Someone took over the Australian Prime Minister’s domain name and is boasting about it on Facebook

UPDATE 20/10/2018

My prediction was incorrect – the domain is still under control of the prankster, lets just call him Jack (because that’s his name). Jack has apparently reached out to Scott Morrison offering to transfer it back over to him. The firm he works for have also made a press release. I have a feeling it borrows a bit from my article, but hey!

Check it out here: https://www.digitaleagles.com.au/social-media/secure-digital-assets-especially-youre-prime-minister/
————————————————————————————————————————————

So Prime Minister Scott Morrison forgot to renew his domain name scottmorrison.com.au and some dude from Melbourne purchased it and is pointing it to a WordPress installation. The simple website is just a single page with an image of the PM with Lustra’sScotty Doesn’t Know‘ obnoxiously playing in the background, sparking flashbacks of early 2000’s MySpace days.

He boasted it on his personal Facebook page which has lax privacy settings, but I don’t think subtlety was part of the plan here. Even so, I’m going to sanitise all screenshots.

blog31.png
Just look at all those internet points!

A whois lookup on the domain name shows that it was purchased by the same person whose Facebook account made the post:
blog32

Soon after, the contact details were changed from his personal gmail to a seperate one set up especially for this domain.
blog33
I’m not sure if he understands AUDA’s policies concerning .com.au WHOIS data, because changing the email address isn’t making him any more anonymous. For those playing at home, a .com.au is always tied to an ABN or ACN.

I also checked to see if this domain actually did belong to ScoMo:
blog34

Looks like it.

That’s pretty funny! What else can he do with the domain?

Well, now that he controls the domain name, he can set up a catchall mailbox and wait for emails addressed to the PM to come in. He could then enumerate which email addresses were signed up for which services, and then initiate password resets. He could also leak sensitive information (even inadvertently), possibly calendar and contact information for other world leaders depending on how the domain was set up and used previously, So, it’s actually kinda serious. Gabor, a cybersecurity expert, posted in his blog in August about the dangers of letting a domain expire and then fall into the wrong hands.

Of course, he could also impersonate the Prime Minister¬†by setting up an email address under @scottmorrison.com.au and sending a mean letter to the POTUS, so there’s that.

Oh. So, what can the PM do about it?

Unlike .com, which is the wild west of domain names, .au domains are governed by auDA, who outline the eligibility policies for .au and .com.au domain names. Such policies include anti-cybersquatting measures (for example, buying a domain for the sole purpose of selling it to someone else), and also requiring a genuine need for registering the domain, which should be in line with the purpose of the ABN required to register the domain in the first place.

For a normal person like you or I, we would have to lodge a dispute claim with auDA, stating that the domain wasn’t registered in good faith (it would be very hard to argue the point). It’s not clear how effective or costly this is, a Whirlpool forum discussion discusses .au cyber-squatting at length.

Of course, he’s not like us, he’s the Prime Minister. I suspect Scotty now knows, and will have contacted the right people to have regained control over the domain by COB tomorrow. I imagine our prankster will get a stern talking to, but hopefully not much else. And please, DON’T FORGET TO RENEW YOUR DOMAIN NAMES!