Internet espionage: domain name hijacking

What is standard domain name hijacking?

Standard domain name hijacking involves the wrongful taking of a domain name from the rightful owner by deceptive or fraudulent means. This can occur by various methods. One such method involves the ‘hijacker’ sending an email to a business impersonating the domain registrar in order to deceive the business into filling in private information on a fake website or into providing the ‘hijacker’ with private information by return email. The ‘hijacker’ then uses that private information to register themselves as the owners of the domain name.

What is reverse domain name hijacking?

Reverse domain name hijacking (RDNH) occurs when someone uses provisions under the Uniform Domain Name Dispute Resolution Policy (Policy) in bad faith, in an attempt to deprive the rightful registered domain name holder of their domain name. The reverse domain name ‘hijacker’ disputes the rights of the registered domain name holder in order to obtain the rights to the domain name or to have the registrant’s existing rights to the name cancelled.

Relevant rules

The Internet Corporation for Assigned Names and Numbers (ICANN) has adopted the Policy, which sets out the terms and conditions of any disputes over the registration and use of domain names. All registrants of domain names are bound by this policy upon registering their domain name.

When a trade mark owner wants to challenge a domain holder’s right to a domain name, they do so by filing a complaint against the domain name holder in accordance with the rules of the ICANN and the Policy. A majority of these disputes involve complaints that the registered owner has breached paragraph 4 (a) of the Policy in that the:

  1. registered domain name is identical or confusingly similar to a trade mark or service mark in which the complainant has rights;

  2. registered domain name holder has no rights or legitimate interests in respect of the domain name; and

  3. domain name has been registered and is being used in bad faith.

If the complainant can establish these three elements, they can then seek an order for the domain name to be transferred to them or, alternatively, cancelled. In response to these claims, the existing domain name holder usually argues that the complainant is using the Policy in bad faith in an attempt to deprive them of their domain name. That is, they claim that the complainant is guilty of RDNH.

Regulation of RDNH

The World Intellectual Property Organisation (WIPO) is one of the leading forums that enforce the Policy in an effort to resolve these disputes. The WIPO arbitration process requires parties to submit written submissions and evidence. Oral argument regarding the dispute is not permitted. Instead, parties to the dispute submit documents to WIPO for review. WIPO then reviews the evidence and makes a final and determinative decision. There has been criticism of the current regulation of RDNH, namely that the process does not allow for argument relating to the dispute to occur in person (which would allow a better understanding of the issues in dispute), has no avenue for appeal and provides no punishment or penalty for those found guilty of RDNH.

Lavan comment

To protect your domain names from ‘hijackers’ we recommend the following:

  • never give out your registration details over email or submit them to unauthenticated websites in response to emails – this may be someone impersonating the domain registrar to obtain your registration details. If you are unsure, contact the domain registrar directly and report any fake emails;

  • ensure that your registered email address for the domain has not expired. This will prevent hijackers from completing any user name and password retrieval forms to transfer the domain name to their own name;
  • warn your employees and others associated with your domain’s upkeep to remain alert and report anything they may think is suspicious;

  • when you register your domain name, ensure that you inform yourself as to whether there are any identical or similar domain names or trade marks. Avoid registering the name if identical or similar domain names or trade marks exist. This will help to prevent any claims of ‘bad faith’, which may lead to a RDNH claim against you; and

  • when entering into contracts make sure you retain ownership and sole right to maintain registration of your domain names and trade marks. This will ensure that there is evidence as to these issues if there is a later dispute.