Header graphic for print
LimeGreenIP News

U.S. Domain Names: Stand and deliver…your domain name!

Domain name theft (or hijacking) is not a new phenomenon and in fact is a lot more common than most people realise; hence the need to take adequate security precautions in relation to email and domain name registrar accounts.  Nevertheless, most domain name thefts are carried out virtually and thus peaceably, by hacking into the registrant’s email or registrar account.  However, in what appears to be a rather dramatic first, a felon in the US has carried out a violent armed domain name robbery attempt and received a 20-year custodial prison sentence for his crime.

Back in 2011, Anchovy News reported on the first person to receive a prison term for domain name theft – cybercriminal Daniel Goncalves.  Goncalves, a 25-year-old law firm computer technician, apparently hacked into the email account of the registrant of the domain name <p2p.com>, which was at the time estimated to be worth between $160,000 and $200,000, in order to retrieve the login and password details for the registrar account in which the domain name was held.  He then did an internal push of the domain name into an account he controlled with the same registrar and then a further push to another registrar after waiting out the 60-day registrar lock.

Subsequent to listing the domain name for sale on eBay, Goncalves sold it to an NBA basketball player (who was unaware of the fact that the domain name was stolen) for $111,211.  It took over two years after the initial theft and a great deal of investigation by the previous registrants and the New Jersey Cyber Crimes Unit to mount a successful legal action against Goncalves.

Goncalves was sentenced to five years in prison by the New Jersey State Superior Court after pleading guilty to unlawful taking or deception, identity theft and computer theft in a plea bargain arrangement that spared him a possible 15-year sentence.

The most recent case of attempted theft concerned the domain name <doitforstate.com>.  The website to which this domain name previously resolved was a chronicle of the boozy, raunchy antics of students of Iowa State University that now appears to have been replaced by a similarly-titled Twitter account.

In an attempt to steal this domain name, it seems that, according to the Iowa State Department of Justice Report, 43-year-old Sherman Hopkins, Jr. entered the home of its 26-year-old registrant Ethan Deyo in Cedar Rapids, Iowa on 21 June 2017 “wearing a hat, pantyhose on his head, and dark sunglasses on his face“.  He was also carrying a stolen Smith & Wesson 9mm pistol, with which he threatened Deyo.  When Deyo tried to shut himself in an upstairs bedroom, Hopkins kicked the door open and demanded to know where he kept his computer.  Having located said computer, Hopkins then ordered Deyo at gunpoint to turn it on and follow the instructions he pulled from his pocket for pushing his domain name to another account with the domain name’s registrar.

When Deyo asked Hopkins for a mailing address and telephone number, as per the requirements of the registrar in question, Hopkins pistol whipped him several times before also pulling out a Taser and “tasing” him several times.  When Hopkins cocked the gun, a life or death struggle ensued and Deyo managed to get control of the gun, although he was shot in the leg during the scuffle.  Deyo then shot Hopkins multiple times in his chest and contacted police.

One can only speculate on Hopkins’ motivations for trying to steal the domain name, but the presence of compromising photos on the associated website would seem unlikely as it was reported that it had not been resolving for a month before Hopkins tried to steal the domain name.

Although it may be difficult to protect oneself against violent, armed domain name robbers like Sherman Hopkins, Jr., it is crucial, and considerably less difficult, to secure one’s domain name against the more run-of-the-mill cybercriminal.  At the most basic level, both the email account linked with a domain name registrar account and the account itself should be protected with secure passwords.  Additionally, there are locks both at the Registry and registrar level that can be applied to ensure that your domain names remain secure.

In general all registrars offer a registrar lock service and more and more Registries are now also offering ways of locking domain names at the Registry level.  These locks ensure that a domain name cannot be transferred or altered without the explicit permission of the registrant.


This post is selected from our Anchovy News publication: Anchovy® is our comprehensive and centralised online brand protection service for global domain name strategy, including new gTLDs together with portfolio management and global enforcement using a unique and exclusive online platform developed in-house. For more information please contact us at  anchovynews@hoganlovells.com