Web versions

Cybersquatting for politics, not profit

“We’ve seen domain names change hands for extraordinary amounts of money.”

Australian security researcher Troy Hunt.

Buying and selling domains based on common words or phrases is big business. Famously Sex.com sold for $13 million ($11.7 million) in 2010, and was the most expensive domain sale of all time at the time. Elon Musk claims his company had to pay $11 million for Tesla.com, and earlier this year NFTs.com changed hands for $15 million ($21 million).

But in addition to squatting a domain to sell it, businesses can register a competitor’s name and try to redirect traffic to their own site, much the same way businesses buy Google ads based on their rivals’ searches. .

A famous Australian example of cybersquatting saw Catch Group delay an Australian version of US transaction giant Groupon in 2011, buying up the local domain and brands while redirecting to its similar Scoopon service.

Hunt said criminals also often take over domains similar to popular sites (or containing misspellings of popular sites) in hopes of tricking victims. In the case of One Nation however, he said it seemed sleazy but by no means illegal.

“In the case of Pauline Hanson, there appears to be a motivation to influence people researching these topics to end up on her material, as opposed to where they would think they would end up based on this subject,” he said.

One thing that could stand in the way of the party are the strict rules employed by AuDA, the regulator in charge of Australian domain names. Registrants must have a connection to Australia to use a domain ending in .au, and domain names must be closely related to the registrant’s name, brand or company, or to a service they provides, according to the AuDA.

But while the AuDA could veto One Nation’s .au registrations, the other websites would remain standing.

“Registration criteria depends on the top-level domain (TLD), so if you want to grab a .com, you can get whatever you want as long as it’s available,” Hunt said.

Meanwhile, Australian Small Business Ombudsman Bruce Billson has raised concerns that the problem of cybersquatting could be exacerbated in the coming months as changes to the way Australian domains are registered. will come into force next month.

Bruce Billson, Australian Small Business Ombudsman

Bruce Billson, Australian Small Business OmbudsmanCredit:Dominique Lorrimer

In March, the AuDA opened registrations for .au top-level domains, meaning companies can apply for something like example.au. Individuals and businesses who already have a .com.au domain can apply for priority access to get the same without the .com but, from September 22, all unused domains will be available for public purchase.

“I implore all small business owners to take a few minutes to figure out if they want the shortened .au domain or if they’ll be upset that someone else has it,” Billson said.

“If you want it, small business owners, I urge you to take a few minutes and a few dollars to register it or potentially face someone else grabbing it and using it to digitally ambush your company, only to demand big bucks later to give it back to you, or misuse it to impersonate you or help them engage in cybercrime.”

Even though the AuDA implemented a six-month window for owners of existing domains to register new addresses, Billson said the public awareness campaign had been ineffective.


“My commitment to small businesses is that they are generally unaware of this change or understand the potential consequences,” he said.

“Domain names are the identity of a business and are essential to its success. Small businesses cannot afford to sell their identity to someone else.

Hunt said that while copycat cybersquatters were a concern, there was little companies could do to prevent them. Squatters not only have an endless variety of top-level domains to use, but also variations on phrases and spelling.

“It’s a bit of a mole, to be honest. You end up in a situation where you try to get all these different variations, and you never get there,” he said.

“Ultimately, if the domain name itself, excluding the TLD, is something people recognize, and it looks like what they’re looking for, they’ll just click on it.”

Hunt runs the popular Have I Been Pwned website, which allows users to search their email addresses or phone numbers to find out if they’ve been affected by data breaches. He said he always fights copycats and squatters; for example, HaveIBeenPrawned.com is owned by Hunt and redirects to the correct site, but HaveIBeenPawned.com is full of spam.

“I have HaveIBeenPwned.ninja because someone registered it and sold it to me,” he said.

“There’s kind of an assumption that the TLD is somehow geographically related, but there’s a lot of people who have registered .tv domains, the TLD for Tuvalu, because it looks cool” , did he declare.

Get tech, gadget and gaming news and reviews in our Tech newsletter every Friday. Register here.