This is some pretty scary stuff.
REALLY SCARY stuff and its happening to domainers
Identity theft, impersonation, and if one victim is correct, there is a thief among us, someone with a lot of knowledge about the domain industry, how the business works, who the players are.
Dr. Chris Hartnett is here to warn you.
Dr. Chris Hartnett, is no ordinary domainer.
Dr. Chris is a member of the Domain Hall Of Fame, and was the subject of A Cover Story by Ron Jackson’s DnJournal.com back in June 2008.
This week he was the victim of identity theft at NameJet.com.
Here the REALLY scary part:
Dr. Chris says It hasn’t been the first time.
He thinks he was targeted because he is in the domain business.
and he is warning it could happen to you.
Lets review what we know.
On the morning of September 30th I got three separate emails from three separate people that watch the NameJet.com auctions all letting me know that several domains had been put back into auction due to a non payment with the bidder ID: bidder9999, which these domainers associated with Dr. Chris.
The domains effected included Solars.com which “sold” for $6,100 on September 21, TradeWire.com which “sold” for $4,600 and W3W.com which sold for $3,200 on September 23rd.
These weren’t the only domains “won” by that bidder ID, but these totaled almost $15K in bids alone.
The emails I received from the concerned domainers all suggested the same thing.
Dr. Chris “used to have money” what happened to him that he can’t pay for his auctions.
In the business world about all you have is your reputation so I immediately wrote to Dr. Chris and the GM of NameJet.
Here’s the bottom line
Someone set up an account at NameJet.com in Chris Hartnett’s name, furnishing NameJet.com with a North Carolina’s drivers license, with Dr. Chris’s home address but with a different picture.
This person then put in stolen credit card numbers into Namejet.com system to pay for his purchases.
Some of the purchases went through, and the domains we transferred to the fake Dr. Chris Harnett account so that the whois of these domains now reflect the owner to be “Hartnett, Chris”.
Other domains won by auction under this bidder id were not paid for, some where over the credit card limit of $5K set by NameJet.com, like Solars.com.
Namejet.com has had a policy since its inception that any auction ending in $5K or more had to be paid by wire transfer.
Other NameJet.com bidders were pushed up by the bids placed by fake Chris bidding account in some cases by increasing their bids by thousands of dollars.
At this point Namejet.com recognizes that the fake Chris account is just that, a fake account set up with fake Id and stolen credit cards.
NameJet.com will be commenting on this story later sometime today and I will let them figure out how they are going to handle the effected bidders.
Back to the REALLY scary part:
This is not an isolated instance.
This is one of several identity fraud situations Dr. Chris has faced over the last few months, including the loss of a few of his domains (still unretrieved).
In Dr. Chris own words, he details what has happened to him:
“So far over the last 6 months they have hacked into several registrar accounts where my domains are kept.”
“The hacker put a Key Logger on one of my computers that watched every word I typed.”
“Then he got into all my email accounts (5) and changed the forward to his hotmail email address and when I was in one of the accounts just as they were changing the email forward address they knew then that I was on to them.”
“So within minutes I received an email stating that they “owned me” knew where I lived and they had control of my life. They said if I wanted them to leave me alone I had to transfer these 3 major domain names I own to them within 24 hours.”
“I was in Vancouver at the time and the head of security at a major registrar told me I couldn’t get back into my account because I wasn’t Chris Hartnett. He said that he had talked to Chris Hartnett a number of times over the last few weeks and I wasn’t him. He said he had a photo copy of Chris Hartnett’s North Carolina drivers license in hand. I said, “really” how old is Chris Hartnett? He said, “37”. I told him I was 56 at the time and asked him for his email address and I took a picture of my drivers license and my passport and emailed it to him with another picture of me while I was on the phone.”
“I told him to Google me and see if I am 37 or 56 and gave him my hotel phone number in Vancouver to call me back through the switch board. He called back and apologized and put a hold on my entire account and 15K domains.”
“There were 380 of my best domains scheduled to be transferred out within the next few days. I lost 3 domains in the process, the rest were saved. By the time I figured what was gone, all three were flipped and purchased at auction or sold privately for pennies on the dollar within days.”
“The hacker sent me an email calling me “a stupid asshole” for not checking my accounts in over three weeks. He probably had a point but I wouldn’t have put it that way.”
“I had a old employee of mine who could hack into anything on earth spend the next three days getting my life back for me. He told me that this crook was very very good and he had also loaded three, not one but three Key Loggers on my computer and he knew every word that I typed, probably for months.”
“This crook is obviously a domainer because he is all over our space.”
“Last week a got a letter from a guy who wanted a domain name I owned. It turned out I didn’t own it but the domain was using my whois info with a different email address but my home address here at heavenly mountain.”
“These guys are slick.”
“Let’s say they somehow get a key logger onto one of your computers. (very easy to do.) They quietly watch what you are doing.”
They see you log into one of your domain accounts by watching every keystoke you make over a few weeks. ”
Now they can hack into your domain account when you aren’t looking. Quietly over a few weeks or months they go into your account and they look at all your domains.”
They pick some good ones but not great ones that you wouldn’t instantly miss and steal some of the good ones.”
They transfer those name out quietly and they change the email forwarding address on your account long enough so that they get the transfer notice and not you. They then switch the forwarding email back to you as soon as the notice comes from your registrar saying that you have transferred out a name or changed the email address or something like that. Now they have got your name and you may not notice that it is even missing from the account. (which is what happened to me)”
“They change the whois info on your stolen name to my name and address (Chris Hartnett’s) and open an auction account, put up a valid yet stolen credit card on that new account and they start auctioning off names for a few hours or days. Eventually they sell something and take the money and run.”
“This guy probably figures that he can’t get cash or gems or gold on the internet but if he targets a domainer and gets control of his accounts, he can transfer out domains, put them up for quick auction, get the cash out that way.”
He also is using my name when he wants to auction off an important domain because he figures it is believable that I would own such a name.”
“A few weeks ago John Mauriello from SnapNames/Moniker called meto see why I hadn’t paid an invoice for $35,000.
“For what I asked?”
“He said because I had sold the domain, Prince.com privately but I signed a 90 day exclusive with Moniker and the domain was in the August Showcase auction.”
“I told him I never owned that domain name.”
“This person put the domain up for auction using my name”
“John apologized for the mistake”
“Bottom-line. There is a very very very smart thief amongst us and we should all beware.”
Thanks to Dr. Chris for bravely telling his story.
As domainers we are particular in danger of identity theft.
We have a LOT more at stake than most people, assets that are protected only by log in access to registrars accounts and those other companies in the domain space.
So we have someone or a group of people who are pretty brazen.
Stolen credit cards
and I have been told by mulitple parties he has no problem getting on the phone to assert that he is the person he is pretending to be.
Be careful out there.