You don't need to purchase any top-level domain, just a bunch of regular domains: dearleader000001.kp, dearleader000002.kp, ....

If you are, say, the North Korean government, or have a close relationship with some small island registrar, you can register any number of domains you like for peanuts.

If you're willing to spend tens of thousands of dollars, there are better ways to mess with somebody's computer.

But at $185,000 a piece, who will be doing that?

Actually, you'd only need to buy one TLD!

Or, you could buy one regular domain and then ask to be put on the public suffix list. I'm guessing that would have the same effect for less money.

Wow, being put on the public suffix list is an interesting idea. How would one go about doing that?

Interesting question. I wonder if you could get into this list (without nefarious purpose) if you provided some major hosting service? Eg: I see k12-schools in the US are on that list, it would make sense to allow someone providing shared hosting to get on the list (to avoid users setting cross-domain cookies). Eg: appspot.com and blogspot.* is on the list[1].

More information:

  http://publicsuffix.org/submit/ (and the rest of the site, obviously)

[1] http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/ef...