Re: domain name stolen and retrieved the whole story (GoDaddy security mechanism has serious loopholes)

3 days off, the Public Security Bureau has gone to work, I take the website value assessment report, to the Chengdu Public Security Bureau plans to file a case, but the former police officer to go out on the grounds that I will come to him at 9 o'clock tomorrow morning. No way, I had to go to the doorway of the Public Security Bureau in the early May 3rd. It was a lot of rain, cold and hungry that day. For more than an hour, the police officer's phone didn't even get through, but no police officer told the guard that the guard wouldn't let me in. I think this officer may be interested in not wanting to receive me anymore. I can't contact him again. So I said to the guard that I want to report the case, the specific situation and the first time to the Jinniu District Public Security Bureau of the same situation, later contacted a police officer of the Network Supervision Brigade, this is to let me in. Once I went in, I made a detailed statement of the whole story. As soon as the police officer heard it, he clearly handled the case on the Internet regularly, and he always had a very good attitude from beginning to end. In the process of receiving me, he received other people calling to report, saying that the equipment of the online game was stolen. He asked the other party to prepare the information for a trip and to carry out a survey. After listening to my statement, he looked at my assessment report, consulted with the colleagues, and came back to tell me that I did not use the report because the asset assessment company and evaluator lacked a government qualification certification, and the qualification certification was a Beijing Asset Assessment Association. This is a civil organization. The evaluation report of this kind of qualification can only be used for private transactions, not for judicial use. It must be certified by the price bureau or other government departments. I told him that I had found a lot of Chengdu's accounting firms and asset assessment companies, saying that I didn't have this qualification and could not do a website assessment, and a few can make a very high price. If I had to do it again, I would have to spend tens of thousands or even tens of thousands of dollars. If I hadn't solved the case in the end, I would have wasted all these tens of thousands of dollars. He said, "the filing process is very strict, and the data must be complying with the regulations before filing the case. But I listen to your story, understand your actual situation, young people do a bit of business is not easy, I can believe you, first help you to investigate, and the investigation has been progressed, there is a case of hope, you re to re do the evaluation report, and then we set up a case ", listen to the police officer said that I feel more comfortable in the heart, although I feel more comfortable in the heart, even though I feel more comfortable in mind, even though No hope was seen yet, but at least he promised to investigate first, if the hacker changed the DNS server of my domain name and had a further operation on the site, then he could contact him immediately.

because the hacker hasn't changed my DNS server, the website can be opened normally. No one knows that the domain name of the website has been stolen. Next I intend to do so, since the legal channels and GoDaddy complaints can not be done, then I have to submit domain name arbitration as soon as possible. In the first place, the lawyer said that arbitration could not be taken back to the stolen domain name, but GoDaddy said that as long as the arbitration began, they would lock up the domain name, and the hacker would not be able to revise the DNS. The longest period for ICANN to arbitrate is 60 days, that is, 60 days after the beginning of arbitration. Since I have no hope of getting back the domain name, I will have to replace the domain name in order to save a little loss. But before the arbitration began, I did not dare to change the domain name, I just turned the original domain name to turn, and the hacker could change the DNS immediately, so that the net friends could not know the new domain name. After the arbitration began, I immediately turned the domain name, and then procrastinating for 2 months. In the 2 months, I could rely on the Internet and the media as much as possible to tell the netizens to replace the new domain names. There are 2 months to buffer, how much to recover some losses. If hackers change DNS first, then the website will be controlled by him within the next 2 months. Even if I win the lawsuit, the website will be disabled. So this is a crucial step for me, and I can't afford to lose it all day. On the 3 day of

5, GoDaddy did not reply. I immediately set out to prepare materials for domain name arbitration. First, I need to have a detailed understanding of the policy and process of domain name arbitration. I spent a whole day on the official website of the Beijing Secretariat of the Asian Domain Name Dispute Resolution Center (https://www.adndrc.org/bjc_home.html), and finally I found out the detailed policy of domain name arbitration. Domain name arbitration can apply for arbitration of 2 domain names at a time. The minimum cost is $1000 (1 experts group, 3 expert group should be 2500 dollars). After submitting information, the Secretariat will first check it and confirm that no problems will be paid after they receive payment. After they receive payment, the arbitration will be officially opened. The arbitration organization will not control whether the domain name is stolen or not. All cases will be judged according to the Uniform Domain Name Dispute Resolution Policy (UDRP). The so-called UDRP has 3 main conditions:
(1) the disputed domain name is the same or obfuscation of the trademark or service trademark that the complainant has rights; and
(2) the complainant (domain name holder) does not have the rights or legal interests of the disputed domain name; and
(3) considers the disputed domain name to be registered maliciously and with a malicious registration. The reasons for the use.

domain name must satisfy these 3 conditions simultaneously, and the complainant can win the lawsuit. In the complaint, the complainant must elaborate on these 3 articles one by one. After that, the respondent will reply to the 3 articles one by one, and finally the panel will decide whether the controversial domain name is fully in line with the 3 conditions.

in order to write a domain name arbitration complaint, I began to see the outcome of the case before the official website of the Beijing Secretariat. Over a dozen pages, hundreds of cases were seen, all about domain names being registered, and some of them were defeated. Most of the losses were due to the absence of a registered trademark or trademark registration after the rush time of the domain name. Another part is that the domain name has not been used in the same industry where the complainant is located, but has made other websites, so it has not been identified as malicious use. Later I saw a case involving the theft of mrc.com domain name, and the complainant finally won the domain name. The case is somewhat similar to mine. It was stolen in GoDaddy because of the hacking of the GoDaddy account, which eventually led to the theft of the domain name. The only difference is that the original holder of mrc.com has already registered "MRC" as a trademark. So the case first satisfied the first condition in the UDRP policy. The complainant has not submitted any evidence to support the domain name registered by himself or the legal transaction with the complainant, and the expert group believes that the second conditions are also satisfied. The key is third conditions. I looked at the results of a lot of case decisions before, as long as the dispute domain did not do the station, or did the station, but the subject had no connection with the trademark of the complainant, and the complainant did not take the domain name to extortion the other, then it could not be regarded as evil, at least the verdict of the majority of the cases. It's all that's judged. However, the expert group in the case wrote, "the registration department of the domain name is transferred from the complainant to the complainant without authorization. The account of the domain name is transferred from the original registrar to the present registrar without authorization. The interests of the complainant as a legitimate holder of the disputed domain name should be protected, and the policy should not be tolerated illegally. "The occurrence of the domain name hijacking", and a sentence "the complainant has not proved that the dispute domain name has any rights or legitimate interests, and has become the holder of the dispute domain name, and has obtained the opportunity to sell the disputed domain name at any time or put into the improper use of the domain name, and no doubt constitutes a great deal to the legitimate rights and interests of the complainants." In this case, the expert group recognized the fact that the domain name was stolen by the complainant, although it was apparent that the mrc.com did not infringe the rights of the complainant, but the complainant "got the opportunity to sell the disputed domain name at any time or put into improper use", and the expert group considered the complainant to belong to the domain name maliciously. Therefore, the third conditions are also consistent with the final decision to return the domain name to the complainant.