
How to get a stolen domain back? - throwawayhelp
I run a medium-traffic website that generates about $200-$500 in advertisement revenue every day. Yesterday I came back from a two week vacation to find out that the advertiser code of AdSense was changed to a different account. Then I found out that the domains were transferred away from NameCheap to a Chinese registrar "22.cn". I assume right now this is because somebody found out my NameCheap password through a trojan.<p>Few questions to the HN community: Is there a procedure to retrieve stolen domains? Do I have any way to claim damages or press criminal charges? Is there a law firm that specializes in these kind of litigations?
======
kijin
Check the security of your e-mail account, immediately.

You're supposed to receive a bunch of e-mails when your domains are
transferred away. Did you receive them? Did you receive any other type of
notification from NameCheap? Domain thieves often begin by breaking into the
domain owner's e-mail account, so that they can intercept these messages. So
make sure that you're in full control of your e-mail account before doing
anything else. Double-check your NameCheap account and make sure that your
account, as well as all your domains (including those with WhoisGuard) have
the proper e-mail address attached to them. Change all the passwords. Change
the passwords on your backup e-mail, too. Otherwise the thief may be able to
get between you and NameCheap and confuse the hell out of both parties.

Also contact the receiving registrar (22.cn) and let them know that they just
received a stolen domain. Send a stern but polite notice to their abuse
department. They might or might not do anything about it, depending on how
reputable they are, but it's worth a shot.

~~~
throwawayhelp
Thank you, the email accounts were compromised and filters were set up to
delete any incoming emails from registrars so I never saw any notices.

Thank you very much for this tip

~~~
jrockway
This is why two-factor authentication is vital for email accounts. It's just
too easy to accidentally reuse your email password somewhere, and then things
like this can happen. With a second factor, someone would have to physically
steal your phone or OTP device to access your account, and that's a lot harder
for some hackers in China to do :)

~~~
kijin
> _accidentally reuse your email password somewhere_

That kind of thing never happens "accidentally", especially if you're smart
enough to use two-factor authentication.

By the way: [http://www.codinghorror.com/blog/2012/04/make-your-email-
hac...](http://www.codinghorror.com/blog/2012/04/make-your-email-hacker-
proof.html)

~~~
jrockway
It happens accidentally. I use different passwords for different services and
remember them (rather than store them in a database). Once in a while, I'll
type the wrong password into the wrong site. That's game over; the account
that _actually_ used that password is now compromised.

~~~
pasbesoin
This is an important point: Type in the _wrong_ password, and you've
potentially given away the account that that password belongs to.

And, other things being equal, the more visible your "presence", including the
account that the password belongs to, the greater the risk of compromise.

Did you type that wrong password into a dodgy site? Did you type it into a
site that does not use https? While on a relatively more unsecure connection?

Even if you trust the ethics of the site, how do they log, and are those logs
secure?

Paranoia: Stimulant of the chronic surfer. ;-)

------
tommi
Let me google that for you "namecheap domain stolen". First hit: "Someone has
stolen my name and fraudulently transferred my domain name to another
registrar; can you help me to get it back?"

[http://www.namecheap.com/support/knowledgebase/article.aspx/...](http://www.namecheap.com/support/knowledgebase/article.aspx/277/8/someone-
has-stolen-my-name-and-fraudulently-transferred-my-domain-name-to-another-
registrar-can-you-help-me-to-get-it-back)

------
rawrly
There are two main concerns here:

1) How the malicious party gained access to your account(s) in order to
approve the transfer. This is typically caused by an email address compromise
and something you will deal with directly with the email provider (be sure to
request logs of recent access to your email account ASAP, this will help
later). Also, change your account password on this account immediately and
scan your local machine for malware.

2) The more pressing issue for you though is retrieval of your domain. Luckily
ICANN has a very specific process on how to handle this, and it's mainly up to
your registrar to handle for you. So contacting your registrar is in more
cases all you need to do (remember, this isn't a basic support inquiry though,
so you may need to wait for the fraud/abuse staff, depending on the
registrar.)

You can review the specific process the registrar should be following here:
<http://www.icann.org/en/help/dndr/tdrp> it's the official 'transfer dispute
resolution policy'. I have handled these at the registrar level and 95% of the
time it goes smoothly as long as the facts are laid out for all parties.
Information such as the IP who accessed your email account at the time of the
reg. transfer is one of the key pieces of evidence you can provide your
registrar to make the transfer dispute go faster, however your registrar is
likely (obligated under due diligence) to have their own records of the
transferrers IP who approved the request.

I wish you the best of luck, I can't really help out specifically with your
case but if you have any questions about the TDRP procedure feel free to ask.

P.S. "Step 3" would be to address any losses, if you want to seek this option
out you will need to lawyer up as any damages claimed would have to be
recovered in a civil dispute (this is presuming you are presiding under US
law/courts)

~~~
throwawayhelp
Can I press criminal charges as well?

Thanks for the information. I contacted the registrars... This is a nightmare
for me.

~~~
wpietri
You are probably fucked in that regard. Unless the miscreant happens to be in
the same state as you, local cops aren't interested. And the FBI won't look at
anything that doesn't have at least $10k in demonstrable damages. At least
that's how it went when I tried to deal with a loon who was DOSing a friend's
side project.

~~~
gojomo
It should be easy to establish that a site that generates $200-$500 in ad
revenue per day is worth more than $10K.

------
frankydp
If Google handles your email as well, you should really consider 2step auth.

[http://googleblog.blogspot.com/2011/02/advanced-sign-in-
secu...](http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-
your.html)

~~~
vertis
I just implemented 2 factor authentication for google, and so far I'm quite
happy with it. It's really nice knowing what applications can access your
account.

~~~
throwawayhelp
I implemented it as well, thanks

------
troels
You need to contact NameCheap. There is a window where they can reverse the
transfer, if you can persuade them.

~~~
throwawayhelp
I did already... it's been 2 hours and haven't heard back from the fraud
center

~~~
vaksel
you really need to set your expectations lower...give it at least 24 hours to
hear back from them

~~~
Dave_Zan
Well not set expectations lower, but rather more realistic.

Sorry to read what happened to you, throwawayhelp. As one who's worked with
similar cases in my ex-registrar life, unfortunately I'll tell you right now
these things do take time.

As mentioned earlier, give it about 24 hours. While we all want things
immediately or done right away, things aren't always as simple as we want to
believe.

As long as you contacted NameCheap right away and gave as much information as
possible, they'll at least take action. Good luck, and keep folks here posted
when you can.

------
meanguy
I look forward to hearing how NameCheap and Google handle this. Followup
please? Good luck.

~~~
vaksel
why should Google get involved? seems like an overreach.

~~~
pathdependent
If I read it correctly, the thief is now using his own AdSense Account.
Consequently, Google is paying a thief, albeit unintentionally. I suspect
Google might be persuaded to respond, but I wouldn't take that route right
away. It has only been two hours since the registrar was contacted and it is
their responsibility first. Google "customer service" is notoriously bad. If
the domain theft is resolved, I could see you ending up in a position where
Google somehow closes your account, thinking you were the thief.

------
GeorgeKaplan
These guys help: <http://domaintheft.org/>

~~~
throwawayhelp
thanks, looking at it now.

------
ohashi
I recommend contacting a lawyer who specializes in domains: Stevan Lieberman
(www.aplegal.com) John Berryhill (johnberryhill.com) Ari Golderberger
(esqwire.com)

Those are 3 of the best. Your options are contact NameCheap and see what they
can do. Also filing a UDRP works sometimes. But see what else a lawyer who
specializes in this can do.

------
yurek
i think the problem can be more complicated ... you should check security of
your computer/email. Becase in my opinion atacker must have access at least to
your email . Without it stole domain is almost impossible ...

Regards

------
sparknlaunch12
Contract Google. They need to avoid paying cash to an account that appears to
have hijacked your domAin. Surely a breach of adsense terms and conditions?

------
declancostello
IF you haven't already, change passwords and check your accounts for filters
that would send change of password emails to the hijacker.

------
GoofyGewber
Try contacting NameCheep.

------
RollAHardSix
Contact the FBI.

~~~
throwawayhelp
I want to, should I? What should I doing with this?

~~~
RollAHardSix
You mentioned being hit by a trojan. I'd recommend starting there and letting
them know about that. Then mention how your business's domain-name was stolen
because of the security hole. Once they realize a business is being effected;
hopefully that will get you a little more than ok thanks, here's your number.
We'll call you.

I'm not saying this is an easy fix; but it IS Cyber-crime. I'd also consider
talking with a lawyer if you can pony up the money.

And (not at you) ROFL down-voted for suggesting contacting the FBI. That's ok,
keep paying taxes and not getting your money's worth. Government is there to
help; they make a mess of things but they are better then a-LOT of the
alternatives in other countries.

