Domain Name Stealing at Gunpoint

I missed this story when it came around last year: someone tried to steal a domain name at gunpoint. He was just sentenced to 20 years in jail.

Posted on June 22, 2018 at 5:52 AM • 13 Comments

Comments

meJune 22, 2018 6:46 AM

@Brian Krebs
Do you still think that gdpr and private whois information is a super-bad thing?
you stressed everyone like "oh no the world is falling because without whois information we can't stop crime".
(don't want to be offsensive, just my bad english, can't write it better than this)
it was possible to hide whois information even before gdpr, maybe it was paid service but it was possible, or am i missing something?

i think too that it has downsides, but i see mostly positive sides having whois data protected.

somehow related (but note that i don't remember how much who is data played a role in this, read this lot of time ago):
https://arstechnica.com/information-technology/2014/01/picking-up-the-pieces-after-the-n-twitter-account-theft/
https://medium.com/@espringe/amazon-s-customer-service-backdoor-be375b3428c4

JG4June 22, 2018 7:13 AM


I may have stopped just short of saying that gunpoints are yet another consensus algorithm. They also produce highly asymmetric trust.

https://en.wikipedia.org/wiki/Political_power_grows_out_of_the_barrel_of_a_gun

Mao was not entirely correct, but he has provided a useful point for discussion.

https://www.nakedcapitalism.com/2018/06/links-6-22-18.html
...
Stonehenge Builders Used Pythagoras’ Theorem 2,000 Years Before He Was Born Tech Times

Bedrock in West Antarctica rising at surprisingly rapid rate Phys.org (Kevin W)
...
Syraqistan

A Rare Look at Yemen’s War, Where Children Starve and Hospitals Are on Life-Support Intercept

Big Brother is Watching You Watch

Tech Giants Under Fire For Facial Recognition SafeHaven

Revealed: Canada uses massive US anti-terrorist database at borders Guardian
...

scotJune 22, 2018 7:51 AM

From https://motherboard.vice.com/en_us/article/pavwj8/armed-robbery-domain-website-gunpoint-doitforstate

"Although doitforstate.com doesn’t currently return a web page, the Internet Archive’s Wayback Machine has a snapshot dating back to January 2015. The last snapshot before the website was taken down was a month after the robbery. The website described itself as serving up “College stories, College Life, College Snaps.”"

I think that "College Snaps" indicates that the website could have contained a significant amount of potential blackmail material.

EvanJune 22, 2018 9:23 AM

@me

I think the main appeal of WHOIS is simply that it provided some measure of accountability - it's somewhat harder to do a lot of nefarious things on the net if the information about who owns or operates a domain is open for all. But, of course these days there are ways around that. Furthermore, as the Internet has consolidated into fewer and fewer companies providing platforms for content instead of content directly, essentially creating another layer of abstraction, that accountability has become less relevant. You can know who Facebook is, but you don't know who's behind a "True USA Patriots For TRUMP" group, whether it really is grassroots or run by foreign operatives or whatever. Although its loss provokes some nostalgia, the death of WHOIS is more a symptom of the changing values of the Internet than its cause.

meJune 22, 2018 10:14 AM

@evan
>WHOIS simply provided some measure of accountability

yes, but now that it is not visible to anyone still does the same thing.
the only difference is that is visible only to police on specific motivated request and not just anyone.

>that accountability has become less relevant.

true... well i think that facebook runs the platform and "knows" who is behind any group: they have ip and police can ask facebook for ip, and isp for who physically own that ip. but i don't know how police work, and anyway the fact that is international slow down everything.

Petre PeterJune 22, 2018 10:51 AM

Pointing a site under gun point seems like another form of dereferencing the pointer. What's the pointer? Forget about mice pointing the way and move to the right trackpad.

MajorJune 22, 2018 11:41 AM

The first thing I thought of was the faceless people who hold data of dubious accuracy about me, spreading it far and wide, and releasing key info that can be used in identity theft against me, collecting money all the while and having absolutely no accountability. They hold a gun to MY head. It's their business model.

Clive RobinsonJune 22, 2018 11:46 AM

@ Bruce, Even, me,

Speaking of illegal acts with regards Domain Names, have you looked into what ICANN has been upto with regards compleatly failing despite well over two years warning to become Compliant with the GDPR?

Apparently ICANN decided that a good prevarication approach having been rejected several times by the EU is taking legal action against a subsidury of Tucows that is a Internet Register for ICANN and thus pays the supposed "non-profit" income.

The German court unsprisingly took little or no time to reject ICANN's delaying tactic as it was an obvious "hot potato" issue.

ICANN are now trying to rather dumbly "double down" on their failings basically chalenging the German judiciary to push it up to the ECJ...

All that it will take to destroy ICANN will be for one European to make a formal complaint about the ICANN Whois service, and a big fat fine will be on it's way...

Oh and if the US Gov or other entity tries to bail out ICANN that leaves ICANN open to further EU legislation that is backstopped not by fines but prison time...

ICANN by failing to take any proactive action before the GDPR deadline then trying to prevaricate subsequently have basically not just shot themselves in the foot they have also given the European courts sufficient rope to "hang'em high"...

It's no secret that the real driver behind ICANN's position over the Whois service is the data agrigators that aid the US Gov IC in it's "collect it all" policy and the worst floating scum "shysters" pretending to be legitimate IP lawyers, that send out all sorts of "shakedown" letters as a way of earning a living.

Interestingly the only arguments being made by the security researchers and journalists like Brian Krebs are identical but opposit to a subset of privacy campaigners thus actually cancel out, leaving the privacy campaigners ahead of the game.

The classic argument is "tracking down criminals", however it would be a dumb criminal that did not use either fake or stolen credentials (major method currently). Brian Krebs argues that in some small number of cases the criminals make mistakes and cross contaminate their criminal IDs with tiny fragments of their pre-criminal activities that might provide small threads that can be pulled upon. Whilst this might be true, it's the way Brian earns his living[1] thus the fact that the bulk of the crimal usage is with stolen IDs or Domains means way way more innocent people are left very very vulnerable for his convenience. But I suspect that Brian maybe being economical with the truth, I very much doubt that the use of Whois is the only way he can track supposed criminals down, just the easiest cost/effort for him.

But as Brian has demonstrated in one of his pieces the likes of the Scientology Cult has payed people to make false applications for a few dollars such that they can run faux rehab centers that are not just dangerous (ie causing death) but push the Cult of Scientology with all the damage and debt that brings into peoples lives.

[1] There is an old saying about "The impossibility of persuading a man of the wrongness of his opinion, when his living depends on his being wrong".

Erasmus B DragonJune 22, 2018 1:59 PM

You can kill or rape someone in the US and be sentenced to less than 20 years.

What an f-d up world this is.

JG4June 23, 2018 4:54 PM


I missed the two best pieces on the first pass:

https://www.nakedcapitalism.com/2018/06/links-6-22-18.html
...
The Billionaire Class is Not Fit to Rule – Paul Jay Real News Network. A fundraising pitch, but very good regardless. And if you are flush, TRNN is a worthy cause.
...
The man who was fired by a machine BBC
...

The story about being fired by a machine has elements of Robert DeNiro in the movie Brazil, Catch-22 and 1984 all mixed together.

We might cut to the chase and say that humans are not fit to rule other humans, which would be a libertarian viewpoint. It is clear that the machines are not yet ready, but may someday be fit for purpose.

justinacolmenaJune 25, 2018 5:44 PM

someone tried to steal a domain name at gunpoint.

Nice try. Who are going to shoot for a domain name? Is it part of some grand scheme to get around all the military types at the Pentagon who control the "." at the top level of the hierarchy?

Someone might have made some sort of threat of the type we have to be oh-so-careful of in America's post-9/11 red-light district, or perhaps even pointed a firearm at someone, and a domain name may even have been involved in the dispute, but in reality, you cannot "steal" or even "rob" abstract intellectual property rights to a "domain name" at gunpoint. The lawyers are going to get in deep trouble with the bar on this one.

20 years in jail

Outrageous, far out of proportion, cruel, and unusual, unless someone was actually shot and seriously hurt or killed. The attorneys on both sides of this case as well as the judge are definitely in trouble with the bar on this one.

At most, "brandishing" a firearm, if it even went that far. A misdemeanor at most.

Can someone just grab these lawyers by the knot of their necktie, shake them until their heads are flopping loose, hold them up to the wall, and talk some sense into them? Even that wouldn't be enough to get you 20 years in the slammer.

The Mob took over the D.O.J.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.