In spite of a recent May 5th U.S. district court decision which declared that domain names are not property, and hence, can't be "stolen," domain thieves last weekend successfully hijacked two web site/domains from their rightful owners.

The theft highlights the security issues surrounding domain names, particularly the authorization schemes that are in place to protect domain owners.

What happened is this: An individual contacted Network Solutions Inc. May 29 and told NetSol to change the contact name and the DNS/IP address (this is the "address" to which the domains are directed) of web.net and bali.com. Web Networks contends that Network Solutions made the changes without receiving their authorization, either electronically or by phone, and consequently pushed the changes through. Network Solutions counters that claim by stating that Web Networks' domain, web.net, had the lowest level of security known as "MAIL-FROM."

The MAIL-FROM authentification allows changes to be made if the changes are requested through an email from one of the contacts for the domain, listed in the whois record. Network Solutions FAQ has the following information about the MAIL-FROM level of authentification:

Guardian was created to help protect your domain name registration,
contact record and host record from unauthorized changes. If we
receive a Service Agreement, Contact Form or Host Form from a source
other than the administrative or the technical contact/agent, we will
seek confirmation of the change from both of these contacts.

We will notify the administrative and technical contacts that a request
to make a change has been received. It is then the responsibility of one
of these contacts to acknowledge that the request is valid by replying
"ACK" or "YES" to the notification.

If we do not receive any acknowledgement, or if we are notified that the
request is not valid, we will not make the change. The administrative or
technical contact should reply "NAK" or "NO" to the notification if he
does not want the change to be processed.

Web Networks contends that the e-mail requesting the changes to their domain did not originate from them, and that they did not provide the required authorization to make the changes.

Network Solutions told InternetNews.com that the e-mail requesting the changes was "spoofed" by the thief, making it appear to have originated from Web Networks, and that they were acting in good faith.

On Tuesday evening, a representative from Network Solutions confirmed to Web Networks that all of the changes to the DNS names would be changed back to the web.net settings, but as of Wednesday the 31st, the domain had not been restored.

NSI Vice President of Corporate Communications Chris Clough Friday confirmed the company made the domain transfer and later learned it was fraudulent. Clough indicated that they had contacted TUCOWS, the original registrar for the domain, about the request Tuesday, and after realizing the fraudulent nature of the change request, have continued to work with TUCOWS to find the "best method of handling the return to Web Networks."

Web Networks also spoke with Network Solutions staff, who suggested that the thief had changed the domain record to name himself as technical contact, making it "impossible" for Web Networks to correct these changes, even with the required legal documentation. Network Solutions suggested that the procedure could take some time, and that they would speak to their Investigations Unit immediately to resolve the issue.

Network Solutions told InternetNews.com that they consider this a serious offense, agreeing that "the unauthorized transfer of a domain name and the apparent fraud committed is a criminal act. Network Solutions is in the process of notifying all the appropriate authorities so that they can conduct a thorough investigation."

The situation is currently at an impasse. The whois record still shows the site with the alleged thief, going by the name of Billy Tandoko, registered as administrative contact, technical contact, zone contact and billing contact for the domain. Network Solutions is still waiting to hear back from TUCOWS about what they intend to do to correct the fraudulent domain name transfer. TUCOWS did not respond to calls from InternetNews for additional details.

Network Solutions' spokesman Brian O'Shaughnessy stated, "It happens to names of some merit rather than names of no merit," indicating that Network Solutions handles up to 30,000 database changes every day. "That's an incredible amount of volume, and in some cases the request is sent out to the rightful owner and his response may get caught up in that," O'Shaughnessy said in an interview with ZDNet in an article earlier this week. Domain owners should keep this all in mind when they set up the authentification for their domains in the future.