Domain-name wars: Rise of the cybersquatters

Computerworld - When the Web site FreeLegoPorn.com began publishing pornographic images created with Lego toys, trademark owner Lego Juris AS, which sells the popular plastic building blocks for children, acted quickly. "The content available on the site consisted of animated mini-figures doing very explicit things. We were not amused," says Peter Kjaer, an attorney for Billund, Denmark-based Lego.

Lego didn't go to court. Instead it filed a complaint with the World Intellectual Property Organization's (WIPO) Arbitration and Mediation Center, which ruled in its favor. The domain registrar for FreeLegoPorn.com, Scottsdale, Ariz.-based GoDaddy.com Inc., eventually shut down the site and transferred the domain name to Lego, in compliance with the Uniform Domain Name Dispute Resolution Policy (often called the UDRP), a procedure set up by the Internet Corporation for Assigned Names and Numbers (ICANN) to address domain-name brand abuse.

(ICANN is the international organization that coordinates the Internet's domain-naming system. Domain registrars are companies accredited by ICANN or a national authority to sell and register domain names on behalf of individuals, companies or other organizations.)

The UDRP process, set up 10 years ago, saves time and money by getting offending sites down relatively quickly and without lengthy lawsuits. But it hasn't deterred cybersquatters, who can come up with domain names that play on a virtually unlimited number of variations on well-known brand names, including common misspellings of those names, to drive traffic to their own sites.

People intent on visiting a brand's Web site may instead end up on a cybersquatter's site and then find themselves redirected to a phishing site or a site with objectionable content or -- most commonly -- advertising that may link to competing products and services. The most popular brands can be the target of thousands of cybersquatting sites.

Bad for business

Cybersquatting can damage a company's brand reputation and result in substantial business losses. One company that has tried to defend itself is Verizon Communications Inc., which has aggressively pursued cybersquatters and reclaimed thousands of domain names related to its businesses. This year it activated many of those and set them up to redirect users back to its own Web site.

"We're on track to bring in 9 million new visitors, just from the names we've been able to get back," says Sarah Deutsche, vice president and associate general counsel at Verizon.

But it's not just the big names like Verizon that are suffering. Green energy is a hot topic right now, so cybersquatters have been targeting wind and solar energy start-ups, Deutsche says. "A lost sale for them is a huge hit."

Malicious sites can create havoc with a brand's reputation. In some cases, criminals have copied a brand's entire Web site in order to collect usernames and passwords. They then try to figure out where else on the Web that name and password might work. "Guess the fake. You can't, usually. It's pretty nuts," says Fred Felman, chief marketing officer at MarkMonitor Inc., a San Francisco-based domain registrar that also monitors brand abuse activity for corporate clients.

Eighty percent of the cybersquatting sites MarkMonitor tracked in early 2007 were still online one year later, Felman says. Why aren't brand owners pursuing them? Some businesses have had to prioritize which cybersquatters to pursue, while others have given up on the problem or have chosen to ignore it.