I would love to see a log of every transfer that was blocked and how many of those where because the registrant was being hijacked.
It's tough to tell. The cost of recovering of hi-jacked name can be stellar, and I have seen plenty of situations, such as client.com (stolen from NSI using a forged fax from a "Billy Bob Thornton") where the victim simply does not have the means or ability to pursue legal action. The "log of blocked transfers" is not going to provide meaningful information on the costs resulting from a hi-jacking (and that includes the lost time that we all devote to trying to get these things resolved informally). The transfers policy has been very effective at eliminating certain practices, of which we need not recite the history, that were clearly directed at shaking down registrants for renewals while denying transfers. The policy does allow room for registrants to consent to a variety of practices which are motivated by security. I, for one, would like to see a registrar that offers an option of "under no circumstances is this domain name to be transferred to another registrar" for high value names. Registrants *should* be able to select such a service, as long as it is voluntary and with notice. Of several hi-jackings I have seen lately, there has been a pattern of altered whois just prior to renewal. From this, I gather that some hi-jackers are targeting names near expiration on the assumption that this strategy will result in a higher yield of names that nobody will complain about. Figure, some names expire simply because the registrant has abandoned them. Hence, by targeting names near the end of expiration for hi-jacking, that class of registrants who intended to abandon the names are not going to be making complaints. It is probable that many such registrants just assume the name expired, so you aren't going to know "how many" were hi-jacked, since the registrants never complained. Another scenario I have seen a couple of times lately, is one in which the hi-jacker engages in multiple registrar transfers, while keeping the name servers the same, for periods of a year or longer. By the time the registrant notices, if the registrant notices, the underlying activity, and any logs of it, are long past. From the registrant's point of view, as long as the domain name is working, there is no apparent problem.
From yesterday's Wall Street Journal...
http://online.wsj.com/article/SB119068079815138145.html?mod=googlenews_wsj Web-Address Theft Is Everyday Event By KEVIN J. DELANEY September 25, 2007; Page B3 [...] "It's a complete rampage in our industry," says Monte Cahn, founder and chief executive of Moniker Online Services LLC in Pompano Beach, Fla., which handles domain services such as registrations and auctions. Bob Parsons, chief executive officer of GoDaddy.com Inc., says the domain registrar is aware of daily hijacking incidents, with the frequency having increased as Internet use grows. [...] In Mr. Inowlocki's case, his registrar says it hasn't had any luck recovering the domain from the registrar that yyy.com was transferred to -- Key-Systems GmbH in Germany. Key-Systems CEO Alexander Siffrin says that is because Mr. Inowlocki's registrar, TierraNet Inc. unit DomainDiscover, hasn't yet made a formal complaint or gotten a court order.