there is some additional asshattery that allows them to tie the name up for a short period without actually having to pay money for it
This was called "domain tasting", and the guise it was made under was to "allow a customer to put up a web site under a new domain name to test it out and sample it to see if they wanted to purchase it". This is of course a silly concept, you don't need to have the domain name in its final form to decide whether or not your web page works. What it DOES do is encourage this squatter behavior.
When they first started allowing that, there were suddenly millions of domains in a continuous "sampling churn" by the squatters. ("In April 2006, out of 35 million registrations, about 2 million were permanent or actually purchased." ie 94% of active domains were being "tasted") Getting a domain during that period without paying a squatter hundreds or thousands for it was very difficult. They had five days to decide whether to purchase or not, but then could just immediately (within seconds?) re-request a tasting, essentially keeping the domain locked under their control until you paid them off.
In 2009 ICANN made changes to mostly eliminate the free tasting when done in bulk. This helped a lot but there was still a lot of squatting going on. They made one more tweak, and after that the tasting was down to under ONE PERCENT of what it had been a year before. They called it good at that point.
But someone above mentioned such a squatter being actually owned by the registrar, which really "tastes like" fraud to me.