Domaining Guide

Domain hijacking

Home | Up

Domain hijacking is the process by which internet domain names are stolen from the rightful registrant.

Many people confuse domain hijacking with the reregistration of an expired domain by a new party. One is a legal process and one is not. Domain hijacking is theft, while if a name owner does not renew a name he or she is no longer the owner and it is available for someone else to register.

Domain theft

Domain theft is an aggressive form of domain hijacking that usually involves an illegal act. In most cases, identity theft is used to trick the domain registrar into allowing the hijacker to change the registration information to steal control of a domain from the legitimate owner.

Some registrars are quick to set things right when these cases are discovered. However, it is well documented that some registrars will admit no fault in accepting the forged credentials and will refuse to correct the record until forced by legal action. In many of these cases, justice is not done and the hijacker retains control of the domain. The victims of such theft often do not have the resources or willingness to invest the effort necessary to regain control of their domain, which may require a lawsuit or a lengthy and time-consuming arbitration process, especially if the hijacker and victim are in different countries. Hackers that have hijacked a domain can do anything with that name, including putting up their own website or redirecting those who visit the address to another site.

Prevention

Extensible Provisioning Protocol is used for many TLD registries, and uses an authorization code issued exclusively to the domain registrant as a security measure to prevent unauthorized transfers.

Some attorneys serve as webmasters to ensure the safety of their clients' domains, but a cheaper option is a pre-pay domain recovery plan like the one offered by TROANN, the title registry of ownership for domain names. Domain theft can not be completely avoided because the human factor (disgruntled employees/webmaster and hackers) will always exist, but the risk is much smaller and the recovery process is much faster and easier if you take proactive steps, like having a domain title certificate as proof of ownership. Arbitration and litigation are available avenues for domain recovery and, under the right facts, attorneys fees and costs can be recovered.

References

• Domain name hijacking: Incidents, threats, risks, and remedial action. A report from the ICANN Security and Stability Advisory Committee (SSAC) 12 July 2005

See also

• Cybersquatting
• Domain tasting, also known as domain kiting

Examples of cases in which a domain was hijacked:

• sex.com
  4chan

Home | Up | Domain name speculation | Name generator | Domain parking | Domain hack | Typosquatting | Domain sniping | Domain hijacking | Cybersquatting | Uniform Domain-Name Dispute-Resolution Policy | List of most popular given names

Domaining Guide, made by MultiMedia | Websites for sale

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.