Australian registrar's accreditation revoked in security scare

Current Australian business bad boy Nicholas Bolton who has recently become a media star in all the wrong ways has landed himself in hot water over another of his business ventures. This time Australian Style which trades as Bottle Domains, a domain name registrar, has had its accreditation removed resulting in the virtual collapse of the business.
The removal of the accreditation means Bottle Domains cannot manage its portfolio of .au domain names customers have registered with the company and nor can registrations of .au new domain names be accepted.
The move by auDA comes a day after Bolton stunned investors in a Brisbane road infrastructure project by selling the “voting rights over his 19.5 per cent BrisConnections stake to Leighton subsidiary Thiess John Holland, which is building the Airport Link toll road,” reports The Australian.
The sale of the voting rights angered many investors in BrisConnections, with one investor who feels spurned by Bolton, Jim Byrnes, saying “Karma: it’s such a bitch”.
“In the Bolton corporate structure, Bottle Domains is one of five companies wholly owned by Australian Style Group Pty Ltd, which in turn is 99 per cent-owned by Georgia Bolton and one per cent by her brother Nicholas,” The Australian reports.
In a statement on the issue, auDA notes it was notified by the Australian Federal Police that there had been a security incident which affected customers of Bottle Domains.
auDA has since discovered that Bottle Domains was the subject of an earlier security incident in April 2007, which auDA believes may have caused or contributed to the security incident in February 2009.
Bottle Domains failed to notify auDA at the time of the April 2007 security incident, which was a breach of its obligations under the Registrar Agreement.
Subsequently, information recently provided to auDA by Bottle Domains about the April 2007 incident revealed that it did not reset customer passwords or alert its customers to the possibility that their account information had been accessed by third parties. Bottle Domains also failed to conduct an independent security audit to verify that the security vulnerability had been fixed, and that there was no other unauthorised access to its systems.
“auDA takes security issues very seriously,” said auDA CEO, Chris Disspain. “In our view, Bottle Domains’ failure to deal properly with the security incident in April 2007 demonstrated an alarming disregard of the potential risks to its own customers, and to the overall stability and integrity of the Australian DNS.”
“Given the seriousness of the matter, it is appropriate that auDA terminate Bottle Domains’ registrar accreditation.”
AuDA wants to ensure domain name holders who have registered domain names with Bottle Domains that they are NOT at risk. auDA is in the process of contacting all those whose domain name is registered through Bottle Domains to provide them with all the information they need.
“Mr Bolton said yesterday that Bottle Domains did not consider the incident, which affected about 10,000 of the company’s 120,000 customers, amounted to a breach of its auDA agreement, and would defend the matter ‘vigorously’,” The Australian reported.
For more information, see: