Arthur Wesley Kenzie, a Canadian security expert, has been sued by Gioconda Law Group, a New York-based law firm, which accuses him of trademark infringement, typosquatting and illegal interception of the company’s emails. As it turns out, this isn’t the only firm the man tried to extort money from.
According to JDJournal
, Kenzie came up with a great way to make easy money. He would register domain names similar to ones owned by high-profile companies.
Then, he would contact them to say that he had identified a serious vulnerability in their email systems.
The vulnerability isn't actually a bug. Instead, if a user sent an email to an incorrect address, the typosquatter, in this case Kenzie, would receive it.
One of the individuals he attempted to sell “the email vulnerability” to was Rapid 7’s HD More. Here's what he told More:
Alternatively, I would immediately agree to transfer the domain to your organization for a one-time nominal price of $295 provided that you would also agree in principle to paying me a negotiated or mediated non-improvident fee in consideration of my expertise in bringing this vulnerability to your attention and in ensuring that no malevolent entity is able to exploit it for their own purposes
As expected, the expert didn’t give in to the scammer’s attempts, Attrition.org reports
However, the man wasn’t discouraged and tried to use his tricks on others such as NewsCorp, McAfee, MasterCard and McDonald’s.
He even went as far as registering the lockheedmarton.com
domains, and contacted Lockheed Martin to report the “Black Hole email vulnerability.” The organization handled the incident by filing a Uniform Domain Name Dispute Resolution Policy (UDRP) complaint
In an attempt to earn a profit from Gioconda Law Group, Kenzie registered www.GiocondoLaw.com
(the genuine domain is www.giocondalaw.com
) and intercepted a few private emails addressed to the firm.
The lawsuit filed by Gioconda Law seeks over $1 million (790,000 EUR) in damages.