WARNING: Google’s Gmail security failure leaves my business sabotaged

Gmail hacked

What would you do if someone stole something valuable and personal from you? What if, at the same time, they targeted your business and crippled your income? What if you also discovered that this happened due to a Google security infection that can affect any Gmail user?

That’s what has happened to me, and I’ll tell you all I know about the web pirates who are threatening my livelihood, and how to check Gmail to ensure it can’t happen to you.

And so it began

On November 20th 2007 I left the UK to spend a month in India. I’d planned the break for about a year, and was looking forward to taking my girlfriend on our first foreign trip together. Before leaving, I published a post to say I’d be away for a while, and that my blog would be a quiet place in my absence.

All my clients were informed, bills paid, loose ends tied-up, and off I went for a new adventure.

I arrived in Mumbai on November 21st, and on the journey from the airport to the Colaba district, was punched in the face through the window of my taxi, but that’s another story.

Mumbai India

I’d not be checking email much during the next month — only to let family know I was okay. This was a break from work, from computers.

Everything was fine for a few weeks until December 15th, days before I was to return to the UK. I was in a Goa cafe and read some worrying emails from friends. My website had disappeared and my domain name (www.davidairey.com) was redirecting to a site I’d never heard of — bebu.net.

I was confused, anxious, what happened? I hadn’t received notification of my domain name expiry, and I never divulge any passwords. The only explanation for me was that somehow the domain name had expired without receipt of notice, and that a poacher had snapped it up before I got a chance to renew.

My website had been attracting more than 2,000 unique daily visits. Not a massive amount, but for a one-man business, 700,000+ annual visitors can generate a decent amount of new clients.

So I ran a WHOIS check on davidairey.com, hoping to find an email address for the new owner. The search yielded this email address: DAVIDAIREY.COM@domainsbyproxy.com and here’s the email I sent:

“Hello, please can I purchase my old domain name from you. It seems it expired without my knowledge. www.davidairey.com. Kind regards, David”

I found it hard to believe that I’d let my domain name expire, but thought it a good idea to send an email nonetheless.

On the very same day, I received a reply. It came from one supposed Peyam Irvani, telling me the following:

“Hello, please send me your high offer! Regards”

By this stage I’d had some back and forth email discussions with close friends, wondering what exactly could have happened. I also contacted my web host, ICDSoft, asking for help. They originally sold me the domain name. Shouldn’t they have informed me?

This is when I found a disturbing ticket in my web host support panel. It was supposedly from me, addressed to ICDSoft’s support team, and was created on November 20th, the exact date of my departure from the UK. It read:

Subject: Davidairey.com Transfer

“Hello, I want to transfer davidairey.com to another registrar please unlock it and send me the EPP transfer code. Kind regards, David”

Within just one minute (ICDSoft’s support team are very fast) the following response had been supplied:

“Hello, we unlocked your domain name as requested. Here is its EPP code: Domain name: davidairey.com – Auth/EPP key: 6835892AE0087D66. Best Regards, Support”

I immediately typed a reply asking what I could do to resolve the situation. Here’s what the support team said:

“Unfortunately, the domain name has been transferred successfully, and it cannot be reverted. The current registrar may be able to give you more information. The original ticket message was sent from this IP address: 207.36.162.100. The person who posted it must have had access to your email, too, because transfers have to be approved by the administrative contact in order to be successful.”

What? Not only did the hacker gain access to my web host control panel, but they also squirmed their way into my email account? This is when I began to get very worried. I kept a lot of personal emails behind my username and password, and this was a real invasion of privacy. For a few minutes I sat in the net café and didn’t know what to think.

I emailed GoDaddy where my domain had been illegally transferred to, and asked them to prevent any further transfers. I wanted the domain in one place while I investigated. GoDaddy said:

“Unfortunately if a transfer request is made and completed we will not be able to prevent this unless we receive the notice from a court or arbitration forum… I apologize for any inconvenience this may cause.”

Okay, so GoDaddy can’t help until the matter is taken to court.

This process ran over a few days of my holiday, as GoDaddy took over 48 hours to respond. At this point, on December 19th (four days after my first email to the thief ‘Peyam’), I thought I’d reply:

“Hello Peyam, well, congrats on your hack. I’d love to know how you did it.

“Before this moves through the courts, in order to settle the dispute, I don’t suppose you’d be so kind to give me my domain back? It’d really save me a lot of hassle, but if that’s what it takes, so be it.”

I saw no point in being aggressive.

Again, that same day, I received a response:

“:)) Im sorry to say but its not possible to have it or it take about 1 month if you try hard to have it again :)) and you lose your visitor ….hahaha
“You can purchase it for 650 $ And we will use escrow sevices ;) that will done in less than 2 days!”

Now my domain name was being held to ransom and I was being taunted. What I had spent more than a year building into a sound marketing plan had been severed at the knees.

I’m not the type to give money to a criminal, so I didn’t reply, and focused on stopping the hacker from stealing any more of my property.

How was I being hacked?

After some research I found this exposé into Google’s Gmail deficiencies: Google Gmail E-mail Hijack Technique

It details the exact Gmail hijack that I have just found applied to my account (right while writing this post).

Here’s an excerpt:

“The victim visits a page while being logged into Gmail. Upon execution, the page performs a multipart/form-data POST to one of the Gmail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forwards them to an email of their choice. This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.”

And here’s a three step illustration of just how this threat works (click each image for a larger version):

Gmail security threat

Gmail security threat

Gmail security threat

Images courtesy of GNUCITIZEN

I took a look at the “filter” option in my own Gmail settings, and it turns out that you can easily set incoming emails containing specific words to be forwarded automatically. For example, if you want any emails containing the word password to be sent to another address, no problem. It also appears that the filter can delete the email from your Gmail inbox as soon as it has been forwarded, so you’d be none the wiser if a hacker was playing havoc with your incoming mail.

IMPORTANT: If you use Gmail, it’s absolutely vital that you check your account settings now.

Here’s what to do:

When logged into Gmail, click on the “settings” tab in the upper right of the screen. Then check both the “filters” and the “forwarding and POP” sections. This is what I only just found in my filters tab:

The following filters are applied to all incoming mail:

“Matches: transfer-approval.com
“Do this: Forward to ba_marame_pooli@yahoo.com, Skip Inbox, Delete it

“Matches: from:(transfer-approval.com)
“Do this: Forward to ba_marame_pooli@yahoo.com, Skip Inbox, Delete it”

I have absolutely no idea who’s email address that is, but it seems to me that some of my personal emails were bypassing my inbox entirely, instead being forwarded to the yahoo.com address.

It appears that the Gmail security issue is fixed (link removed due to expired domain — 09 April 2010), but that won’t remove any previously installed filters from your Gmail account.

What do I know about the thief?

I have the Gmail address, pay.irv@gmail.com, and what’s perhaps a fictitious name, Peyam Irvani.

There’s also the Yahoo email address, ba_marame_pooli@yahoo.com, where my emails were being forwarded to through the malicious filter.

ICDSoft gave me the IP address from where the fraudulent support ticket originated (207.36.162.100), and it’s possible to search for it’s physical location using an online IP address locator. I gave that a shot, and according to IP Global Positioning, the IP is in the United States — Fort Lauderdale, Florida, to be precise, and the Internet Service Provider is Cybergate INC (based in Mississippi, USA).

I’m not sure how much this information can help me, if at all, but I thought it might be useful.

Then, a little unexpectedly, I received a third email from ‘Peyam’ on December 21st, saying:

“Helli David, we can use escrow and you can have your domain name again :)
Only for 250 $ !
Do you want it ?!
Its special christmas offer ! haha
I like to see you have that domain name again :) “

I don’t care if it costs $0.02. I won’t give money to a criminal.

You might be wondering what I did to resurrect my website from oblivion. You’re reading this post after all. Before the theft, I had both davidairey.com and davidairey.co.uk, with the .co.uk permanently redirecting to the .com (I felt it would make more business sense to use the .com as my main address due to its ease of memorability.

I’m now using www.davidairey.co.uk domain as my main address. What does this mean? It means that all my organic search results are reset to zero. Whereas once I was on the first page of search results for graphic designer, I’m now nowhere to be found.

It also means that the detail on my business cards is incorrect, and my email addresses too. So quite an expense, but I’d rather fight in the courts than give a penny to the person responsible.

Help with domain name disputes

This is the stage I’m at, weighing up options before it comes to paying legal fees. This is also where I’m calling on your valued help. I know that many of you are much more clued up on this than I am, and if you can spare some advice in the comments here I’d be very appreciative.

In my emails with GoDaddy (the company where my .com domain name is now registered), a representative said:

“Should we receive notice of a pending dispute from a court or arbitration forum, we will lock the domain name so it cannot be transferred or have the registrant information modified. Likewise, when we receive a decision from the legal body, we will update the domain name accordingly.”

They then directed me to the WIPO website (World Intellectual Property Organization, domain.disputes@wipo.int) where there’s a section for domain name dispute resolution resources, including the following:

It seems I have to pay a minimum of $1,500 for the pleasure of initiating a court case. All fees are listed here.

It’s not clear how long the process lasts.

What should I do?

From what I understand, the only option is to proceed with legal action (again, I’m not paying the thief one penny).

  • Do you know any different?
  • Do I have a good case to proceed with?
  • Is there any other information available online about the pirate who is blackmailing me?

If you can provide any of these answers, it would mean a lot.

Thank you

Thank you so much to those of you who kindly emailed me at the start of this situation: Vivien, Ben, Tammy, Armen, Dawud, Ed and Jamie. I know that more of you tried, but that I didn’t receive your emails because my accounts no longer existed.

Thank you also, to everyone who is lending their support in the comments of my previous blog post, David Airey.com hacked. Many of you have also published my news on your own blogs, and this really lifts my spirits, showing just how great the people in the blog world are:

Here’s a snippet of your kind help:

It’s fantastic that you’d go to this effort. If there’s anything I can do in return, do let me know.

Update: 27 December 2007
My domain name has been returned, and you can read how here.

← Older post

Newer post →

614 Comments

  1. Morals aside, its business sense. why don’t you buy the domain name at 600 USD or 250 USD or any other bargain you could strike. At least you’ll been back on the search page for graphic designer. Getting that with the UK will be mean much more than 600 USD or 250 USD.

    You may then take an expert opinion on how to initiate legal proceedings since this might take time.

    Matt Cutts helped you earlier. How about asking him?

  2. Wow. This is amazing on so many levels. How can somebody steal your domain from under your nose? Scary.

    I would pay the guy and get my domain back, you will lose far more in terms of SEO value. If you don’t buy the domain somebody else will.

  3. Tech, Patrick,

    Is it really business sense to pay the hacker? To allow yourself to be blackmailed is inviting other thieves to do the same.

    “If he did it, why don’t I give it a try?”

    Don’t you think so?

  4. Hope it works out for you :(

  5. Seems like this guy chose the wrong blogger to pick on. You deserve a lot of credit for sticking to your principles here, and I hope everything works out for you.

    One other thing is that FeedBurner really saved your bacon here. Because your feed URL is on their domain, you won’t lose a single reader. It’s a shame about the search engines, but at least you know that the community you have built up isn’t going anywhere! :)

  6. Thanks for helping me out with that post, Chris.

    Michael, I appreciate you saying. This could make a great promotional story for the FeedBurner, as you’re right — if I wasn’t using the service, it’d take some time to inform everyone who previously subscribed.

  7. I think if I were in your shoes I would start by finding a lawyer that will simply write a letter to Cybergate detailing your story and the evidence you have and see if you can get any real evidence on him. Maybe you can incriminate him into giving up ;)

  8. a truly chilling tale, i hate to say it but there are a lot of people who are learning from your misfortune. your efforts aren’t in vain.

    keep your chin up!

  9. Heya David,

    So sorry for all that you’ve had to experience. One thing I am sure of is that things have a way of coming back around. This hacker will get what he deserves. Well, my blog is new, but I’ve added you to my blogroll. I know it’s not much, but maybe the reciprecal link can help. Despite everything, I wish you’re able to enjoy the Holidays. Be safe.

    ~N

  10. Cody, thanks for the Cybergate suggestion. It’s certainly a possibility.

    Jamie, I was hoping this would help others cover their backs. I’d hate to see the same thing happen to anyone else, and your support is much appreciated.

    Natasha, that’s very kind of you. Thanks! Best of luck with your own blogging efforts.

  11. David,

    First of all thanks for all the thought-provoking info on your situation.

    Second, have you thought about just abandoning the .com address? I know you’ve worked so hard to build it up with respect to SEO etc, but a .co.uk address is not such a bad thing is it? I know in Canada that there are plenty of very large sites that use the .ca address and not .com. The .com address doesn’t have the cachet it may have once had. Would new customers necessarily assume it was YourName.com? All of your present and former clients could easily be informed of the mishap and advised accordingly anyway. The only problem is that the .com spam site remains. If only there were some way to get rid of that.

    Another option might be to buy a different domain name entirely (not YourName.com .co.uk .biz.. etc.) and start anew. Build a new brand. Sometimes starting with a clean slate and more experience can pay off in other ways.

    Tough call to make any smart decision here. I do agree with your stance on not paying the crook. It’s not like he’s going to have a lot of other takers on that offer anyway. It is tough just to know its out there though. Would be nice if there was a way to shut him down that wasn’t a costly legal avenue.

    I’m thinking of Mel Gibson’s press conference where he basically tells the hostage takers to take a flying leap. Send this guy an email and colourfully let him know he’s off your radar. hehe.

    Good luck David.

  12. Richard,

    Abandoning the .com address is one option. Like you point out, there’s always the fact that it’s still out there, but it’s reasonable to assume I could get it terminated?

    At present, my domain could be a lot worse, and I’m relatively happy with davidairey.co.uk.

    Also, I had time to think things through when on holiday, and set about my plan of action for a new logo design-specific website. I’ve mentioned it before on this blog, but didn’t take many steps to put it into action. Now I have a sketched plan of the site components, with plenty of ideas for content, so it’s just a matter of sitting down and starting afresh.

    You know, I think Mel Gibson crossed my mind at one point too! Thanks for your take on the matter.

    Shaun,

    That’s great of you to add me to your distinguished blogroll. Thanks very much for your generosity.

  13. Shaun Anderson

    An absolute disgrace.

    I’ll drop you a few links to this site until it is resolved. Added you to my blogroll for the mo.

  14. Good luck with your hunt – you are definitely taking the right approach by not ‘buying’ your domain back off this guy. There is the chance this technique has already worked for him, by some sucker falling for it, and now he’s trying it again, and may be again and again . . .

    Stay with it.

    If the word spreads, perhaps no one will buy the domain if it comes on the market and he will have a (to him) useless domain on his hands . . . .

  15. Possibly try and find out when the .com is to expire and see if the guy has forgotten about it, and try to re-register it then?

  16. I’ve changed my link and written you a little note on my blog. Much sympathies, and my two cents on the matter – if you can find the actual live human who hacked, sue. I may not be entirely American, but I’ve picked up on the litigiousness of the culture… certainly if you can afford the legal fees, go for it. At the very least, go for a consultation. I think in order to get anything, you have to show that you’ve incurred quantifiable damages – reprinting cards, time, and especially loss of present and/or future clients.

  17. Hi David,

    Thanks for sharing your experience and warning people around.

    Here’s what I thought, what if you try and hire some hackers to hack your site back? %-/

    Like, fight fire with fire?

    But again, there’s a good lesson to learn: community is the power; even when you disappear from search results, it is your social ties that won’t let you get lost on the web…

    I’m really sorry about your mishap, and wish you to still enjoy your holidays!

    Cheers,

    Tina

  18. Hey David,

    I’m sorry to know that you’re going through these troubles. Just a few weeks(?) ago, BittBox got defaced. This is insane.

    I just hope that you’re able to track the cracker. The IP and email addresses are hardly going to help ’cause most of the time, these evil types use IP encapsulation and such other methods to confuse webmasters. Did you contact the Gmail support? Maybe they can collect more details about the person who did this? I read the article posted by pdp back in September and have been alert since then.

    Good luck!

  19. David,

    I really feel for you…

    If you decide to ditch the .com site and just stick with .co.uk, you might be able to get some sites to change their links to point to your .co.uk site (so you get to keep a little of the link love).

    I had a look around and found a WordPress plugin called Search and Replace WordPress Plugin, which offers search and replace across all posts on a site, including content, comments, comment author. I haven’t tested it, but in theory it could search for davidairey.com and replace it with davidairey.co.uk.

    The negatives: a) it was last updated in Jan 2006, so we’d need to check if it works on WordPress 2.3; b) it’s only for WordPress (but you have a lot of fans out there using WordPress, who may be willing to run this for you); c) people would be changing the DB directly with no way to undo it, so it’s a little risky (backup needed first!).

    Anyway, I hope it doesn’t come to that and you can get the .com domain back. Best of luck!

  20. What an absolute little weasel this guy is! Ugh! It’s terrible! Thank you so much, David – for sharing all of this with us, so that we can warn others! I’m so sorry this happened to you!

  21. David,

    Glad you agree with my stance on the purchase. People like this need to realise that we won’t be help to ransom.

    Scott,

    I think the domain was due to expire in 2009, so I’ve a while yet, but it’s a good suggestion all the same.

    Renata,

    Thanks very much for posting about my situation, and for your suggestions on what to do next. I appreciate the time you’ve taken.

    Hi Tina,

    You’re very welcome. I felt it appropriate to warn my readers of this, as it could easily happen to one of them. Fighting fire with fire is a thought, but I don’t know any hackers. Probably a good thing too, as if they’re all like this one I don’t value their morals.

    Where would we be without friends? A colleague of mine said that earlier, and it’s so fitting.

    Have a great holiday too!

    Avinash,

    I’d missed the Bittbox defacing what with being abroad. Was it something similar? I get your point about the IP and email address. I didn’t think they’d help but wanted to document everything I know in one post. Perhaps this post will be of use in any future legal proceedings.

    I haven’t contacted GMail support, but will do so now. Cheers buddy.

    Stephen,

    Thanks for your thoughts, and for the ‘search and replace’ suggestion. Sounds like it’s a risky one, and I’d not expect anyone to test it on my behalf. Still, it’s a nice thought, and I appreciate your well-wishes.

    Lisa,

    Glad to write something of use for you, and I notice you commented on Wendy’s blog too. She’s a great person eh?

  22. The site is parked on sedo, so they should know who collect the money generated by the web site, i think contacting sedo will help to track the hacker. Also the domain registrar will be able to tell how register the domain. I think ICAAN have some rules that need all domain owners should have proper address in their WHOIS database.

  23. David, how about sending another email to the hacker and tell him where you stand at, that you won’t pay him a penny, because you don’t pay criminals, that he, however, has a choice:
    either return you the domain on his own good will, and you’ll forgive him and close the case,
    or you’ll proceed with the court and will get your domain back anyway.
    Let him realize that he won’t get a better deal out of it – nobody will buy your domain (if you don’t pay this guy, why should you pay other criminals), so what is going to do with that domain? it will just sit there, until you’ll get it back via court.

    GOOD LUCK!!!!! Thanks for keeping us up to date, for all the useful info – keep us posted.

  24. Yujin,

    I’ll get in touch with sedo now. Perhaps they’ll help find the perpetrator, and I appreciate your suggestion.

    As for the registrar, GoDaddy, they won’t help until the court case has been opened.

    Vivien,

    I’ll do that too (send another email to the hacker). That’s a good idea, and won’t do any harm to try one last time.

  25. David Male

    Isn’t there evidence of a prima facia case of blackmail here?

    Why shouldn’t the police investigate it as a crime, rather than you having to instigate civil proceedings at your own expense?

    [Trust me – I’m not a lawyer]

  26. First, I have to say hackers suck.

    Now that that’s out of my blood, the second thing I want to say is that I am not surprised one bit you tracked back through a city in Florida. I don’t know what it is about that state, but every time I investigate a spammer it leads to or through that state.

    Of course the main reason this guy did this is financial. Aside from the ransom he’s trying to extort from you, there’s sufficient traffic to make some money on a parking page. If Sedo won’t help you shut the guy down, kill his account by setting up a simple macro to spam click the ads. His account will be banned and lose all money.

    One last thing, I updated the links on my site I had pointing to the dot com domain.

    Oh, did I mention I really hate hackers? I mean, really, really hate them?

    Keep us updated, I am very keen on hearing how this issue is resolved. You might consider a donation fund to pay for legal expenses, I’m sure the blogging community would pitch in a dollar to fight the good fight.

    Cheers!
    Skunky

  27. Good luck with the hunt david. Really sorry to hear about it.

  28. David,

    No, BittBox was compromised ’cause of a WordPress plugin. I myself checked his blog feed after two months ’cause of staying busy doing other works. And just a few hours later, I read your message @ my MyBlogLog profile.

    Back in October, even my blog faced a serious attack. Fortunately I was able to control the situation. Anyway, I wish you get your domain back soon ’cause I’ve seen you working hard to promote your blog.

    Take care, sir!
    — Avi

  29. Damn right don’t pay the tool a penny – who’s to say that after you send the cash, he won’t ask for more money?

    Although it rankles, for now letting the .com go may be the best option, and pick it back up again when he abandons it (as he will).

    It wasn’t until this that I’ve realised I wasn’t subscribed to your feedburner feed, I was still on ..com/feed. Changed it now ;-)

  30. David, kudos to you for standing by your principles. Fact of the matter is, the domain name is worth zilch without YOU behind it. So, in a way, you are correct, it is not worth the while to pay money to get it back. At the same time, paying opens a whole new can of worms. You should see some of the really weird domain names in China. Nevertheless, they garner huge followings and have a lot of revenues.

    Guess what I am trying to say is – David Airey is still David Airey whether it is a .com, a .co.uk or a dot-whatever. We all know where to find you. :)

  31. Just a thought…
    Have you contacted the poice department in Ft. Lauderdale? Maybe they would be interested in pursuing this as a criminal as opposed to civil crime and that way it would not cost you anything. You may at least get the satisfaction of rattling his cage. I would think that since he broke into your account to get the domain that it is a little more criminal than domain squatting.

    good luck!

  32. I wouldn’t pay the scum bag a penny!

    Have you contacted Sedo who are selling the domain, or did I miss something?

    I’ll have my boss take read over your post to see what he thinks.

    Jamie

  33. I always felt a little old school-ish for not using Gmail as much, no regrets now. One thing to note though, when you use less than a complete URI, your RSS/Atom feeds might not be able to provide a click through to the correct URI since the mail URL will be missing (I might be wrong, but do check).

    I hope you get this damn thing figured out and kick the hackers a*$^. Happy Holidays David!

    -Sunny

  34. I agree with not paying the hacker. If more people took this stance this type of action wouldn’t be so profitable and enticing.

    This is an excellent post on the problems you had and what you are doing. Getting this type of information out to the community will only help keep the community informed.

    Hope this is all revolved quickly and with minimal problems.

  35. David – thanks for keeping us all informed with what happened so we can all learn from it.

    I’m gutted for you, and the guy that did it – who may well be reading this – is a class A w@nker!

    I think you should settle on the fact that he’s done you – but take comfort in that davidairey.com is worth nothing to anyone other than you. In my opinion it’s not worth the legal fees and this con artist isn’t going to hold on to what is to him a worthless domain.

    What has made your blog so successful is the quality of your writing and your attitude, and no one can take that from you – so keep at it and even if you’re now stuck with .co.uk – it won’t matter to any of us.

    Have a good Christmas mate!

    Aaron

  36. I love how this crook sent you a second email with a lower price. He knows that if you don’t buy it, no one will.

    I wouldn’t tell him anything. Let’s see how many times he lowers the price!

  37. Oh and by the way, Sunny is right. The images for this post don’t show up on Bloglines.

  38. That really sucks. I hope you get your site back.

  39. Just buy some garbage traffic for cheap from china or whatever and get his sedo account banned.

    http://www.google.com/search?hl=en&q=banned+from+sedo

    http://www.sedo.com/about/policy.php?page=terms_e&tracked=&partnerid=&language=e

  40. Ow, David. I feel for you. First, the Google penalty (but at least you got your SERP back) and now this.

    Even *if* you lose your .com, at least you got this out in the community, creating a buzz to rebuild and we will follow *you*. Without the man behind the blog, the .com site is a shell. Your .com site is “too hot” to unload now.

    I have a good feeling that this will come out right for you again.

    Good luck.

  41. Man….I’m a big web entrepreneur and the thought of having my website stolen scares the living daylights out of me!
    I really appreciate this post.
    Regards,
    K

  42. There are two kinds of hackers–criminals like the person who stole your domain, and “Ethical Hackers”, who don’t break the law. The suggestion that you hire a hacker to take your domain name back by force is very bad advice–if you did that you would become a criminal too. And since the hacker you hired would be doing illegal things, it would not be wise to trust that person.

    I applaud your decisions to take the moral high road, refusing to pay ransom money, and also refusing to strike back by illegal means. It is often frustrating to be ethical and use the slow, imperfect legal system, but illegal shortcuts just make more trouble in the long run.

  43. I haven’t read all the comments but it seems to me you should buy your name back and pursue the creep. Do both.

  44. Don’t pay them a dime !
    Hope You get it back !

    Some how !!!!!!!!

    Good Luck
    Um07
    Merry Xmas

  45. Heya,

    I just stumbled upon this story and am intrigued by your plight. On the one hand, I think it’s admirable that you are sticking to your principles, but on the other, it’s foolish business sense for someone who earns a living through your website.

    Some of the suggestions that I have seen such as building the profile of the .co.uk domain are possible. But they can be time-consuming and expensive. I’m not quite sure what your target market is, but if you’re trying to appeal to global audience then having a .com domain is crucial (in fact, there’s little harm in snapping up other TLD’s too).

    Over the holiday period, it will be difficult to have this matter resolved in a prompt and satisfactory manner through legal channels. I think the best action for you is to email the hacker with a new offer of something around $100 with the threat of legal action if they don’t comply. I’m assuming the hacker will want a quick resolution without legal action. Hopefully the $100 will be sufficient enough to entice them to transfer it back to you.

    If you think that the process of getting them to transfer the domain to you through legal/diplomatic means will cost more than the £60 it might cost you to pay him off, then you are making a poor business decision.

    As I first said, your principals are admirable, but principles are meaningless to someone who’s losing money by the hour!

    I wish you the best of luck in getting your domain back and I hope it goes smoothly. I’ll help your cause by stumbling and checking back regularly.

    Thanks,
    Adam

  46. Dave,

    I was shocked to hear this when I got an email from you while this was happening, and I’m sorry you have to go through all of this.

    I do hope you get your domain back, and I agree with you on not paying this bastard a dime!

    As a hosting/domain company, I think domains should offer more protection than just an EEP authorization key, something like a personal question should be asked, similar to how banks ask you like three questions:

    -What is your mother’s maiden name?
    -What city were you born in?
    -What was your first car?

    Even custom questions that you make up. Those questions should be asked before a domain could be moved out (along with the EPP key), and maybe it could be an extra fee one pays per year with their domain, because I would surely use it and no doubt others would too.

    I can’t blame ICDSoft though, they got a support ticket and sent out the email. But as a host, I’m seriously considering adding some sort of feature that would let us ask a variety of “personal” questions to safeguard a domain in case someone did gain access to your email, because you would have to know that person pretty well to answer questions like that.

    The compromise level rests on the host now, as only they would have the questions/answers on their end (it wouldn’t be something you would store in an email, just as you wouldn’t store the answer to something you know very well, like your birthday or mom’s maiden name). Keep it internal, off the public network, encrypted, etc., just as credit card information is treated.

    Again, sorry to hear about all this, I couldn’t offer much help when we were emailing back and forth because that is, unfortunately, the nature of domains.

    Best of luck to you with this issue, I know you’ll get your domain back eventually :)

    Have a Happy Holidays and a very safe New Years!

    -Kyle

  47. Find out how the RIAA takes people to court for stealing music. They seem to know how to sue people, starting with only an IP address. And once you win your case and find out who he really is, then file a civil suit to get compensation for your legal expenses, emotional distress, and of course, your financial losses due to the site being down. This jerk’s arrogance makes me sick. I hope you pursue this to the end and catch him. I guess it could be a her =) I’m sure if you setup a paypal link for donations, you’d get plenty of help for your legal fees.

  48. John said, “There are two kinds of hackers”

    Actually, there is only one type of hacker; a hacker is a person who digs into something out of curiosity and to learn about it.

    There are, however, two types of CRACKERS, ethical crackers (aka, white-hat crackers) and criminal crackers (aka, black-hat crackers). Minor distinction, but it makes a lot of difference (though in the eyes of the media and most people, hacking /is/ cracking… *le sigh*)

    Anyway, I set up a little macro to clicking every link 100 times every 5 seconds (just about the most my connection could bear). I think the macro got through about 3-4 minutes before the davidairey.com site stopped responding. I probably just got blocked, but if it does come back up, I’ll start the macro up again to try and FUBAR the person’s chance at making any money off the site.

    I hate crackers just as much as the next person; they give hackers (real hackers, people who just want to tinker and learn) a very, very bad name.

    I hope you get your .com site back, and I hope the thief in question gets reamed for it.

  49. People like that are scum and give all hackers a bad name, but try contacting CYBERGATE his isp. They may be able to give you information. Take him to court he has to pay all expenses as restitution and since u got those email from him for blackmail and a confession linked to his ip address he has no case. Good Luck hope it works out for ya!!

  50. Hello my friend. Cristmas tomorrow and i give you only 24 hours, we use escrow and all i want is 200 even tho i no it is worth more. get in touch my friend :)

Leave a Reply