Gmail Flaw Drives Domain Dupe

Dennis Faas's picture

Own a blog? Like your domain name? Granted, it's hard to believe anyone would really want the first and last name of the average American for a domain, but that's exactly what happened to David Airey and Hackers recently fudged a domain transfer on Airey's behalf, and then demanded a ransom for its return.

Airey is a web designer and, like many in the tech biz, takes his blog somewhat seriously. Not long ago, he decided to take a break from the stress of work, jetting with his girlfriend to India on an exotic vacation. Unfortunately for Airey, he returned to find that his blog had wandered off in the night.

Airey's vacation lasted a month, beginning on the 21st of November. When he returned recently, he was stunned to find that had 'disappeared'. Convinced that it was a domain expiration slip-up, Airey quickly contacted his host, ICDSoft. It didn't take long for the web designer to put two and two together: hackers had made a fraudulent domain transfer request via his web host support panel just as he was stepping on that flight bound for Asia. (Source:

How had they done it?

According to reports, Airey's announcement on his blog tipped off hackers, who promptly attempted the transfer the day he left for India. They exploited a number of critical flaws in Gmail in order to complete the deal.

Of course, the hackers don't appear to have taken much interest in or its content. They saw a web designer passionate about his blog, and when he demanded a reverse in the transfer (a request his host could do nothing about), the hackers demanded he pay $650 to get it back. Shortly thereafter, the web fiends dropped the price to $250. (Source:

Luckily for Airey, it all worked out in the end. His domain registrar,, was eventually able to reverse the fudged transfer.

And yet, the lesson remains: be careful with your Gmail, and take a close look at settings to ensure similar hacks have not been made to your account.

Rate this article: 
No votes yet