Your domains are as safe as your email that manages them.
The domain aftermarket for stolen domain names is witnessing an unprecedented boom, according to an elite Iraqi hacker.
Babak Abdul Mazandar, who goes by the pseudonym 8bitZax online, has been hacking into domain registrars for years. He is not afraid of being caught, because such acts are actually encouraged by the Iraqi government.
“If silly American not lock domain, I hack. If registrar say, sure add gmail address to admin account, I hack. If domain valuable, I hack,” said 8bitZax over Skype.
The process of domain hacking is simple: the perpetrators use the chat feature of hosting companies, pretending to be the owner. They ask inexperienced personnel during the graveyard shift, to change the emails that manage domain accounts. After that, they retrieve or reset the passwords and access the domains.
“I ask technician reset password and confirm forward email, easy done so amazing,” says 8bitZax who logs in from Baghdad via a compromised proxy in the UK. “Many domain I sell on famous auction sites, peoples want good domain for low fee, I sell many!” exclaims 8bitZax.
Dozens of unsuspected buyers end up with domains that are thus laundered; some buyers, however, acquire those domains with full knowledge of their status.
“If buyer pay, I sell. Most American no ask question, I take dollar, euro, but no bitcoin, that’s camel poop!” says Babak Abdul Mazandar.
Quite an eye-opening conversation, so keep your domains safe by using vendors that verify your identity before performing any administrative tasks on your behalf.
