[BBLISA] domain theft saga

Dean Anderson dean at av8.com
Tue Mar 30 11:50:19 EDT 2010


There is an upcoming book on the sex.com theft.  It contains photocopies
of the laughably fraudulent documents used by Stephen Cohen to steal the
sex.com domain from Kremen in the 1990s.  The response from NetSol was
also curiously dishonest: Even after NetSol acknowledged that the domain
transfer was fraudulent, they refused to return the domain to the
rightful owner.  Kremen won a judgment of $65 million against Cohen, and
a court order against NetSol, and got the domain back.  Cohen, a known
con-artist for posing as a bankruptcy lawyer, multiple convictions for
writing bad checks, running an illegal sex club/brothel in LA, etc, has
been a friend of Vint Cerf and Steve Crocker since childhood.

After the suit, Cohen fled the country and became a fugitive, but had
ARIN number resources which ARIN, which the court ordered transferred to
Kremen. Under direction of then CEO Ray Plzak (a coworker of Cerf at
NIC.DDN.MIL), ARIN resisted these court orders and transfered the
resources to newly created LACNIC, and then stated falsely that it had
no control over LACNIC, even though ARIN remained in control of LACNIC
for another year.  Cohen was eventually arrested in Mexico and
transferred to the US. Plzak has since resigned from ARIN, but Vixie and
Cerf cronies remain in control of ARIN despite not having been lawfully
elected to the Board of Directors.  One of these directors has resigned;
another refused to accept certified US mail informing him of the
illegitimacy of his position on the Board.

According to the book on Sex.com (I have copy of the UK version), Cohen
boasted of having a girlfriend at NetSol. But of course, it takes
someone very high up to be able to influence the NetSol legal and
business decision to, despite the facts, resist transferring the domain
AFTER the fraud was _exposed_; even going to the substantial expense of
resisting in Court arguing they could transfer domains to whomever they
wished, whenever they wished.  The court rejected their argument and
established that domains are property, but limited NetSol's
responsibility for the damages.

Follow the money and personal connections.  When people respond to
blatant dishonesty by furthering the fraud rather than righting the
fraud, there is a bad reason for that.

		--Dean


On Tue, 30 Mar 2010, Tom Metro wrote:

> For those of you not on the BLU list, you might find this an interesting
> read:
> 
> http://old.nabble.com/Dreamhost-account-hacked-td28062149s24859.html
> 
> In brief, a directed attack using social engineering was perpetrated
> against my domain registrar, Dreamhost, and due to multiple failures on
> their part, they granted the attacker access to my account, froze me
> out, and hampered my ability to halt the attack.
> 
> This started Saturday night, and by Sunday afternoon, given lax response
> from Dreamhost, the attacker had succeeded in transferring my vl.com
> domain, which is considered of high value due to being only two letters,
> to a foreign registrar located in the Bahamas.
> 
> Included in my posts are laughable chat transcripts between the attacker
> and the Dreamhost support personnel, where support people were more than
> happy to update contact info, supply plain text passwords, and force
> through a domain transfer.
> 
> Clearly, humans were the weakest link in this system.
> 
> The good news is that the attacker never succeeded in compromising my
> email account use as the domain contact (despite a few attempts) and the
> foreign registrar has been convinced that there was enough fishy about
> the transfer to put modifications on hold. So for the time being my name
> server records are safe, and they haven't gained access to my vl.com
> email traffic. (Though I'm pretty sure they only care about the domain
> itself.)
> 
> I've reported the attack to the local police and the FBI.
> 
> Still tonight the attackers made attempts to reset the password on my
> Google hosted account used as the contact address for the domain.
> Undoubtedly so they can leverage it to send a forged letter to the
> foreign registrar.
> 
>   -Tom
> 
> 

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 256 5494




More information about the bblisa mailing list