The morning after I found out about the unauthorized transfer, I also called the FBI. I felt silly and dramatic making the phone call, but the reality is that this is an international cyber crime issue, and that’s FBI territory. And this is my business. It’s how I support my family, and it may be a “small matter” in the grand scheme of things, but it is not a small matter to me.This is great news. The FBI needs to do a better job of stopping online crime. It is a difficult task, but the damage done is great and the criminals don't seem very concerned with the level of law enforcement effort so far. The task is very challenging and requires international cooperation. We should be funding a great deal more of that and a great deal less spying.
And let me tell you: of all the surprises I’ve had over the past week or so, most surprising of all has been the FBI. They responded immediately, with follow-up phone calls and emails, an in-person interview with two special agents at my own home within 24 hours, and a follow-up visit from two agents yesterday. Beyond that, each and every agent I have interacted with over the past week has been, without fail, compassionate, thoughtful, invested, respectful, and committed to action…in addition to treating me not like a case number, but like a human.
What I expected was to leave a message with a general mailbox and at some point receive a form letter; I certainly did not expect to see an active investigation opened immediately. I’m not going to write more about the investigation because it’s still ongoing (although I did ask for and receive permission to write about this), but I think it’s important to say how absolutely blown away I have been by the FBI’s response.
The companies she relied on did not do as well in your review of the situation
And once I reached people who could help me – who could literally make a single phone call or push a single button and return my property to me (or simply freeze it so that it could not be sold or destroyed) – they would not. They hid behind their legal departments and refused to do anything, knowing full well that their inaction would force me to either interact with and pay off a criminal, or lose an essential component of my business.The solution for this is that we need to support companies that prioritize doing right over those that decide to follow lawyers that could care less about illegal activity and the customers of their companies being defrauded. We need to move our sites to those companies with a history of doing what is right. To this we need to learn about what companies do so, which I am not sure of (Gandi might be a good registrar). Also, of course, use strong password, and use 2 factor-authentication if possible (with all your email account and other accounts - such as your registrar). The person that had their domain stolen believes the initial theft occurred due to a stolen email account (without 2 factor authentication).
And hackers know that these companies will do this.
They rely on it.
There is a serious problem when a criminal enterprise not only exists “despite” a company’s policies, but actually thrives as a direct result of that company’s prioritization of their own interests over the security of the clients they allegedly “protect”. Do I understand why companies like HostMonster and GoDaddy are focused on protecting themselves against lawsuits? Of course I do. But the fact is that they not only do not “help” their customers, but actively contribute to creating situations that threaten small businesses and the families that they support.
Related: It is Refreshing to See Our Government Protecting Us - Bad Security on Government Required RFID e-passports - We Should Build Secure Software Systems