluctant to get involved. victims of webjacking may wish to rely on another option for faster relief and to recover damages. n63 K.. most of these factors relate to situations involving commercial competitors. "it would also be difficult to say a thief acts other than in bad faith. which may be the only real source from which to recover monetary damages. In addition. n62 "Uniform Domain Name Dispute Resolution Policy. such as the Computer Fraud and Abuse Act. Although the UDRP provides factors that indicate registration and bad faith use. police officers. 2000. FBI. With the HOST. Because this was not the case. the panelist was forced to look outside of the non-exclusive factors of the UDRP. 1999). (2) respondent had no legitimate interest in the domain name." n63 Thus. "Internet Domain Names Stolen: Businesses Are Crippled after Pirates Take over Their Web Site Address. n62 It is not known whether a court would enforce this release. Unable to find any indicia or explanation by respondent. June 2. webjacking is a new and unfamiliar territory for many attorneys. the panelist determined that respondent had no legitimate interest in the HOST. Stating. As one business consultant noted. "This is like the Wild West days. Work with Authorities For egregious cases. the panelist held that the respondent demonstrated the requisite bad faith. it is unknown whether subsequent panelists will allow webjacking cases to be resolved in this fashion. § 4(h) at http:// www. are discussed infra.COM domain name. by submitting a dispute through the UDRP. there is now precedent that the UDRP can be relied on to recover from a webjacking. Significantly. n64 Statutes.
§ 1961-68 (2000).. n70 n65 18 U. §§ 1051-72. * The Copyright Act. and * The Racketeer Influenced and Corrupt Organizations (RICO) Act. n69 * Fraud.LEXIS-NEXIS Tell Me More
When subjected to a webjacking.C. in addition to trying to rectify the situation with the registrar and the authorities.S. § 1125(d) (2000). §§ 2520. n66 * The Anti-Cybersquatting Consumer Protection Act.S.C. * Misappropriation of trade secrets.odule%2010%20-%20Session%20Hijacking/WebJacking. § 1030 (2000).C. including the following: * The Computer Fraud and Abuse Act. and (4) it may not be possible to identify the webjacker or obtain jurisdiction over him or her. (3) the webjacker may have no assets. n69 17 U. 1091-96. theft. n67 * The Federal Lanham/Trademark Act. n68 15 U.C. n66 18 U.S. * Tortious interference with contract and prospective business advantage.C. the registrant may immediately seek expedited injunctive relief or damages from a court.htm (17 of 22)8/1/2006 2:28:53 AM
. 2701.S. § 2511. (2) it can take a long time. or conversion. There are a number of federal statutes and common law causes of action that may provide relief. n70 18 U. n65 * The Electronic Communication Privacy Act. The disadvantages of suing a webjacker include: (1) it can be expensive.S.S.
file:///C|/Documents%20and%20Settings/mwood/Desktop. & 1111-29 (2000). n68 * Unfair competition. n67 15 U. & 2707 (2000).. § 101-1332 (2000).C.
Cal. initial decisions have been reluctant to find registrars liable for their actions in connection with domain name registrations. As one victim said. Although the case law is not well developed.. 49 U. or the defendant may have no assets.C. 1467 (C.2d 1463. Preventing a Webjacking It would take a large and influential group of Internet gurus to get a more secure protocol developed and approved to replace SMTP. For example." Computerworld. 2d 1147. n73 Similarly. n72 the Ninth Circuit likened the role of NSI to that of the US Postal Service and found that the registrar could not be held liable for contributory trademark infringement by reason of its registration of a third-party's service mark. 1998). Network Solutions.Q. you are presuming that in the morning the last thing you have to worry about is whether you own your domains. 1997). 45 U.2d 1567. C 98-20718JW. Cohen case. Oppendahl & Larson v. Colo. Network Solutions.S. a domain name owner may have state or federal protection.Q. "The fact is that if you pay [the registrar for your registration].com pursuant to a forged letter. § 1114(2)(D)(iii). v. therefore the registrar should be liable for damages resulting from its own negligent actions. Academy of Motion Picture Arts & Sciences v. 2000).P..S. the Trademark Act explicitly exempts registrars from liability absent a showing of bad faith intent to profit from such registration. Inc. Inc. Network Solutions. 1574 (N. 1999)." n71 n71 "Nike Web Hijacking Sparks Finger-Pointing: Company Trades Blame with NSI and Host.3d 980 (9th Cir.. at 21(1). n74 the court granted NSI summary judgment on a claim that it improperly transferred the domain sex. It would take a call center the size of a small town for a registrar to replace their automated procedures with personnel
file:///C|/Documents%20and%20Settings/mwood/Desktop. Supp. July 10. so that email messages would be more difficult to forge.htm (18 of 22)8/1/2006 2:28:53 AM
. Cal. 1998).P. Cal. some webjacked parties allege that the registrars do not always follow their standard operating procedures. Other courts have likewise been hesitant to find registrars liable. n75 n72 194 F. n74 No. 1164 (D. case. in the Kremen v. n73 15 U. Such a victim might consider an action against a registrar if the registrar was negligent in allowing the webjacking to occur. Seek Relief against Registrars? A damaged webjacking victim may not be able to identify or obtain jurisdiction over a defendant. Inc. If the registrant seeks trademark infringement damages. The court found. Network Solutions.D. that a domain name is not property subject to a conversion claim. May 30.S. 3 F. 2000. In the Lockheed Martin Corp. 2000 WL 708754 (N. Inc. n75 Beverly v.D.D..odule%2010%20-%20Session%20Hijacking/WebJacking.LEXIS-NEXIS Tell Me More
Thus. depending on the circumstances. among other things..
many registrars have a wholly inadequate authentication system.40." The Age. June 2.. Second. n79 Although digital signatures have been the promise of e-commerce for the past several years. In addition to passwords remaining confidential and difficult to be guessed. n77 Susan Pigg. Jenny Sinclair. To safeguard against an internal attack. (2) maintain security. registrants should find a registrar that uses good authentication measures. registrants should execute a four-fold plan: (1) use a good registrar. n78 Interview with Ross Rader. although the onus is on the registrant to follow the procedures. "More Web Sites Caught in Net Scam." n77 n76 The registrar Melbourne IT is marketing itself as a more secure registrar. registrants should ensure that the registrar is promptly notified to remove the contact person before that person leaves his or her employment. n79 Id. available at 2000 WL 21652726. This noble policy may be impractical due to the large number of transfers that occur in the world each day. Some webjackers are really former employees looking for revenge and disabling a company's Web site can be an easy target. digital signature technology has not become user friendly enough to be adopted by the general public.LEXIS-NEXIS Tell Me More
manually checking and approving each change or transfer request.odule%2010%20-%20Session%20Hijacking/WebJacking. (3) manage registrations and paperwork. Now that registrars offer multifile:///C|/Documents%20and%20Settings/mwood/Desktop. n76 Fortunately. To combat webjacking. if not hundreds. Securing Web sites from webjacking and other hazards is a full-time job. Today. 2000 (quoting Chris Anderson). stating that all domain name registration transfers will be first checked by a human.. although a low-tech alternative to PGP e-signatures. registrants should look for a registrar with good customer service capabilities. First. June 13. "Alarm on Hijackings.htm (19 of 22)8/1/2006 2:28:53 AM
. In addition to its authentication policies. a policy must be put in place to ensure that contact information is updated when the prior contact person leaves the company. registrants should be certain that they would be able to contact the registrar and receive quick assistance. n80 This is especially true now that many large corporations have dozens." The Toronto Star. supra n. If a problem does develop with the registration. In the 1990s. 2000. however. As one Ernst & Young expert said. and (4) educate their counsel and employees. because basically the sheriff can't. Another precaution that registrants can take to protect their rights is to manage their registrations and keep associated paperwork. many webjackings can be prevented without resorting to any of these costly measures. may provide adequate authentication and may counter many webjacking attempts. corporate registrants should draft and follow proper security measures. "The solution is look after yourself. of domain name registrations. A simple password system. businesses began creating the role of a CIO (Chief Information Officer). n78 Unfortunately. information management has been promoted as a critical task.
(Nov. Corporations should set up CIO or other formal positions charged with domain name management and security. n81 Press Release.com/press_partnersPR. a new service offered by SnapNames may be useful. in-house or law firm counsel.. because it is easier to prevent a webjacking than to recover from one.000 change requests each day." n81 As soon as a registration is altered (i. or technical contacts for registrants must be fully trained regarding the security issues in domain name registration. n83 Because webjackings account for such a small portion of their transactions. n82 Similarly. supra n. Wired News 3:00 a. and employees who will be the administrative. Part of the domain name management includes maintaining a paper copy of the registration activities. 15.e." (May 2000) at 30. SnapNames and Major Registrars Partner in New Domain protection Technology. employees who are the contacts must be fully aware of the importance of their roles. n82 Interview with Phil Sbarbaro. As part of the security program for a corporation. Registrars are surprised when multi-million dollar companies are unable to produce a paper copy of an email that shows their legitimate interests in a domain name registration. corporations will continue to acquire more domain name registrations. Lock Up Your Data. see also NSI's webjacking Epidemic. In addition. Tucows reports that its OpenSRS system handles over 2. 2000) (quoting Len Bayles) at www.odule%2010%20-%20Session%20Hijacking/WebJacking.LEXIS-NEXIS Tell Me More
lingual registrations. SnapNames. Such quick notifications may allow the registrant to recover from a webjacking before the registration changes propagate through the Internet. and because the registrars are hounded with other issues needing resolution. new policies to combat webjacking. Registrars' Actions to Combat Webjacking Statistically. webjackings do not occur very often. The alerts show what the domain name registration looked like prior to the change and after the change.htm (20 of 22)8/1/2006 2:28:53 AM
. as well as country level registration in nearly 200 countries outside of the United States.html. n80 5 "Material Handling Management. especially since domain names are so valuable to many corporations.000 change requests a day and has not yet experienced a webjacking. registrars have not issued any strong. SnapNames provides monitoring of domain name registrations "to reduce the impact of domain-related catastrophes. Although NSI processes around 30. billing. the name server or the contact information). it contends that there are only one or two webjackings (or similar problems) each month. although some registrars have made improvements to their policies.
file:///C|/Documents%20and%20Settings/mwood/Desktop. SnapNames' SnapBack system will send email alerts to three pre-designated people.48. The email notifications that are received when domain names are set up and copies of the requests for registrant data changes make a paper trail that can be offered as proof of registration ownership..snapnames. The Internet is becoming such a fundamental aspect of so many areas of everyday business that soon all attorneys will need to have more than a cursory understanding of webjacking and other Internet law issues. Fourth..
that is not to say that the registrars view webjacking as unimportant.. To maintain effectiveness. Although this is a lost customer for the new registrar. If there is no response to these inquiries. NSI hopes to diminish the potential for webjacking problems. As previously discussed. supra n. some registrars now cooperate with one another. n86 By educating counsel on the importance of security measures for the registrations. The second queue is for well-known domain names that might be very appealing for webjacking or other hijinks. unsuspecting.LEXIS-NEXIS Tell Me More
m. n85 n85 Id.40. allowing the webjacked registration to be returned to the original registrar. The majority of domain name registrations have been assigned to this queue. it allows the original registrar to return control over the domain name to the rightful owner. The queues are used for different types of domain names. the change request is not processed.nsol. Because a webjacking usually includes the transfer of a domain name registration to a new. One method that at least one registrar has set up is the use of a series of queues for handling change requests. the email addresses listed for the contacts are no longer valid addresses. Registrars are also reacting to webjackings by educating the public regarding how to avoid being a webjacking victim. which is for restricted transfers. Some of the registrars have also discussed how to more easily help a registrant recover from a webjacking. n86 See announcement online at http://www. n83 Interview with Ross Rader.40. (June 8.com or att. Transfers from the first queue are processed by the registrar's automated system. Registrars state that they do have certain checks that work to detect fraudulent change requests during message authentication.htm (21 of 22)8/1/2006 2:28:53 AM
. Outdated registrations often are so old that the contact information may not be accurate.com.com/news/. registrars view webjacking has an important customer service and public relations issue because registrars suffer from
file:///C|/Documents%20and%20Settings/mwood/Desktop. n84 The first queue is for open transfers. n84 Interview with Ross Rader. registrar. Although the registrars have not issued any major changes to prevent webjacking. When a change request is made for outdated registrations. have been placed into this second queue.. Often. 2000). at the very least. Outdated domain name registrations form the third queue. Some well-known domain names. details of most of these anti-fraud mechanisms are not disclosed. such as msn. Restricted transfers are processed manually to ensure that webjackings do not disturb such busy sites. including by phone or by regular mail. the registrar uses extra effort to communicate with the listed contacts. NSI's idNames division now offers a continuing legal education class (CLE) in domain name basics for attorneys. supra n.odule%2010%20-%20Session%20Hijacking/WebJacking.
" Wired News 3:00 a. In the end. n87 "NSI's webjacking Epidemic." Appendix B (Mar. Because only a handful of webjackings are reported yearly. consumers will be hesitant to place their trust in e-commerce.000 transfers daily.000 a week when its site was webjacked. As former President Bill Clinton stated.odule%2010%20-%20Session%20Hijacking/WebJacking. A Report of the President's Working Group on Unlawful Conduct on the Internet. The owner of the bali. n88 In addition. Conclusion NSI processes over 30. growth of the Internet economy cannot be fully reached. at http://www. Therefore.000 registration changes a day.usdoj. webjacking does not seem to be a big deal -.. As with lightening. 2000) at D3. 2000). the current system of registrars must make over 10 million changes a year. registrants are not the only victims who are damaged by webjacking. registrants toss aside concerns of being webjacked. While such concern remains. (June 9. (June 8.htm (22 of 22)8/1/2006 2:28:53 AM
. webjacking and similar Internet fraud problems must be addressed. While webjacking continues.000 changes each day. n89 "The Electronic Frontier: The Challenge of Unlawful Conduct Involving The Use of The Internet.until it happens to you." The London Free Press. n87 Tucows processes over 2. Many think that they are just as likely to be hit by lightening or to win the lottery as they are to have their domain name webjacked. Then webjacking becomes very serious and very expensive. Many believe that this authority rests instead with ICANN. registrars maintain that they are not the proper entity to issue major changes to prevent webjacking.m. If the remaining registrars process a total of 8.com domain name registration estimated it lost $ 100.gov/criminal/cybercrime/unlawful.LEXIS-NEXIS Tell Me More
bad press for every webjacked domain name registration that gets published in the news..htm
file:///C|/Documents%20and%20Settings/mwood/Desktop. 2000). however." n89 n88 "Hijacking Going High-Tech. "We must give consumers the same protection in our virtual mall they now get at the shopping mall.