ALERT: Identity Theft Hits NameJet & Dr. Chris Hartnett & It Can Happen To You
This is some pretty scary stuff.
REALLY SCARY stuff and its happening to domainers
Identity theft, impersonation, and if one victim is correct, there is a thief among us, someone with a lot of knowledge about the domain industry, how the business works, who the players are.
Dr. Chris Hartnett is here to warn you.
Dr. Chris Hartnett, is no ordinary domainer.
Dr. Chris is a member of the Domain Hall Of Fame, and was the subject of A Cover Story by Ron Jackson’s DnJournal.com back in June 2008.
This week he was the victim of identity theft at NameJet.com.
Here the REALLY scary part:
Dr. Chris says It hasn’t been the first time.
He thinks he was targeted because he is in the domain business.
and he is warning it could happen to you.
Lets review what we know.
On the morning of September 30th I got three separate emails from three separate people that watch the NameJet.com auctions all letting me know that several domains had been put back into auction due to a non payment with the bidder ID: bidder9999, which these domainers associated with Dr. Chris.
The domains effected included Solars.com which “sold” for $6,100 on September 21, TradeWire.com which “sold” for $4,600 and W3W.com which sold for $3,200 on September 23rd.
These weren’t the only domains “won” by that bidder ID, but these totaled almost $15K in bids alone.
The emails I received from the concerned domainers all suggested the same thing.
Dr. Chris “used to have money” what happened to him that he can’t pay for his auctions.
In the business world about all you have is your reputation so I immediately wrote to Dr. Chris and the GM of NameJet.
Here’s the bottom line
Someone set up an account at NameJet.com in Chris Hartnett’s name, furnishing NameJet.com with a North Carolina’s drivers license, with Dr. Chris’s home address but with a different picture.
This person then put in stolen credit card numbers into Namejet.com system to pay for his purchases.
Some of the purchases went through, and the domains we transferred to the fake Dr. Chris Harnett account so that the whois of these domains now reflect the owner to be “Hartnett, Chris”.
Other domains won by auction under this bidder id were not paid for, some where over the credit card limit of $5K set by NameJet.com, like Solars.com.
Namejet.com has had a policy since its inception that any auction ending in $5K or more had to be paid by wire transfer.
Other NameJet.com bidders were pushed up by the bids placed by fake Chris bidding account in some cases by increasing their bids by thousands of dollars.
At this point Namejet.com recognizes that the fake Chris account is just that, a fake account set up with fake Id and stolen credit cards.
NameJet.com will be commenting on this story later sometime today and I will let them figure out how they are going to handle the effected bidders.
Back to the REALLY scary part:
This is not an isolated instance.
This is one of several identity fraud situations Dr. Chris has faced over the last few months, including the loss of a few of his domains (still unretrieved).
In Dr. Chris own words, he details what has happened to him:
“So far over the last 6 months they have hacked into several registrar accounts where my domains are kept.”
“The hacker put a Key Logger on one of my computers that watched every word I typed.”
“Then he got into all my email accounts (5) and changed the forward to his hotmail email address and when I was in one of the accounts just as they were changing the email forward address they knew then that I was on to them.”
“So within minutes I received an email stating that they “owned me” knew where I lived and they had control of my life. They said if I wanted them to leave me alone I had to transfer these 3 major domain names I own to them within 24 hours.”
“I was in Vancouver at the time and the head of security at a major registrar told me I couldn’t get back into my account because I wasn’t Chris Hartnett. He said that he had talked to Chris Hartnett a number of times over the last few weeks and I wasn’t him. He said he had a photo copy of Chris Hartnett’s North Carolina drivers license in hand. I said, “really” how old is Chris Hartnett? He said, “37″. I told him I was 56 at the time and asked him for his email address and I took a picture of my drivers license and my passport and emailed it to him with another picture of me while I was on the phone.”
“I told him to Google me and see if I am 37 or 56 and gave him my hotel phone number in Vancouver to call me back through the switch board. He called back and apologized and put a hold on my entire account and 15K domains.”
“There were 380 of my best domains scheduled to be transferred out within the next few days. I lost 3 domains in the process, the rest were saved. By the time I figured what was gone, all three were flipped and purchased at auction or sold privately for pennies on the dollar within days.”
“The hacker sent me an email calling me “a stupid asshole” for not checking my accounts in over three weeks. He probably had a point but I wouldn’t have put it that way.”
“I had a old employee of mine who could hack into anything on earth spend the next three days getting my life back for me. He told me that this crook was very very good and he had also loaded three, not one but three Key Loggers on my computer and he knew every word that I typed, probably for months.”
“This crook is obviously a domainer because he is all over our space.”
“Last week a got a letter from a guy who wanted a domain name I owned. It turned out I didn’t own it but the domain was using my whois info with a different email address but my home address here at heavenly mountain.”
“These guys are slick.”
“Let’s say they somehow get a key logger onto one of your computers. (very easy to do.) They quietly watch what you are doing.”
They see you log into one of your domain accounts by watching every keystoke you make over a few weeks. ”
Now they can hack into your domain account when you aren’t looking. Quietly over a few weeks or months they go into your account and they look at all your domains.”
They pick some good ones but not great ones that you wouldn’t instantly miss and steal some of the good ones.”
They transfer those name out quietly and they change the email forwarding address on your account long enough so that they get the transfer notice and not you. They then switch the forwarding email back to you as soon as the notice comes from your registrar saying that you have transferred out a name or changed the email address or something like that. Now they have got your name and you may not notice that it is even missing from the account. (which is what happened to me)”
“They change the whois info on your stolen name to my name and address (Chris Hartnett’s) and open an auction account, put up a valid yet stolen credit card on that new account and they start auctioning off names for a few hours or days. Eventually they sell something and take the money and run.”
“This guy probably figures that he can’t get cash or gems or gold on the internet but if he targets a domainer and gets control of his accounts, he can transfer out domains, put them up for quick auction, get the cash out that way.”
He also is using my name when he wants to auction off an important domain because he figures it is believable that I would own such a name.”
“A few weeks ago John Mauriello from SnapNames/Moniker called meto see why I hadn’t paid an invoice for $35,000.
“For what I asked?”
“He said because I had sold the domain, Prince.com privately but I signed a 90 day exclusive with Moniker and the domain was in the August Showcase auction.”
“I told him I never owned that domain name.”
“This person put the domain up for auction using my name”
“John apologized for the mistake”
“Bottom-line. There is a very very very smart thief amongst us and we should all beware.”
Thanks to Dr. Chris for bravely telling his story.
As domainers we are particular in danger of identity theft.
We have a LOT more at stake than most people, assets that are protected only by log in access to registrars accounts and those other companies in the domain space.
So we have someone or a group of people who are pretty brazen.
Fake Id’s
Stolen credit cards
and I have been told by mulitple parties he has no problem getting on the phone to assert that he is the person he is pretending to be.
Scary
Be careful out there.
Loading ...
Brian: “Locking” your domains does nothing more than denying an incoming transfer request from an outside registrar. It does absolutely nothing to secure you from something like this. In this case, the person in question had infiltrated the domainers accounts and could lock, unlock, transfer or delete and and all domains at will. If you own 7000 domains and don’t know this, well, that’s exactly the sort of thing I’m talking about…
Michael: Yes, I know that, which is why I said: “The only way to track this back to the responsible party is to get this into court, ASAP, and start petitioning for orders to obtain the relevant financial information, regarding where the money eventually went.”
You have a lot more faith in cops than I do… However, it might not be a bad idea to circle the wagons, talk to people who have been down this road before and see if there aren’t any sympathetic ears in Federal Law Enforcement Agencies who understand the issue and are willing to look at it, rather than just kicking the can down the road because it addresses something they don’t ‘get’. Instead of going to cops and navigating the web of cluelessness, a tactical phone call or two to agents who are known to understand the issue from the outset might get the ball rolling on the enforcement end. If not, then civil action, court and emergency petitions.
@Way, Way Anon
You missed the entire point – unlike Name.com – who already as a result of my entry on this blog – has told me they are working on a similar feature as eNom.
For the seriousness of this matter I will state it a different way….
Here is what you missed by example – Tomorrow hypotherically if I run the locking feature at enom and end up with a number other than ZERO as far as domains that were locked (or relocked) – this means someone has hacked into my account and unlocked domains without my permission at which time I can change passwords and call eNom to freeze all transactions – certainly the hacker would know the new password via keylogging unless I used a different PC – but at this point he account would be under manual monitoring and supervision. This uses the locking feature in a different capacity only someone using eNom would understand.
@Way, Way Anon
Tru Dat ! … Law enforcement needs to stop focusing too much on donut consumption and get more tech savvy, concerned and motivated on such “contemporary issues”.
Way, Way
“You have a lot more faith in cops than I do”
No I don’t expect them to do shit./
However I recognize the law enforcement is the only ones who can get orders to make banks and other financial institutions reveal who the beneficial owners of accounts are.
You can bring a private suit but against who and if you don’t know the party your suing has a interest in a specific account your not going to be able to get much info
I use Fabulous.com as my Registrar and they offer probably the best security that is available ,including questions and answers that you can set plus a special security key and on top of that you can use executive lock that requires special actions such as phone calls, faxes or whatever you wish to ask for. In short it is 99.99% secure.
I just bought SpyReveal and it found two illegally back door installed keyloggers from SpectorSoft and Net Spy – which claim to fame is it is easy to install remotely.
Back door because they do not show up in the add/remove programs nor the applications, processes or services from the Task Manager.
Is buying a mac really going to stop this kind of stuff – no doubt I enjoy naked farm animals wearing pantyhose and 6 inch heels – but something tells me that is not how these keyloggers arrived on my box.
@ Brian Wick
99% of trojans and viruses are built for PC.
And someone trying to get an app via internet or email installed on Mac OS X is difficult – Apple think differently, in especially about security!
And no I don’t work for Apple – but I used to
Thanks HUW
Something to consider doing is using a separate laptop exclusively for your domain activities, and in particular, for logging into your domain email addresses and registrar accounts. If you simply reformat the hard drive every one to two months (I do so monthly) and change all your log-in passwords periodically right after a reformat, that should prevent the problem, for the most part. With only the necessary software on that laptop for domain activities, it should be pretty easy to reformat and reinstall the software. I think we are all accustomed to using one laptop or computer for everything and the more everything (especially email and sensitive files – like lists of all our domains) is on one computer, the more at risk we are and the more reluctant we are to reformat the hard drive. Regardless, simply using a software program that inputs all your passwords automatically (after they are provided/typed in once, for which using a fresh computer to do so would be a good idea!) would probably be sufficient for a lot of people without having to use separate computers and/or reformatting.
@Meredith: What happens if you get infected a week after a fresh reinstall? Then you’ll be running for a couple months with a false sense of security.
A better way would be simply to keep a single system and run a VM image of Windows. Then if there’s a problem it only takes a few minutes to rollback instead of wasting all that time reinstalling. VMWare Workstation is extremely easy to use.
Finally, if you’re going to have a laptop solely for security-sensitive tasks, why not do it right and avoid Microsoft altogether? Either buy a Mac or simply install a free OS like Ubuntu or Fedora on the laptop and it’ll run for years without reinstalls or virus worries.
I just received by USB security key from Fabulous and thus now should be even more secure than before . The Security key contains a unique and encrypted key that needs to be entered (by inserting usb stick) before any actions (that you choose) such as transfer, changing email, pushes etc etc. Good idea I think and dont see any other registrar doing that ,yet.
“Faris”
I dont mean to sound like an advert, I am NOT I am a customer of Fabulous for number of years, but this article explains what I have said in earlier posts;
http://fabulous.com/informationcenter/index.htm?formdataqid=1324
“Faris”
One other thing that may well be of interest that I discovered recently is a program that was offered free by my UK Bank called “Trusteer Rapport” ,which
blocks keyloggers and several other things. Quite useful program.
http://www.trusteer.com/product/trusteer-rapport
This is whyI recommend using an identity theft protection service like Lifelock. http://www.lifelock.com/landing/real/safe . They are currently offering 10% off if you use promo code SAFEID1. Hope this helps.
I ‘m also a contracted representative of LifeLock, so if you have any questions about their identity theft protection services, let me know.
Yeah, I don’t know about that. There’s plenty of press that Lifelock isn’t all it’s cracked up to be. Here’s an example:
http://www.wired.com/threatlevel/2010/03/lifelock-accused-of-running-con-operation/