On Thursday, April 18, 2013, the official website of Nigerian Entertainment Today was compromised by internet hackers. The hackers had criminally gained access to the company's hosting account and illegally took possession of their domain – www.thenetng.com.
The illegal act which occurred in the early hours of Thursday was calculated, well planned and took precise planning; the cyberpunk(s) managed to hack into one of the company's Google Mail accounts, gaining access to their domain hosting account at internet domain registrar and web hosting company Godaddy. Before making the transfer, the hacker(s) made sure all mails from Godaddy filtered to trash (just to make sure, if they sent any alerts to management of the NET, it won't be seen in the inbox or on devices linked with that particular mail). The hacker then transferred the domain thenetng.com out of NET's Godaddy account (while Godaddy alerted NET, sending series of confirmation E-mails to NET's Gmail, all correspondence filtered to trash) into another hosting company Onlinenic making it look like a legal transfer. The domain thenetng.com was then directed (using Static DNS Hosting, subdomain and domain hosting, Afraid.org) to multiple promo sites.
Few minutes after this occurred; the IT staff at NET reclaimed the Google mail account. Unfortunately, the transfer was too late to be reverted. Doing a WHOIS search, we discovered that the hacker(s) had also updated the domain's profile to a certain Rocco Mancini.
The hacker, using a Yahoo! E-mail account under the same name Rocco Mancini a few minutes later sent an E-mail to the hacked NET Gmail account stating he had gained possession of the domain by back-ordering it (obviously lying) and demanded a ransom of $1,200.
The Email read – 'We back-ordered thenetng.com and we are the owner of this domain at this moment. If you want to buy it for reasonable price (only 1200 USD) reply to this email or contact me via Yahoo! messenger. This is a limited time offer'. Adding that the management could transfer the money via online money transfer – Liberty Reserve.'
Luckily, the NET servers and user data were completely unaffected as they were hosted on a separate server company. NET established contact with Rocco Mancini and informed him they would respond to his E-mail. NET's editors then announced via Twitter, that their domain had been seized.
In less than 12 hours, the hacker reduced his ransom fee from $1,200 to $900 but the management had reached a decision not to respond or negotiate to pay any ransom to the criminal(s).
On Friday, April 19, 2013, NET made an official statement, following their initial tweets.
'We are convinced this is a calculated attack by detractors to unsettle and distract us, knowing our third anniversary (April 26) is just around the corner, as well as our inaugural Nigerian Entertainment Conference holding next Friday', the statement signed by the NET's publisher, Ayeni Adekunle read in part.
'It is the first time since we registered the domain in 2009 that such security breach would occur. And even though we considered our readers, advertisers and partners, our management took a firm decision not to engage with the criminals', Ayeni said in the statement.
NET also announced the website had been temporarily moved to www.thenetng.net.
Hours after the statement was published, the hacker sent them another Email, reducing the ransom to $500.
Meanwhile, NET had reported the issue to domain hosting company Godaddy who investigated the matter. Via a telephone conversation, a customer care representative named Marcus O. confirmed the domain was transferred out of NET's account. He however said Godaddy won't be able to reverse the transfer because it was (apparently) authorized by NET and advised the matter be specially reported to a higher authority at Godaddy. NET's management is still in communication with Godaddy.
In the evening of Saturday, April 20, the hacker sent another E-mail, dropping his ransom to $200.
'just pay 200 $ and its yours……fund your LR account just for 200$ and pm me on yahoo messenger to trade it in a minute…200$… think about it…'
As at today Monday, April 22, 2013, the NET domain had not been re-acquired but they are still working with their registrar, in–house IT team, and consultants to legitimately reclaim their domain. According to Mr. Ayeni "We are aware this may take some time, but it is a sacrifice we are willing to make".
Moves have been made to report to the appropriate Nigerian and international authorities, and the NET's management is seeking the board's approval to make the hackers' full emails public.
Nigerian Entertainment Today went live with a 24-hour website on November 23, 2009, while its print edition hit Newstands on April 26, 2010.