A couple of days back, I saw an article about theNetNG, google it here.
Yesterday, our primary domain www.thenetng.com was compromised by internet hackers, who criminally gained access to our servers and illegally took possession of our identity.
We are convinced this is a calculated attack by detractors to unsettle and distract us, knowing our third anniversary (April 26) is just around the corner, as well as the inaugural Nigerian Entertainment Conference holding next Friday
This incident occurred in the early morning of Thursday April 18, and the hijackers immediately followed up with an email, announcing their operation and demanding $1,200 ransom to reclaim our property. They have since sent other emails, and made fresh requests, which we are reviewing with our lawyers, registrars and IT team.
It is the first time since we registered the domain in 2009, that such security breach would occur. And even though we considered our readers, advertisers and partners, our management took a firm decision not to engage with the criminals.
After careful considerations, we decided yesterday, that we will not be negotiating with the hijackers, that we will not bow to these cheap internet terrorists. And we will definitely not be paying the requested ransom money ($900 as at their last email).
As a web developer (and hacker of some sorts), this information presented a scenario that a typical Nigerian would describe as having a “k-leg”. I decided to review and see if I could figure out what happened.
First, a hacker can not just take over your domain. Hosting files, yes, domain no. I am not saying it isnt possible, but it isnt common. The only way you can lose your domain in this kind of attack (if that is your lingo of preference) is if you do not renew it. I checked the whois information and the domain history.
The domain was registered in September 14, 2009, which means it expires (should be renewed) September 14 every year. The article made a reference to April 2013. The last update date was May 3 2013. That is a six month difference between the supposed last expiration date and the “hijack” date. Domains usually ave a 90 days period between their expiration and availability to the general populace. Source: http://whois.ws/whois/thenetng.com
The domain history shows the previous and current registrars of the domain. http://whois.ws/domain-history/thenetng.com. It was previously managed by AntiGravity. My suspicion is that there was a fallout between theNetNG and AntiGravity, leading to the non-renewal of the domain.
The domain was promptly hijacked.
A fallout (likely), a loss of the domain by AntiGravity? (I don’t think so). Checking the screenshot history of the site using the Wayback Machine showed that after 2009, AntiGravity was no longer the designer/developer of the website. It had been transferred to Unstoppables International.
Site by AntiGravity: http://web.archive.org/web/20100619051112/http://www.thenetng.com/
The site by Unstoppables: http://web.archive.org/web/20130402195125/http://thenetng.com/
AntiGravity uses 1&1, Unstoppables uses GoDaddy
Was there an issue during domain transfer? Was the domain not renewed by Unstoppables? Did AntiGravity still have control of the domain? We really cant say.
The $1200 value requested for is a standard amount charged by domain squatters. It isnt a ransom money, it is the price you pay for negligence.
Advice: if you have a valuable domain name, register it for the maximum number of years allowed, 10 years and have your mind at rest. Oh, registrar lock is a nice option too.