Twitter shares soar after buyout story appears on bogus Bloomberg site

How someone was able to buy bloomberg.market and, er, move the market

Updated Twitter's shares jumped four per cent this morning after a fake news story claimed the biz had received a $31bn buyout offer.

The reason for the jump was that it appeared to come from respected newswire Bloomberg – but the piece was instead hosted at bloomberg.market, and not on the news organization's Bloomberg.com.

"Twitter is working closely with bankers after receiving an offer to be bought out for $31 billion, people with knowledge of the situation said," the five-paragraph fake story started. The bloomberg.market domain has been pulled offline in the past few minutes.

Bloomberg.market is a mirror of the Bloomberg.com website, the copied headlines are real and link back to the real dot-com website. With one exception: the fake Twitter story, which was dressed up to look like a legit webpage.

That is also the only URL that exists under the dot-market website, pointing to a planned effort to put the fake news into circulation. Perhaps the reason for that effort was to benefit from the subsequent spike in the share price, which lasted approximately 15 minutes before Bloomberg denounced the story as fake and the share price dropped back to its previous level.

Twitter saw a spike in its share price until Bloomberg confirmed the story as fake

Wild goose chase

It's not known who owns the dot-market domain, but it was registered at the weekend using a so-called "proxy service" based in Panama. That company, WhoisGuard, protects registrant details by offering its own address and contact numbers.

However, WhoisGuard's details also appear to be fake: their telephone number is disconnected and emails to their contact address have not received a response. The contact details for WhoisGuard on its own website at WhoisGuard.com also fail to work: the telephone number goes through to a voicemail box and emails also fail to receive a response.

WhoisGuard works as an affiliate of the company eNom. A call to eNom's registrar abuse hotline leads only to a voice message that instructs you to send an email through eNom's online portal.

We contacted the company that runs the .market registry, and which is also the parent company to eNom, through whose systems the bloomberg.market domain was registered.

Rightside's vice-president of business & legal affairs Statton Hammock told us that his biz had opened an investigation into the situation, and that its compliance manager was looking into whether the registrar has broken the company's acceptable-use policy or violated any of its terms-and-conditions.

Let's see what ICANN has to say...

We also contacted the organization in ultimate charge of the domain name system, ICANN. ICANN develops the rules that registries and registrars are obliged to follow, and has recently been under fire for its lackluster compliance efforts.

An ICANN spokesman told us: "We are not commenting right now."

What this story highlights is that the fears of many companies about the introduction of hundreds of new dot-words are all too real. The fact that the fake story was hosted on the seemingly real bloomberg.market web address is almost certainly the reason it was taken seriously.

Under rules developed by ICANN, trademark holders can pay to be added to a "trademark clearinghouse." Once in that clearinghouse, anyone who tries to buy a domain with a mark in it will be warned that they may be violating a trademark, but they will not be prevented from registering it.

When each new internet registry launches, there is also typically a "sunrise" period during which trademark holders can pay a premium to get access to their name first. However, due to the huge number of new extensions launches – more than 500 in the past year – many companies have decided not to spend tens of thousands of dollars registered their namesakes all over the internet.

Bloomberg did take advantage of a private scheme run by large registry operator Donuts in which it was able to put a block on its name across all of Donuts' top-level domains – which is why, for example, bloomberg.business is not available to register. That will also mean that bloomberg.news will also be restricted when it launches later this month.

However, bloomberg.market appears to have slipped through the net, with significant consequences. ®

Updated to add

At about 4pm PDT (2300 UTC), Rightside posted a blog post on the issue, stating that it took down the website "per our standard operating procedures" because it was being used for "nefarious purposes." It explained:

It pains us so greatly that, in the early stages when so many people are forming their first impressions of the TLD [new top-level domain] program, [that] numerous positive examples are sometimes overshadowed by the malicious practices and behaviors of a very small group of people.

Today’s example of www.bloomberg.market is a precise example of this unfortunate phenomenon. There are processes in place to limit the means and extent to which bad actors can utilize new domains for nefarious purposes, and we have worked with Bloomberg to implement those processes and shut down www.bloomberg.market.


Biting the hand that feeds IT © 1998–2017