Home
News
E-mail Newsletters
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Print Subscriptions


Ads by TechWords

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Angela Gunn's picture
Angela Gunn

Pushing Buttons

More posts | Read bio

December 26, 2007 - 4:45 P.M.

David Airey won't back down

3 comments

Rule #1 of security: The bad guys, alas, don't take vacations. But David Airey is not a bad guy; he's a designer. So David Airey took a vacation, and while he was out his davidairey.com domain got taken by a hijacker who compromised his Gmail account, spoofed his registrar, and redirected the whole thing to a holding site, where he's now attempting to stick up Airey for ransom.

Yes, lovely behavior, and if Santa hadn't already disbursed this year's lumps of coal, he'd doubtless have one for ICDSoft, Airey's erstwhile Web host, whose security controls on domain registrations were apparently designed by Teletubbies; GoDaddy, the hijacker's registrar, which won't talk to Airey without notice from a cort or arbitration forum; Cybergate, the hijacker's apparent Net provider; the state of Florida, which (as one of Airey's voluminous comments points out) does seem to be either a transit point or the home base of an awful lot of these scumbags; WIPO, (the World Intellectual Property Organization), that useless-to-the-little-guy international body that wants $1500 before they'll pay attention to Airey's situation; and Google, whose filter vuln made the whole sorry mess possible.

Airey's currently weighing his options with advice from some of the folks contributing to the comment thread linked above. There's one class of commenter, though, to whom I'd give... well, if not a lump of coal at least a little soot. A disturbing number of folks are pressing Airey to pay the hijacker the fee he demands "so [Airey] can get on with his life." I understand the desire to do just that, but I'd suggest that just as Airey's getting a ton of support from the Net's more upright citizens, he's in a position to take a stand here against cheap playground bullies and thugs. Airey's actually in the power seat on this one -- he's got the .uk domain linked above to use, and the old domain isn't likely to earn the hijacker much from anyone but Airey. These hijackers thrive only because people pay them. If Airey continues to say no, that's one less playground bully trolling the Web for your lunch money. Send Airey a note of thanks, won't you?

 

What People Are Saying

Add new comment
Rate this
Rated +1
551 Votes

ICDSoft

Submitted by Valentin Dankin on December 30, 2007 - 4:01 A.M.

As ICDSoft is involved in the situation, we would like to give more details about its part in it.

ICDSoft is a hosting company that also provides domain registration services. We register the domains for our customers at a parent registrar - Enom.com, but we handle all details in regards to domain properties, domain management access, locking/unlocking, etc.

On 20-Nov-2007 we have received a request, posted from the support panel of Mr. Airey, to unlock the domain and to provide the EPP domain transfer authorization code. The access to the panel requires an administrative password, which should be known only by the account owner. We granted the request, as we had no reason to believe that someone else would have the password for the administrative panel. The "situation" is the same at all registrars - if someone has the password for the domain panel, they can lock/unlock domains, get EPP domain transfer authorization codes, change domain details, etc.
ICANN's Policy on Transfer of Registrations between Registrars does not allow more complicated security mechanisms (such as additional "secret" questions, ID verifications etc) for providing our customers with the EPP codes for the domains they own. This policy is established because many companies would misuse the "security" and their goal would be to prevent customers from transferring domains away from them. This is certainly not the case with us, and we do not make any attempts to prevent customers from managing their own domains. We disagree that ICDSoft has done anything incorrect that helped the attacker. It appears that he had access to the emails sent to the administrative address for the domain, which allowed him to approve the transfer (this is the additional security feature allowed by ICANN).

As soon as we were aware of the hijacking, we did everything we could on our end to assist our client with the problem he was experiencing. All queries David Airey had were responded by our support team in minutes.
We contacted GoDaddy, but received an answer that the request should come only from an accredited registrar.
We contacted our parent registrar - Enom. They assigned a transfer dispute manager, who started an "inter-registrar" investigation. Depending on its outcome, Enom would have started a transfer dispute at ICANN. Luckily, at this point Mr. Airey got his domain back.
Also, we did everything possible on our end to keep the blog up and running under a different domain name. Thus the problem attracted the attention of a high number of people, which helped to resolve the problem.
We are happy that the bloggers community itself has the power to help people and to narrow down the abuse in Internet.

Reply | Report this comment
Rate this
Rated +22
528 Votes

David Airey seems to understand the problem with Danegeld

Submitted by mfheadcase on December 28, 2007 - 12:57 P.M.

And i thank him for it. Refusing to pay an extortionist makes it less likely that the punk will try it on someone else.

He demands you give him money, give him the finger instead... or perhaps a better option, take a couple of his.

Reply | Report this comment
Rate this
Rated -41
593 Votes

David Airey's Hijacking

Submitted by Jim Airey on December 27, 2007 - 3:49 P.M.

I'm David's dad and want to thank you and everyone who has helped him to win his battle. I'm proud of all of you!

Reply | Report this comment

Related Posts

Global News Update: Thursday, September 4, 2008
The real reason Google is making Chrome
G-Archiver steals your passwords (and CUBOCC)
Storing medical records online with Google

Today's Top Stories

Feds considering changes to H-1B application process in wake of report
The Grill: Privacy is a thing of the past, says private investigator
Exploit code loose for six-month-old Windows bug
Report: World Bank servers breached repeatedly
With market meltdown, which tech firms become predator or prey?
Apple asks judge to make iPhone lawsuit moot
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.