Today's Guest: Bjorn K. Andersen
Today's Host: Damien Allen
February 2008
Listen to this Show
Publish this Show on Your Website
Show Sponsor www.traverselegal.com
Domain Name Stolen
Bjorn K. Andersen Transcript Page
Bjorn K. Andersen Expert PageANNOUNCER: This program is sponsored by Traverse Legal, PLC, a high tech law firm providing international representation in business, technology, intellectual property, and complex litigation matters. You can contact Traverse Legal through its website at www.traverselegal.com. Welcome to the VTAlk Radio Tech Spotlight with your host, Damien Allen.
DAMIEN: Good afternoon and welcome to the VTalk Radio's Tech Spotlight. My name is Damien Allen and today via phone from Denmark we have Mr. Bjorn K. Andersen. Bjorn is the leader and owner of Direction.com a communications management, advisement, and training corporation. Bjorn was also the communications advisor to the counsel for IT Security under the Danish Ministry of Science and just recently Bjorn had his domain name stolen. Good afternoon and welcome to the program, Bjorn.
BJORN: Thank you.
DAMIEN: Bjorn according to your blog and your website, recently direction.com, the domain, was stolen from your company. How did that happen, Bjorn?
BJORN: Well someone took over my inbox, as simple as that. There's only one channel of control for domain names and as soon as someone has the access to your inbox then it's out of control. This did not happen at our company level, probably it happened with our Danish internet service provider.
DAMIEN: So at the ISP level somebody was able to get your password or get control of your inbox, go in...
BJORN: They set up an alias and forwarded all of my mail to themselves and then it was as easy as that.
DAMIEN: So when you lose control of your domain, your domain or your domain site, what is the process of trying to get it back?
BJORN: Well first you get an email saying that you changed it and that, and I reacted immediately, and said, no I changed nothing, please stop. And that was all it took. The process had already started, and we had lost our domain name...control of the domain name.
DAMIEN: And who would be the governing body that you would go? Did you start with your ISP, or is there another body that you would go to in order to get your domain back?
BJORN: Well I started with the American Registrar we were with at that time and said this is not right. Something funny is going on. I provided the credentials they asked for and actually we did stop the process...we thought we did, and then a few days later it turned out that it hadn't been stopped. So the domain had already been transferred to someone new.
DAMIEN: So at that point you're losing business because you're domain is no longer going to you.
BJORN: It's a little bit more complicated than that, because at that time we still only had a Danish website and I had the direction.com on hold. We are bilingual now so it's up and working and I held internationally for many years, I hadn't done an English version of our website at that point in time. So we didn't lose business, but we could have very well have done that and it would be the case for any company that had a domain stolen the same way if they had it actually been the main address.
DAMIEN: So at this point, at the registrar level your site has been moved, you no longer have access to it, you've gone through domain name dispute through ICANN which is the Internet Corporation for Assigned Name and Numbers which supposedly should be the watch dog group for all the registrars in the way this is done. After going through ICANN's domain name dispute protocols, what was the result?
BJORN: Well the thing is with ICANN there is no such thing as a domain being stolen. The concept does not really exist. So once you lose control of a domain name, they say you have a dispute with someone and they basically talking in terms of copyright or trademark rights so the thing to do once this happens is you go to one of the bodies appointed by ICANN; we used WIPO World Intellectual Property Organization in Switzerland, and they are arbitrators. So they can look at the case. It's a step before you go to a court case. They review all of what happened. They cost you about $1500 and then they reviewed our case and said, obviously this was a scam, someone stole it, and we got the domain back. It took 6 months.
DAMIEN: So it took 6 months. Is that $1500 U.S. or?
BJORN: Yeah, that's just the fee to have an arbitrator look into what actually happened. Was this a theft? Was this a...did we have an argument with someone and did we maybe sell the domain name, or did someone maybe buy it? Someone has to take that role and to see what was actually going on. At this level is where WIPO gets in their kind of an independent body step you can go to before you initiate a court case.
DAMIEN: So after this arbitration, you now know who has your domain name? Is there any punishment for this person for stealing your domain name?
BJORN: No no. We never knew who took the domain name. Traces led to...computer tracks led to Germany, to Iran, and it was a fake address in Australia. Those were the traces left behind. We never knew who was the perp.
DAMIEN: So your arbitration was just between the registrars at that point?
BJORN: Yeah, because the person who stole the domain did not answer in the arbitration so as we documented very well what happened, we got it back.
DAMIEN: Now, your domain was able to be recovered which is a good thing for your company. You spent all that time, you spent a lot of money getting everything going, you need to have your domain up and running for your business, for information purposes, for driving business back and forth. Going through the web looking just on this issue alone, domain name theft seems to be huge right now, and I'm sure it's been huge right from the very beginning with the issues of domainers and cybersquatting and everything else, but on an everyday basis of domain names are so easy to scam off of somebody else, what do you do to stop this? What's the stop gap measure for right now to make it stop, and what do we do...what's the protocol to make it stop? If ICANN is not going to do anything other than give you an arbitrator to go through, what are the set of rules that need to be in place? What do you feel we should do in order to stop this particular thing from happening to another person?
BJORN: I think there are two levels. One is simply to simple education, because you have to be in control of your domain name and you had another show with Enrico Schaefer where he clearly gave out instructions for what to do so that, you know, what your employees do that you keep your password well and all that stuff so that's education, and we have to learn that...all of us who...everyone who has a valuable domain name. The second level has to do with how the whole system of domain name works, because the problem is that control goes through only one channel. As you could see in our case, just hacking our inbox at the ISP level, our computer security was ok, just hacking the inbox at our ISP was enough to take control of our domain name. So the problem is that a domain can be moved just through one channel which is email and that's quite easy to hack, and of course, it looks to me...I've done a little research into this...and it looks like the problem is increasing. I saw Bud Parsons of Godaddy, they say they're the world's largest registrar saying that this happens on a daily basis. If they see it on a daily basis, we can assume that it happens for hundreds of thousands of people every day that this goes on, and if you know how to steal one domain name, why stay with that? Then you know how to steal 100 or 1000 and that's driving this kind of crime and it's very easy it seems like. So one more channel. We need, for example, if you're looking to how Safebook, they address me when they ask me Are you sick and tired of seeing these funny letters and type domains we know who you are, then let us send you something by SMS to your mobile phone and you enter that, and then we know who you are, because then we have a second channel and then identity is established. It would be quite simple for some innovative ISP to do this or much better for ICANN to say we need a better security procedure. It's not ok just to use one channel and especially not email which is rather easy to hack.
DAMIEN: And indeed and with even just the simple messengers from say Yahoo or MSN all of them now employ SMS the Short Message Service which does simple text from your mobile phone so it's not as if the technology isn't readily available. Who's to blame for all of this?
BJORN: Well the funny thing is if we look into our case, there is really no one to blame. We did what we should. Danish IP at least say that they did what they should. They couldn't provide lock files though that security was ok, so maybe that was where the breach was, but I mean, that some ISP has bad security shouldn't affect what happens at the domain registry level, but it does in this case. And also the registrars they do...they are supposed to because they follow ICANN's rules. So basically it has to do when we look back on the internet how it has grown over the last decade, we have seen such rapid growth that the system has not really adapted to the volume that's going on and so the fastest of communication and we need more checks and balances for it to become more steady, because so much value, so much business has gone online that the mechanisms that were good in the beginning; they're lousy by now.
DAMIEN: And you would think that, you know, aggressively people would want to maintain their intellectual properties like this, their internet properties, but when it comes down to it, it's $1500 for the arbitrator and a lot of times it's only a $5 - $10 website so where do you balance that and the more people that actually fight for it, hopefully somebody will stand up and go, maybe we should set up a set of rules to make this a little more difficult for people to get into...
BJORN: Yeah, I mean, you're right. We have to use the right size of bullets for the right size of problems. So obviously there should be an easy to find option for those who want to buy more security, but I hardly see it in the market. I've looked deep into some of the domain name forums and looked for recommendations on who is best with security, but I don't see anyone using two channels yet. I see some registrars saying, we are very careful, and I would have liked to be with another registrar with this case, of course, but as such security very much depends on you being in charge of your inbox and you can not count on that as a sole security measure for variable domain name property.
DAMIEN: Any other final shots you'd like to share with the listening audience before we take off here, Bjorn?
BJORN: Well if we have some listeners that are in charge of, or have some power to address this in one way or another, it could be ISP's that say, yes, we want to offer our goods to the market with much better security and we can see how we can do it in the ICANN rules, I'm not a lawyer, I don't know exactly how they could do that, but anyone who sees and recognizes this problem, look into it and see if you can address the totality of the system failures so to speak and how they'd be better.
DAMIEN: Bjorn, could you share with the listeners the blog site?
BJORN: Yes, we put up a blog site called preventdomaintheft.com. Prevent Domain Theft being one word. We decided to do that because it looks as if this happens to quite a few people and we could have been ashamed that it happened to use and just gotten the domain name back and then proceed business as usual, but I wanted to share this with more people to show them it is a problem, it is possible to get it back if you have a trademark registration and also I would like to address the fact that we have such a fast growing system on the internet with the domain names, we need more security, we need more checks and balances to make this a stable system for the future.
DAMIEN: Well thank you very much for all the information and for sharing your story with us today. We have been in the studio via phone with Bjorn K. Andersen of Direction.com. You have been listening to the VTalk Radio Tech Spotlight. My name is Damien Allen. Have a great afternoon.
ANNOUNCER: Today's program is brought to you by Traverse Legal, PLC, a law firm specializing in internet law, domain disputes, and technology company representation. That's Traverse Legal, www.traverselegal.com.
DAMIEN: ANNOUNCER: You have been listening to the VTalk Radio Tech Spotlight. Only on vtalkradio.com; radio for the 21st century.
go to top of the page
