Domain Manage

Nominet account theft

Discussion in 'Domain Name Scams' started by boogle, Mar 29, 2011.

Thread Status:
Not open for further replies.
  1. boogle

    boogle Member

    Joined:
    Mar 2011
    Posts:
    6
    Likes Received:
    0
    Hello everyone,

    I’ve recently had an unsettling experience with Nominet that makes me question the safety of my UK domains. I don’t want to go too deep with specifics because this investigation is still on-going. Anyway, I own about 40 UK domains, all them being 1 and 2 word domains, and a few days ago I couldn’t login to my Nominet account – after several unsuccessful login attempts I decided to change my password using the “Access Your Account” section of Nominet. After waiting 24 hours and still no reply I decided to check my account with my registrar and that’s when I noticed one of my UK domains had vanished from my account. To cut a long story short, someone had changed the email address associated with my Nominet account and reset the password to gain access. Then transferred one of my domains into a separate Nominet account, re-tagged it and then transferred it again into their own Nominet account. I could have lost all of my UK domains but I got Nominet to lock the account before anything else could be re-tagged.

    What I wanted to know more than anything was “how did they manage to reset the email address associated with the Nominet account?” Nominet said it was done by my registrar!? But I thought registrars couldn’t alter the details on a Nominet account but apparently, according to Nominet, they can change anything accept the whois details (ownership info).

    Anyhow, my question is this; “Can a registrar change the admin email associated with a Nominet account?” If so, how without permission from myself?

    I now know the person responsible for all this and I want to prosecute. Just to clarify, they’ve fraudulently gained access to my account which has all my person details listed, then change my details to their own, transfer one domain out of the account and pay the £10 transfer charge, then leave my account in limbo. Who knows what else they would have done if I didn’t get Nominet to lock it down. I had to write a letter to Nominet explaining the situation before they released my account back to me, which they did today, but I will have to wait while Monday before I get the stolen domain back.

    My main goal is to find out how this happened, how this can be prevented from happening again and to sue the hell out of the thieving git who stole my domains.

    Any advice would be greatly appreciated, especially with the suing part. Do I contact the cyber division of the police!?

    Thanks for reading.
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
     
  3. wb United Kingdom

    wb Well-Known Member

    Joined:
    Mar 2009
    Posts:
    2,072
    Likes Received:
    34
    Yes, they can. My guess is that someone has either contacted the registrar pretending to be you, or has gained access to the account you hold with your registrar and updated the admin email themselves.

    It has never happened to me, but I would assume as it's theft and therefore a criminal offence you would be able to report it to the police. With regards to civil law, best you take legal advice to find out what exactly you would be able to seek damages for.

    Most important thing is to keep full evidence and as much documentation you can get as proof for when it's needed.

    If you are concerned about security you could always apply for your own registrar 'tag' which would allow you further control over your domains.
     
  4. rob

    rob Founding Member

    Joined:
    Jan 2005
    Posts:
    5,953
    Likes Received:
    68
    Who was the tagholder?
     
  5. boogle

    boogle Member

    Joined:
    Mar 2011
    Posts:
    6
    Likes Received:
    0
    Thanks for the quick replies.

    They definitely didn’t gain access to my registrar account – I’d know if they did because it logs all IP addresses that login to the account. They could have contacted the registrar pretending to be me, that’s certainly plausible.

    I was hoping there would be a division of police that specialised with online crimes – I have a feeling the regular police won’t take it seriously.

    Thanks for the info on applying for my own tag, didn’t know that was possible, I’ll look into it.
     
  6. boogle

    boogle Member

    Joined:
    Mar 2011
    Posts:
    6
    Likes Received:
    0
    The tag holder was KEY-SYSTEMS-DE, I use Moniker. The domain that was stolen is now tagged with ENOM.
     
  7. anthony United Kingdom

    anthony Well-Known Member

    Joined:
    Dec 2006
    Posts:
    1,713
    Likes Received:
    27
    Can't help highlighting that a tag shouldn't be necessary if a system is secure enough.
     
  8. boogle

    boogle Member

    Joined:
    Mar 2011
    Posts:
    6
    Likes Received:
    0
    Just what I was thinking.

    But who’s security? The registrar, Moniker, or Nominet?
     
  9. wb United Kingdom

    wb Well-Known Member

    Joined:
    Mar 2009
    Posts:
    2,072
    Likes Received:
    34
    Very true and I completely agree, however having a tag reduces a variable in the security of domains (i.e. external registrars).
     
  10. invincible

    invincible Well-Known Member

    Joined:
    Feb 2005
    Posts:
    3,983
    Likes Received:
    73
    Unfortunately it's not one system with just Nominet and the Registrant in the loop. There are Registrar's involved who can[/U ]change the email address associated with an account. So that's a potential weak link in the chain, if they are persuaded to make changes to a Registrant account frauduently. From reading through what the original poster has stated, what didn't happen was a change of Registrant. One very good thing about.uk is in this kind of situation, one call to Nominet and everything will be locked and can be easily undone. That's not possible in gTLDs because Registrants never deal with the Registry.
     
    Last edited: Mar 29, 2011
  11. boogle

    boogle Member

    Joined:
    Mar 2011
    Posts:
    6
    Likes Received:
    0


    The registrant was changed on the one domain that was illegally transferred out of my Nominet account. All the other domains where locked down quickly. The only reason I was easily able to get Nominet to transfer the stolen domain was because they could see the blatantly obtuse way it was stolen.
     
Thread Status:
Not open for further replies.

Share This Page