Domain transfer #FAIL – man gets 20 years for gunpoint domain hijack

Hand gun

Break into somebody’s home; kick in the door when he escapes to a bedroom; pistol-whip him; taser him; hold a gun to his head; demand that he log onto his computer and transfer the domain name for “” to another account; shoot him in the leg during the struggle; and, finally, get shot in the chest multiple times yourself.

That’s the definition of “how not to do a domain transfer.”

But that is exactly what happened in what the Northern District of Iowa US Attorney’s Office on Wednesday described to be the first extortion prosecution in the district that involved an attempt to steal an internet domain name.

The burglar is Sherman Hopkins, Jr., 43, from Cedar Rapids, Iowa – a man who had been previously convicted for a perjury felony. In December 2017, Hopkins pleaded guilty to another felony: one count of interference and attempted interference with commerce by threats and violence.

His desire for that domain is going to cost him: Hopkins was sentenced to 20 years in federal prison.

We’ve seen plenty of Domain Name System (DNS) hijackings – cryptocurrency site BlackWallet in January, Bitcoin transaction site in 2016, and I-really-need-to-sell-this-chartreuse-sofa site Craigslist in 2014.

You can see the value in control of those sites: valuable cryptocurrency, and, with Craigslist, control over a domain that was getting 50 billion page views per month at the time.

But what’s so valuable about As Motherboard’s Vice reports, the site isn’t currently returning a web page, though the Internet Archive’s Wayback Machine has a snapshot dating back as early as January 2015.

But whoever controls the domain could undoubtedly make a mint if they decided to monetize it. As you can see from the @DoItForState Twitter account, #DoItForState glories in chronicling college debauchery: mostly women’s butts, with a good amount of beer chugging thrown in, and some random hits on the skull with beer bottles.

The account had 41.7K followers as of Monday.

As the Iowa station KCCI reported in January 2015, the #DoItForState phenomenon started at Iowa State University in the previous autumn. It began as a Snapchat channel that chronicled sexts, Pong drinking games, toga parties, and the other dumb stuff college kids do.

At the time of the attempted armed domain name robbery, the domain was controlled by a 26-year-old named Ethan Deyo – the man who Hopkins shot in the leg and tried to extort. According to his personal site, Deyo is an entrepreneur and personal branding expert. Among his credits, he lists over $1m in software sales for the domain registrar

According to the DOJ, Deyo was upstairs at his home in Cedar Rapids on 21 June 2017 when he heard Hopkins break in. He looked over the railing and saw that Hopkins had a gun. Hopkins shouted at Deyo, who ran into a bedroom upstairs and shut the door, leaning against it to keep Hopkins out. Hopkins went upstairs and kicked it open.

Hopkins then grabbed Deyo and forced him into the home office, to turn on his computer and to connect to the internet. Then, Hopkins pulled out a paper full of instructions on how to switch GoDaddy accounts for a domain name. He held a gun to Deyo’s head and told him to follow the directions, taking his mobile phone and throwing it away so his victim couldn’t call for help.

Deyo said he needed a mailing address and phone number to make the transfer go through. Hopkins responded by pistol-whipping him in the head. He also tased him. In the struggle, Deyo was shot in the leg, but he managed to get the gun and shoot Hopkins in the chest.

As Vice reports, it’s not clear who Hopkins was trying to transfer the domain to. However, Cedar Rapids public safety spokesperson Greg Buelow had this to say last year after the incident:

This domain name is valuable and he wanted that transferred back to someone else.

There may be violent antics on display at the @DoItForState account, but nothing half as bad as attempting to pistol-whip a domain name out of somebody.

Two men got shot. Butts and beer are one thing, but this? If this was some kind of beer-addled stunt to go after a valuable domain – a “let’s go hire a hitman, like this felon over here” – it could well have had lethal consequences.

And if the forced domain name transfer had been successful, the police would have had a new domain holder to have a very long chat with.