Grave Robbing and SEDO Fencing
I see a lot of outrageous things in the course of a few days, so it is hard to peg my moral outrage meter, but this one is a cut above.... Raven.com was originally registered through NSI in 1992 to: RAVEN Computer Systems PO Box 44309 Minneapolis, MN 55344 USA Administrative, Technical Contact: Teske, Don dwt@RAVEN.COM As was noted on the web page for 15 years (http://web.archive.org/web/20040602192346/www.raven.com/faq.html) Is the RAVEN domain for sale? No, this domain is not for sale. According to the Social Security Death Index, the principal of the company, Mr. Teske, died on October 3, 2005. His widow continued to use her raven.com email address. In June 2007, an interesting change happened to the WHOIS at NSI: Administrative Contact Gostowski, Kushaiah don_teske@yahoo.com Several days later, the domain was transferred to Directnic as: Registrant: Raven 123 Main St Fresno, CA 94205 US 4152273833 Administrative Contact: Gostowski, Kushaiah don_teske@yahoo.com And was offered for sale via Sedo after a quick change to: Registrant: Raven One Wilshire Blvd Los angeles, CA 90010 US 3109009783 Administrative Contact: Colton, Mark ravenheadinc@gmail.com The name sold at Sedo for $3,500 on July 3, 2007, was shipped out to GoDaddy, and is now registered as: Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Administrative Contact: Private, Registration RAVEN.COM@domainsbyproxy.com At the moment, it is up for auction at Ebay, Item 330151932746 This is the first time this domain is for sale since registration in 1992 raven.com You will never get a chance like this again. My local pawn shop does more in the way of verifying the identity of sellers than Sedo does. Mrs. Teske, by the way, would like to have the domain name back. John Berryhill, Ph.d., Esq. 4 West Front St. Media, PA 19063 (610) 565-5601 (267) 386-8115 fax
Hi John, So, in summary.... an identity theft occurs at NSI (hijacker pretends to be Don Teske likely by sending in a fax with faked ID) and the buyer at Sedo claims he's an innocent purchaser.... I was going to say that it's the age-old "I'm an innocent purchaser" argument, but $3500? I would submit that paying $3500 for raven.com is not a reasonable amount of money. Far too low. So low that the buyer knew, or should have known, that the domain was hijacked. (Or perhaps at Sedo the buyer is the seller, or not arms-length). GoDaddy reverting to Directnic reverting back to NSI is very reasonable under the circumstances. Thx Richard -----Original Message----- From: owner-registrars@gnso.icann.org [mailto:owner-registrars@gnso.icann.org] On Behalf Of John Berryhill Sent: 03 August, 2007 3:38 PM To: 'Registrars Constituency' Subject: [registrars] Grave Robbing and SEDO Fencing I see a lot of outrageous things in the course of a few days, so it is hard to peg my moral outrage meter, but this one is a cut above.... Raven.com was originally registered through NSI in 1992 to: RAVEN Computer Systems PO Box 44309 Minneapolis, MN 55344 USA Administrative, Technical Contact: Teske, Don dwt@RAVEN.COM As was noted on the web page for 15 years (http://web.archive.org/web/20040602192346/www.raven.com/faq.html) Is the RAVEN domain for sale? No, this domain is not for sale. According to the Social Security Death Index, the principal of the company, Mr. Teske, died on October 3, 2005. His widow continued to use her raven.com email address. In June 2007, an interesting change happened to the WHOIS at NSI: Administrative Contact Gostowski, Kushaiah don_teske@yahoo.com Several days later, the domain was transferred to Directnic as: Registrant: Raven 123 Main St Fresno, CA 94205 US 4152273833 Administrative Contact: Gostowski, Kushaiah don_teske@yahoo.com And was offered for sale via Sedo after a quick change to: Registrant: Raven One Wilshire Blvd Los angeles, CA 90010 US 3109009783 Administrative Contact: Colton, Mark ravenheadinc@gmail.com The name sold at Sedo for $3,500 on July 3, 2007, was shipped out to GoDaddy, and is now registered as: Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Administrative Contact: Private, Registration RAVEN.COM@domainsbyproxy.com At the moment, it is up for auction at Ebay, Item 330151932746 This is the first time this domain is for sale since registration in 1992 raven.com You will never get a chance like this again. My local pawn shop does more in the way of verifying the identity of sellers than Sedo does. Mrs. Teske, by the way, would like to have the domain name back. John Berryhill, Ph.d., Esq. 4 West Front St. Media, PA 19063 (610) 565-5601 (267) 386-8115 fax
Dear John: Its seems the first step is check with NSI with that happen in the first place. Best Ricardo Vaz Monteiro http://www.nomer.com.br -----Original Message----- From: owner-registrars@gnso.icann.org [mailto:owner-registrars@gnso.icann.org]On Behalf Of Lau Sent: sexta-feira, 3 de agosto de 2007 13:42 To: john@johnberryhill.com; 'Registrars Constituency' Subject: RE: [registrars] Grave Robbing and SEDO Fencing Hi John, So, in summary.... an identity theft occurs at NSI (hijacker pretends to be Don Teske likely by sending in a fax with faked ID) and the buyer at Sedo claims he's an innocent purchaser.... I was going to say that it's the age-old "I'm an innocent purchaser" argument, but $3500? I would submit that paying $3500 for raven.com is not a reasonable amount of money. Far too low. So low that the buyer knew, or should have known, that the domain was hijacked. (Or perhaps at Sedo the buyer is the seller, or not arms-length). GoDaddy reverting to Directnic reverting back to NSI is very reasonable under the circumstances. Thx Richard -----Original Message----- From: owner-registrars@gnso.icann.org [mailto:owner-registrars@gnso.icann.org] On Behalf Of John Berryhill Sent: 03 August, 2007 3:38 PM To: 'Registrars Constituency' Subject: [registrars] Grave Robbing and SEDO Fencing I see a lot of outrageous things in the course of a few days, so it is hard to peg my moral outrage meter, but this one is a cut above.... Raven.com was originally registered through NSI in 1992 to: RAVEN Computer Systems PO Box 44309 Minneapolis, MN 55344 USA Administrative, Technical Contact: Teske, Don dwt@RAVEN.COM As was noted on the web page for 15 years (http://web.archive.org/web/20040602192346/www.raven.com/faq.html) Is the RAVEN domain for sale? No, this domain is not for sale. According to the Social Security Death Index, the principal of the company, Mr. Teske, died on October 3, 2005. His widow continued to use her raven.com email address. In June 2007, an interesting change happened to the WHOIS at NSI: Administrative Contact Gostowski, Kushaiah don_teske@yahoo.com Several days later, the domain was transferred to Directnic as: Registrant: Raven 123 Main St Fresno, CA 94205 US 4152273833 Administrative Contact: Gostowski, Kushaiah don_teske@yahoo.com And was offered for sale via Sedo after a quick change to: Registrant: Raven One Wilshire Blvd Los angeles, CA 90010 US 3109009783 Administrative Contact: Colton, Mark ravenheadinc@gmail.com The name sold at Sedo for $3,500 on July 3, 2007, was shipped out to GoDaddy, and is now registered as: Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Administrative Contact: Private, Registration RAVEN.COM@domainsbyproxy.com At the moment, it is up for auction at Ebay, Item 330151932746 This is the first time this domain is for sale since registration in 1992 raven.com You will never get a chance like this again. My local pawn shop does more in the way of verifying the identity of sellers than Sedo does. Mrs. Teske, by the way, would like to have the domain name back. John Berryhill, Ph.d., Esq. 4 West Front St. Media, PA 19063 (610) 565-5601 (267) 386-8115 fax
I would submit that paying $3500 for raven.com is not a reasonable amount of money. Far too low.
It had red flags all over it. The sale price alone triggered suspicion among domainers, which is why the original owner was tracked down by them to find out, "Hey, I wondered why my email quit working a few days ago." WHOIS data churn within a few days prior to the sale and fictitious address and telephone number in the WHOIS data. I'm holding out to see who gets the "do the right thing" award here. The Gold, Silver, and Bronze will be published.
Well, I'm just sitting here hypothesising. But really Domain Hijacking is usually a form of online identity theft, where the thief one way or another convinces the Registrar, (or the ISP hosting the Admin Email) that he is the owner. I'm not one to comment on NSI's security except to say that I highly respect their senior staff and have witnessed major efforts to stamp out fraud. If anything NSI could teach many other registrars how to protect domains. This is a far cry from the pre-Champ M. days. Richard _____ From: Bashar Al-Abdulhadi [mailto:bashar@kuwaitnet.net] Sent: 03 August, 2007 10:12 PM To: Lau Cc: john@johnberryhill.com; 'Registrars Constituency' Subject: Re: [registrars] Grave Robbing and SEDO Fencing Hello Richard, Lau wrote, On 8/3/2007 7:42 PM: Hi John, So, in summary.... an identity theft occurs at NSI (hijacker pretends to be Don Teske likely by sending in a fax with faked ID) and the buyer at Sedo claims he's an innocent purchaser.... its that simple at NSI to change domain ownership with fake IDs? it should be harder for american registrant to be faked at american registrars due the easier methods to identify ownership?
Thanks Richard. I couldn't have said it better myself. Best, Jon ________________________________ From: owner-registrars@gnso.icann.org [mailto:owner-registrars@gnso.icann.org] On Behalf Of Lau Sent: Friday, August 03, 2007 5:13 PM To: 'Bashar Al-Abdulhadi' Cc: john@johnberryhill.com; 'Registrars Constituency' Subject: RE: [registrars] Grave Robbing and SEDO Fencing Well, I'm just sitting here hypothesising. But really Domain Hijacking is usually a form of online identity theft, where the thief one way or another convinces the Registrar, (or the ISP hosting the Admin Email) that he is the owner. I'm not one to comment on NSI's security except to say that I highly respect their senior staff and have witnessed major efforts to stamp out fraud. If anything NSI could teach many other registrars how to protect domains. This is a far cry from the pre-Champ M. days. Richard ________________________________ From: Bashar Al-Abdulhadi [mailto:bashar@kuwaitnet.net] Sent: 03 August, 2007 10:12 PM To: Lau Cc: john@johnberryhill.com; 'Registrars Constituency' Subject: Re: [registrars] Grave Robbing and SEDO Fencing Hello Richard, Lau wrote, On 8/3/2007 7:42 PM: Hi John, So, in summary.... an identity theft occurs at NSI (hijacker pretends to be Don Teske likely by sending in a fax with faked ID) and the buyer at Sedo claims he's an innocent purchaser.... its that simple at NSI to change domain ownership with fake IDs? it should be harder for american registrant to be faked at american registrars due the easier methods to identify ownership?
Hi guys, I am also interested by any solution that could avoid such ID usurpation. For now, we are asking to the registrant to provide his ID copy. When the owner change is requested, we are also asking for a copy again + physical owner change form printed and signed by both parties and if both ID copies are matching, and the signature is the same, we call the constumer on his original phone number provided at the registration time and then authorise the owner change. Sometimes infos has been changed so we cannot verify all infos it means that we somehow must get our own conviction that his is the real owner (askling for details on many different infos on his account). But when a domain belong to a company, and the responsible has changed to another one!. The only fact that this new person has access to the company account admin is not enought to my opinion. Is someone has a better process ? Thank you. Sam www.Domaine.fr www.Domaine.info De : Bashar Al-Abdulhadi <bashar@kuwaitnet.net> Date : Sat, 04 Aug 2007 01:27:22 +0300 À : Lau <richard@lau.com> Cc : 'Registrars Constituency' <registrars@gnso.icann.org> Objet : Re: [registrars] Grave Robbing and SEDO Fencing Thats what i thought too. but seeing this happen twice in less than 3 years scares me off (although the other domain was with different registrar) what might be possible to secure the domains of dead people to their heirs in future for other registrars? Lau wrote, On 8/4/2007 12:12 AM:
Well, I¹m just sitting here hypothesising.
But really Domain Hijacking is usually a form of online identity theft, where the thief one way or another convinces the Registrar, (or the ISP hosting the Admin Email) that he is the owner.
I¹m not one to comment on NSI¹s security except to say that I highly respect their senior staff and have witnessed major efforts to stamp out fraud. If anything NSI could teach many other registrars how to protect domains. This is a far cry from the pre-Champ M. days.
Richard
From: Bashar Al-Abdulhadi [mailto:bashar@kuwaitnet.net] Sent: 03 August, 2007 10:12 PM To: Lau Cc: john@johnberryhill.com; 'Registrars Constituency' Subject: Re: [registrars] Grave Robbing and SEDO Fencing
Hello Richard,
Lau wrote, On 8/3/2007 7:42 PM:
Hi John,
So, in summary.... an identity theft occurs at NSI (hijacker pretends to be
Don Teske likely by sending in a fax with faked ID) and the buyer at Sedo
claims he's an innocent purchaser....
its that simple at NSI to change domain ownership with fake IDs?
it should be harder for american registrant to be faked at american registrars due the easier methods to identify ownership?
participants (6)
-
Bashar Al-Abdulhadi -
John Berryhill -
Lau -
Nevett, Jonathon -
ricardo@nomer.com.br -
Sam BAVAFA