Cybersquatting for nonprofit politics

“We’ve seen domain names change hands for extraordinary amounts of money.”

Australian security researcher Troy Hunt.

Australian security researcher Troy Hunt.

Buying and selling domains based on common words or phrases is big business. Famously sold for $13 million ($11.7 million) in 2010, and at the time, it was the most expensive domain sale in history. Elon Musk claims his company had to pay $11 million for, and earlier this year changed hands for $15 million ($21 million).

But in addition to taking over a domain to sell it, companies can register a competitor’s name and try to redirect traffic to their own site, similar to how companies buy Google ads based on their rivals’ searches.

A famous Australian example of cybersquatting saw Catch Group delay an Australian version of US deal giant Groupon in 2011, buying the local domain and trademarks while redirecting to its similar Scoopon service.

Hunt said criminals also often seize domains that are similar to popular sites (or contain misspellings of popular sites) in hopes of catching victims. However, in the case of One Nation, he said it seemed shady but in no way illegal.

“In the case of Pauline Hanson, there seems to be a motivation to influence people searching for these themes to end up in her material, as opposed to where they would think they would end up based on that theme,” he said.

One thing that could stand in the way of the match is the strict rules employed by AuDA, the regulator in charge of Australian domain names. Registrants must have a connection to Australia to use a domain ending in .au, and domain names must be closely related to the registrant’s name, trademark or business, or to a service they provide, according to AuDA.

But while AuDA could veto One Nation’s .au registrations, the other websites would remain standing.

“Registration criteria depend on the top-level domain (TLD), so if you want to get a .com, you can get whatever you want as long as it’s available,” Hunt said.

Meanwhile, Australia’s small business ombudsman, Bruce Billson, raised concerns that the problem of cyber squatting could be exacerbated in the coming months, as changes to the way Australian domains are registered They will take effect next month.

Bruce Billson, Australian Small Business Ombudsman

Bruce Billson, Australian Small Business OmbudsmanCredit:dominic lorrimer

In March, AuDA opened registries for .au top-level domains, meaning businesses could apply for something like .au. Individuals and businesses that already have a domain can request priority access to get the same without .com, but from September 22 all unused domains will be available for public purchase.

“I implore all small business owners to take a few minutes to decide if they want the .au domain shortened or if they won’t be happy someone else has it,” Billson said.

“If you want, small business owners, I urge you to take a few minutes and a few dollars to register it or potentially face someone else who takes it and uses it to digitally ambush your business, to demand a lot of money later. to hand it over. , or misuse it to impersonate you or to help them commit cybercrime.”

Despite AuDA setting up a six-month window for existing domain owners to register new addresses, Billson said the public awareness campaign had not been effective.


“My commitment to small businesses is that the overwhelming majority are not aware of this change or understand the potential consequences,” he said.

“Domain names are very much a company’s identity and are critical to its success. Small businesses can’t afford to sell their identity to someone else.”

Hunt said that while copycat cybersquatters were a concern, there wasn’t much companies could do to prevent them. Squatters not only have an infinite variety of top-level domains to use, but also variations in phrases and spellings.

“It’s a bit crazy, to be honest. You end up in a situation where you’re trying to get all these different variations, and you never can,” he said.

“At the end of the day, if the domain name itself, excluding the TLD, is something that people recognize and sounds like what they’re looking for, they’re just going to click.”

Hunt runs the popular Have I Been Pwned website, which allows people to search for their email addresses or phone numbers to find out if they’ve been affected by data breaches. She said that she is always fighting copycats and squatters; For example, is owned by Hunt and redirects to the right site, but is full of spam.

“I have because someone registered it and sold it to me,” he said.

“There’s kind of an assumption that the TLD somehow has some geographic link, but then there’s a lot of people who have registered .tv domains, the TLD for Tuvalu, because it sounds great,” he said.

Get news and reviews on tech, gadgets and games in our tech newsletter every Friday. Sign up here.

Be the first to comment

Leave a Reply

Your email address will not be published.