How-to
Warning Web-Based Email |
|
|
|
 |
| Advisory |
|
In Mar 2003, a client from Portugal Fernando Manuel had
his domain name hijacked after someone hacked one of his yahoo accounts and read an email with
login/password to his domain name registration provider, totalnic.com. We setup web hosting at WIJ for Fernando,
but he could not redirect his DNS to point at WIJ servers because at approx the same time the hijacker took over his yahoo account
and subsequentially his totalnic domain name registration account. What we later found out is web-based email accounts
such as Yahoo and Hotmail are insecure. To obtain a password to these accounts simply send a convincing text
email to the web-based email account provider and they will reissue your password. Yes, to anyone!!
|
Hijacking a domain name is a very serious crime.
Japan for instance has zero tolerance and any caught doing any cyber crime will be thrown in jail and have the key thrown away.
So what happened after the domain name was hijacked. The hijacker has yet to transfer the domain name over to his custody.
However he has changed the password on the domain name registration account and pointed the DNS to a sleazy ISP in the states
that specializes in hosting porn sites. The hijacker then put misleading and false incriminating information on the web site for the
express purpose of using the false information as evidence in court and to falsly prove that he was in the right all the time. If the
hijacker does transfer the domain. We have him!! Domain names cannot be hidden and the identity of the hijacker will be quickly
found out. Totalnic.com is in the process of changing the password and fixing which servers the DNS record points to. Please take a
look at scumbagsinjapan.com to see what the hijacker has done. We know who the suspected hijacker probably is based on how the
contents where changed. Please note the contents on the site can be changed by the hijacker at anytime, so take what you read with
a giant grain of salt. |
|
|
WIJ will not register a domain name and put the owner email
address as a web-based email address. Furthermore WIJ will not issue passwords for our client's accounts if the request comes in
by email or FAX. Only requests, which we'll issue passwords, must come from either snail mail (with signature) or phone calls from
the client. When receiving requests please be aware that we know our clients and will recognize their voices. Requests from
unfamiliar people will be recorded!! And if warrented we will follow up, prosecute, and publicise cyber crime.
|
|
|
|
|
|
|
