In 2014, we noticed a growing number of domain theft cases. These people contacted us with similar stories: their domain portfolio, usually full of revenue generating websites, has disappeared. Poof. Many times, the victims are not aware of the theft until days or weeks after it happened. In other words, they did not follow some simple steps to protect their domains.
We are happy to report that in 2014, and the early stages of 2015, we recovered possession of approximately 486 domain names with a combined estimated value of over $3.5 million dollars. Many of these domains included three and four letter domain names as well as highly brandable words and phrases.
To recover these domains, we worked with domain name registrars from all over the world, including eNom, Moniker, GoDaddy, NameSilo, OnlineNIC, Tucows, MyDomains, TMnet, Telstra, China Telecom, and others. We reviewed tens of thousands of registrar records to locate the criminal’s IP addresses or other digital fingerprints. Once located, we have served defendants all over the world.
By working closely with registrars, and the Verisign registry, we have formed valuable relationships that help speed the pace of recovery.
Every domain theft case involves a complex puzzle of jurisdictional, procedural, and substantive issues. We approach each case with one goal in mind: getting the domains back into our client’s possession as fast as possible. We understand that time is money and every day a domain is inaccessible, you are losing money.
Properly litigating a domain theft case is something that can only be done by experienced Internet attorneys that understand the steps involved. We are proud to help our clients regain possession of their property and look forward to thwarting the efforts of hackers as 2015 continues.
Domain theft cases are legally complex in ways that can surprise clients who expect the process to be straightforward. A domain name is personal property — courts have recognized this much. But the mechanisms for recovering stolen domains cross multiple areas of law, involve multiple parties in multiple jurisdictions, and require both speed and precision to succeed.
When a domain is stolen, the thief typically exploits access to the registrant’s email account, uses that access to authenticate with the domain registrar, and then transfers the domains to a different registrar — often one located in a foreign jurisdiction with limited cooperation with U.S. legal process. The entire process can take minutes. The victim may not discover the theft for days or weeks.
The first legal step in recovering a stolen domain is filing a complaint and seeking a temporary restraining order (TRO) and preliminary injunction in federal court. The TRO serves two purposes: it prevents the defendant from further transferring or monetizing the stolen domains, and it notifies the registrar that the domains are subject to litigation, which typically causes the registrar to lock the domains in place pending resolution of the dispute.
Obtaining a TRO requires demonstrating a likelihood of success on the merits, irreparable harm, that the balance of equities favors injunctive relief, and that the public interest supports it. In domain theft cases, the irreparable harm element is usually satisfied by showing that the domains produce revenue and that the loss of that revenue cannot be fully compensated by money damages after the fact — particularly when the thief may be overseas and effectively judgment-proof.
One of the most challenging aspects of domain theft litigation is serving defendants who are overseas and who may have taken deliberate steps to obscure their identities. Our work in domain theft cases has required us to develop protocols for identifying thieves through IP address analysis, registrar records, payment records associated with domain monetization, and other digital forensic evidence. Once identified, defendants located abroad must be served under the Hague Convention on Service Abroad of Judicial and Extrajudicial Documents, or through alternative means of service authorized by the court when Convention service is not available or practicable.
The domain name system involves multiple layers of entities — registries that maintain the master database for each TLD, registrars that sell domain registrations to the public, and resellers that act as intermediaries. Recovering a stolen domain requires working with each of these entities effectively. Registrars vary widely in their responsiveness and willingness to cooperate with legal process. Our experience with registrars worldwide, including the relationships we have built through years of domain theft litigation, gives us the ability to navigate this ecosystem faster than attorneys who handle these cases infrequently.
The Verisign registry, which operates the .com and .net TLDs, has well-established procedures for responding to court orders and legal process in domain theft cases. Working effectively with Verisign requires understanding its specific procedural requirements — requirements that differ from those of other registries and that, if not followed correctly, can cause significant delays in domain recovery.
Domain theft cases are not matters where a measured, deliberate pace serves the client’s interests. Every day that a stolen domain is in the thief’s possession is a day of revenue lost, customer confusion created, and potential damage to the domain’s SEO equity. High-value domains can lose significant search engine ranking within days of going offline or being redirected. In some cases, thieves monetize stolen domains by pointing them to competing websites or pay-per-click parking pages, directly converting the domain owner’s traffic into revenue for the thief.
The speed with which we have been able to recover domains for clients is a direct function of the preparation, experience, and relationships we have built in this area. We have the legal templates, forensic protocols, and registrar relationships in place to move from initial client contact to TRO filing in hours when the situation demands it.
If your domain names have been stolen, contact Revision Legal immediately. Time is critical. Our internet attorneys have successfully recovered hundreds of domain names for clients worldwide, and we have the expertise and infrastructure to move quickly on your behalf. Contact us today — the sooner we begin, the better your chances of a full recovery.
The clients who contacted us in 2014 and 2015 with stolen domain names share a common characteristic: they had not taken the security steps that would have made the theft significantly more difficult. In nearly every case, the theft was accomplished through the registrant’s email account — the master key to the registrar account — and could have been prevented or made materially harder by two-factor authentication, a dedicated registrar email address, and domain transfer locks.
The work of recovering stolen domains is satisfying, but it is also expensive, time-consuming, and stressful for clients who are losing revenue every day their domains are inaccessible. The better outcome — for everyone — is for the theft never to occur. For any domain portfolio owner reading this, the investment in security is trivially small compared to the cost of a theft and recovery litigation. Enable 2FA on your registrar account today. Enable transfer locks on every domain you are not actively transferring. Use a dedicated, private email address for your registrar account. And if your most valuable domains are worth protecting — and they are — contact us to discuss the full range of security options available for your specific registrar and portfolio.
Facebook agreed to pay $550 million to settle a class action lawsuit under Illinois’ Biometric Information Privacy Act. Here’s what the case means for biometric data law.
Read more about Facebook’s $550M Illinois Biometric Settlement
Seizing an infringer’s domain name is one of the most effective ways to stop IP theft online. Here’s how courts order domain transfers and what rights holders need to show.
Read more about Seizing an Infringer’s Domain to Stop Infringement
Recent court decisions on what counts as an ‘autodialer’ under the TCPA suggest restrictions may be loosening. Here’s what businesses using automated texts need to know.
Read more about TCPA Autodialer Decisions: Are Restrictions Easing?