Gmail - Hack Leads to Domain Theft

[NewsDesk]

Go Daddy steps in to return domain stolen as a result of flaw in Gmail.

A hacker used a deficiency in Gmail to steal a domain name this month. The theft was of DavidAirey.com, a popular graphic designer’s personal site that attracts a couple thousand unique visitors a day.

So how did it happen, and what can you do to protect yourself? Furthermore, how could a popular domainer site lead to even more lost domains?

First, here’s how it happened in a nutshell:

1. DavidAirey.com was registered through a webhost, ICDSoft.

2. The hacker contacted the webhost through a support ticket asking to unlock the domain
and send the EPP transfer code.

3. The hacker compromised David Airey’s Gmail account to forward any domain transfer requests to his own email account.

4. The hacker transfered the domain to a GoDaddy account without Airey’s knowledge.

5. He then forwarded the domain to Bebu.net, a parked page at Sedo

Fortunately, Airey was able to work with GoDaddy to get the domain back. He’s lucky the domain was transferred to GoDaddy. Despite some of its flaws, at least GoDaddy isn’t a fly-by-night registrar.

The hacker was able to add a forwarding rule to Airey’s Gmail account, as Airey recounts on his blog. Airey also explains how to check that your account hasn’t been compromised.
Here’s what you can do to protect yourself:

1. Never use a free or hosted email account as your whois address. Instead, use a pop email address from a domain you own. Lock the heck out of that domain.

2. Never register a domain through a webhosting company. Webhosts are good (sometimes) at hosting web sites, but they are typically just domain resellers with lax domain security controls. A good domain registrar would never let someone simply e-mail them to unlock a domain and send the transfer code.

Now here’s the really scary part. A popular domain web site, DomainTools, could compromise your entire portfolio of domains. DomainTools offers a product called “Registrant Search” that allows anyone to purchase a list of domains registered by a particular person or with a particular email address. If Airey had a portfolio of domains, the hacker could have easily stolen all of his domains.

About Go Daddy
GoDaddy.com is the world's largest domain name registrar and is the flagship company of The Go Daddy Group, Inc. The Go Daddy Group of companies also includes Wild West Domains, Inc., a reseller of domains and domain-related products and services; Domains by Proxy, a private registration service; Starfield Technologies, a research and development affiliate; and Blue Razor Domains, a membership-based discount registrar.

Website: www.godaddy.com

[icdsoft]

Just to clarify on this:

Quote:

A good domain registrar would never let someone simply e-mail them to unlock a domain and send the transfer code.

Actually, the transfer was requested through ICDSoft's web interface. The hacker obtained the password for that interface through David's Gmail account. The hacker also had the password for David's Gmail account, which let him approve the transfer after it was requested.

The transfer request was submitted using the approprate means. The fact that the hacker had access to David's passwords is disturbing, but it has nothing to do with ICDSoft's security.