One of the first steps to take as an aspiring business owner or an entrepreneur with a great idea is registering your business with the appropriate authorities. Similarly, in the era of the digital economy, it is important to also register the domain name — a unique name that identifies you on the Internet.
Domain names are of two structures: first is the generic top-level domain (gTLD) such as .com, .net, or .org controlled by the Internet Corporation for Assigned Names and Numbers (ICANN), and the other, country code top-level domain (ccTLD) such as .ng, .gov.ng, or .com.ng, are under the purview of Nigeria internet Registration Association (NiRA).
Once someone has registered a website domain name with a provider, that name cannot be used by anyone else.
If someone then registers a domain name with your brand, with the intention of phishing or other fraudulent activities, a case could be made for cybersquatting.
A telling example was the dispute between Jumia and Konga, as the latter accused the former of registering domain names in other African countries before it could do so itself.
A case study of cybersquatting gTLDs for African states
At 2:34 a.m., on January 24, 2020, we received a strange tip-off from a certain Brian S. Luedke, trying to give us a heads-up about the Internet in Nigeria and some other African states.
“Something weird is happening to the Internet in Nigeria. To see what I mean, check out .com sites such as Zamfara.com, Adamawa.com, Nasarawa.com, Bayelsa.com, PlateauState.com, RiversState.com, OgunState.com, EkitiState.com, and about ten other .com sites with the same format,” said Luedke.
“About half of Nigeria’s 36 states are affected,” he added.
“Dodoma, the capital of Tanzania, is having the same issue with Dodoma.com. So is RDCongo.com.
“Apparently someone has hacked or taken over the most prestigious .com domain names/Internet addresses in Nigeria, and indeed throughout the African continent.”
He also claimed to have traced the source of the problem to one Yakob Kolokoltsev, a Russian national from Shum Laka in Northwestern Cameroon, near the Nigerian border.
At first, this seemed interesting, but his next remark revealed his true intentions.
“Supposedly, he is only demanding $5,000 for each of these .com domain names. He said he can sell them through a trusted 3rd party site such as Escrow.com or Dynadot Marketplace (Dynadot.com), to protect both buyer and seller from any misunderstanding or fraud.
“Buyer can choose whichever escrow service, to ensure a smooth transfer,” he concluded.
First off, in case you weren’t sure, official websites used by the Nigerian Government are usually with the .gov.ng domain name. Some examples are riversstate.gov.ng, ogunstate.gov.ng, and lagosstate.gov.ng.
Similarly, the official website for Dodoma, Tanzania’s capital is dodoma.go.tz also with the country code for Tanzania and not with gTLDs.
However, since .com domains are arguably the most popular in the world, we were not sure what anyone hoped to achieve, by registering .com domains with state governments, besides the obvious intention to deceive unsuspecting users who naturally type .com when searching for a website.
So, of course, we went searching
With the aid of domain name checkers, we tried tracking down the Russian culprit, instead, we found the registrant of all the websites to be Brian S. Luedke, our concerned informant, with Dynadot LLC — a California-based domain provider — as the registrar.
Rather than the world heritage site of Shum Laka Cameroon, we found his phone number and address in San Mateo, California.
Apparently, our informant has been registering domain names around the world, as a reverse search on his email address also revealed his full name, Scott Luedke Brian Rubaduka, and 13 other domains from different countries registered to his name.
Some of them include a domain with the name of the current First Lady of Ivory Coast, Dominique Folloroux-Ouattara, and countries like Guinea Bissau, Burundi, Benin Republic, Chad, Haiti, and Guatemala.
What can be done when something like this happens?
The rules that guide against cybersquatting in Nigeria are clearly stated in the Cyber Crime Act of 2015 (PDF). A cybersquatter is defined thus,
“Any person who, intentionally takes or makes use of a name, business name, trademark, domain name or other word or phrase registered, owned or in use by any individual, body corporate or belonging to either the Federal, State or Local Governments in Nigeria, on the Internet or any other computer network…”
Referencing the registered domains of the shortlived Nigerian Air, Timi Olagunju, cyberspace/AI lawyer and policy expert, opined that without meeting the preconditions of Section 25, subsection 2 of the Cybercrime Act of 2015, the mere registration of a domain name is not a crime itself. The section here states,
- A refusal by the offender to relinquish, upon formal request by the rightful owner of the name, business name, trademark, domain name, or other word or phrase registered, owned or in use by any individual, body corporate or belonging to either the Federal, State or Local Governments in Nigeria;
- An attempt by the offender to obtain compensation in any form for the release to the rightful owner for use of the name, business name, trademark, domain name or other word or phrase registered, owned or in use by any individual, body corporate or belonging to either the Federal, State or Local Government of Nigeria.
However, in this case, there is already a clear case of registered entities such as the various African state governments involved.
Also, Ridwan Oloyede, a privacy and data protection expert, points out that the demand for money ($5,000 or ₦1.82 million) all but confirms this action as an act of cybersquatting.
In Nigeria, NiRA handles all disputes as regards ccTLDs like .ng or .gov.ng and it is strictly forbidden for non-government entities to use the .gov.ng domains.
However, both Oloyede and Olagunju are careful to indicate that disputes with gTLDs like .com or .org domains are not under the purview of NiRA, hence issues like this can only be resolved with ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP) enforced by all domain name dispute resolution centres like the World Intellectual Property Organization (WIPO).
On possible prevention
For now, there seems to neither be an easy way to prevent cybersquatters from poaching a website, nor a foolproof legal system around the world to prevent such occurrences.
Despite all the stated measures, WIPO, while highlighting its dangers, reported a record-breaking 12% increase in cybersquatting in 2019.
For Enyioma Madubuike, our legal and policy columnist, the only feasible way to fend off cybersquatters, is to register the major gTLDs or ccTLDs of your website.
While this might not prove to be cost-effective, save for big or well-to-do brands, this might be one of the most realistic ways of protecting your brand from cybersquatters.
Oloyede opines that having a framework where those registering a gTLD would have to verify their brand name worldwide is still a policy proposition for the future.
“…you’d have to realise that trademarks are territorial, hence this might mean integrating trademarks of the entire world into one trademark registry, and most countries might not want this,” says Oloyede.
“Also some brands have acquired distinctiveness over a long time, in a particular territory, and while it looks like a fine proposition, it might create a new set of challenges,” Oloyede concludes.
Businesses or brands might be losing prospective customers daily to cybersquatters, and just like issues with intellectual property rights, until foolproof legislation comes along, business or brand owners might have to focus on expanding their digital presence.
Have a digital technology solution for health, cyber-crime, Oil and Gas? Join the 2020 Nigeria Oil and Gas Hackathon. Submit your innovation at www.nogtech.ng.
Techpoint Build 2020 is holding virtually in August. Register free now to attend.
Nigerian startups raised $55.4m in Q1 2020; over 99% of which came from foreign sources. Find out more when you download the full report.