Internet forums are full of anecdotes and claims that WHOIS searches, followed by a period of contemplation, have resulted in the searched domain name being registered before the searcher decides to come back and register it.
This is akin to someone following you around an antique store. When they see that you are interested in an item they pick it up, thinking it must be valuable, as you move on and it's gone when you come back.
Typically hijacked domains are held for 5 days, while the hijacker evaluates their worth, and are then returned 'to the shelf'.
WHOIS hijacking has not been proven and if true must be the world's best kept secret. It would be easier to prove colluson at the pump between big oil companies.
There are two possible explanations.
1) It is just a coincidence
2) Someone is intercepting WHOIS lookups.
Both explanations point back to domain tasters
ICANN allows registrars to return a registered domain and get a full refund within 5 days of registration. This has spawned an industry of domain tasters
who buy domains and test their profit potential with pay-per-click ads. If in 5 days the domain demonstrates potential for click revenue to exceed annual registration cost then the domain is kept - otherwise it is returned.
The practice is also known as domain kiting
as tasters can churn domains - buying and dumping - without spending more than their initial investment.
In April 2006, out of 35 million registrations, only a little more than 2 million were permanent or actually purchased. By February 2007, the CEO of GoDaddy reported that of 55.1 million domain names registered, 51.5 million were canceled and refunded just before the 5 day grace period expired and only 3.6 million domain names were actually kept.
Large domain tasters have, or have acquired, ICANN Registry status to reduce costs, automate, and facilitate their business.
Domain tasters churn millions of domain names, are hungry for new names, and have multi-sources of potential names. These include dictionary combinations, .net versions of popular .coms, and naturally expiring domain names. WHOIS lookups are another potential source as they identify names that someone (the WHOIS user) thinks could be a profitable name.
Given the huge churn rate it is possible that reported 'whois hijackings' are just coincidental. The other explanation is that domain tasters intercept WHOIS queries. Theoretically this interception could be at source or at the Registry.
Possible hijack locations:
1)WHOIS lookups conducted through Registrars controlled or affiliated with the tasters
2) WHOIS lookups at private WHOIS sites (like this one) affiliated with domain tasters
3) With their Registry status tasters may have access (approved or otherwise) to Registry WHOIS logs or data.
The later possibility would explain how Registrars such as GoDaddy, who disagree with domain tasting, keep getting accused of hijacking following a WHOIS at their site.
My take is that domain tasters don't want to talk about their tactics, and 'innocent' registrars and ICANN don't want to publicize flaws or weaknesses in the system.
One solution is to charge a fee on any returned domains. ICANN currently charges registrars $0.22 per domain. Make it non-refundable.
SAFER WHOIS does not monitor, share, sell, steal or taste your domain searches. Any 'hijacking' would have to be a coincidence or occur at the Registry end. Happy searching and play safe.