Home / Blogs

De Facto Rules a Boon to Rogue Players

Garth Bruen

In Ian Flemming's Thunderball M sends 007 to the Bahamas on a hunch that SPECTRE is hiding something there. Well, it's been our hunch for a while that the Bahamas "office" for the Registrar Internet.BS does not exist. Now we have confirmation of such. It has been documented in an explosive undercover expose (Internet.BS: A Safe Haven for Drug-Related Cybercrime?) by LegitScript that Internet.BS address as stated could not be verified, could not accept mail, and that the business itself could not actually be found in the Bahamas. Interestingly, Internet.BS does not offer the .BS domain extension, so it seems they may not be adding a penny to the Bahamas economy while prominently using the country's name. The official responses to this report from Internet.BS indicate they are really in Panama.

Unfortunately, the problem of Registrar obfuscation is not a new one for ICANN. The concern is that this yet another phantom with an unverifiable location like Parava Networks, OnlineNIC and EstDomains. These are egregious examples but the problem is truly pervasive and KnujOn has been tracking the invalidity and unavailability of Registrar contact information for a long time as many Registrars are run from unknown locations or post boxes. It has been a major agenda of governments, law enforcement and security experts to improve Registrar transparency by requiring full disclosure of location, ownership, and proof of local licensure but there has been significant pushback on this from the Registrars. The 2009 RAA was amended to require Registrars post contact information on their websites and ICANN compliance issued an official letter to me in 2010 which stated "ICANN is planning to incorporate website checks into its 2011 registrar audit schedule", but KnujOn found 10 new Registrars created in 2011 which have no address posted. We understand that in the modern virtual world businesses run from multiple locations but this not the situation here. We are talking about an industry which is by mandate supposed to be transparent but it is in fact opaque beyond acceptability. To be clear, the address in this case does apparently exist but cannot be verified. An address which does not exist is a clear violation, but an address that cannot be verified as a legitimate business has different purpose as a front.

Behind the front here is possibly the largest collection of illicit pharmacy domains, one-third according to the LegitScript report and possibly 44% according to the National Association of Boards of Pharmacy (NABP). In fact the NABP issued a letter today to ICANN to encourage them to act on this issue. It was NABP requests which encouraged Google, Yahoo and Bing to stop accepting advertising from illicit pharmacies. This is specific to KnujOn's work and ICANN as we conducted a case study on an Internic.BS sponsored illicit pharmacy with false WHOIS which the Registrar kept online after the deletion deadline.

ICANN's potential response to the NABP could be problematic as its enforcement ability is compromised by internal politics, conflicts of interest, and a general collapse of contractual authority. It has been revealed over the last few days that the RAA is not enforceable on a fundamental level, in terms of registrar enforcement of WHOIS accuracy. For many of us this was the last tool keeping rampant domain abuse at bay. Now it seems that there are no limits what a rogue Registrar can do. This is not a good model for public trust and discussions on abusive registrars seem taboo within ICANN. This could be the biggest policy and security failure on the general Internet as it touches everyone. The literal difficulties presented by this could be seen in the Verizon v. DirecNIC suit where a Registrar operating in Louisiana, listed in Caymans, owned by someone in Florida, with shell companies in other unknown locations simply could not be found. The case collapsed because of a lack of clear jurisdiction. This is a godsend for companies like Internet.BS who can operate with impunity everywhere and nowhere like the mythical SPECTRE.

By Garth Bruen, Internet Fraud Analyst and Policy Developer. More blog posts from Garth Bruen can also be read here.

Related topics: Cybercrime, Cybersquatting, DNS, Domain Names, ICANN, Internet Governance, Law, Policy & Regulation, Security, Top-Level Domains, Whois

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

A brilliant piece of work.Now why would Derek  –  Mar 14, 2012 10:51 AM PDT

A brilliant piece of work.

Now why would Marco use New York time as a reference?

Brief follow up 1 Garth Bruen  –  Mar 26, 2012 9:47 AM PDT

In a related article here by Kevin Murphy, Internet.BS said "that they would resist efforts to shut down their rogue pharmacies unless they received complaints from their own legal jurisdiction." Um, what is their "own legal jurisdiction", they're not actually in the Bahamas, they have no jurisdiction, this is the problem, the whole system is shadows and mirrors. It's a sham, they are accountable to no one, not even ICANN. Marco further states that "a Canadian pharmacy domain is not subject to FDA". NONE of the domains in question are true Canadian pharmacies! It's a big lie.

Not Just In Bahamas or Panama John Dias  –  Aug 23, 2012 3:43 PM PDT

I SENT THIS EMAIL TO SOFTLAYER ...............

The rogue pharmacy: WWW.CITOTEC-CYTOTEC.COM
Is registred with:

Registrar of Record: Everyones Internet, LLC dba Resellone.net
Record last updated on 17-Aug-2012.
Record expires on 17-Aug-2013.
Record created on 17-Aug-2010.
ResellOne Services are now part of SoftLayer. As you might already know, ResellOne became part of SoftLayer in 2010.

I am sending copies of this email to LegitScript organization. This website is a Rougue pharmacy. It violates several laws in several countries.
1 -violates, appears to violate, or encourages violation of Federal or state law or regulation;
2 - does not adhere to accepted standards of medicine and/or pharmacy practice, including standards of safety; and/or
3 - engages in fraudulent or deceptive business practices.
This site also violates the rules of Softlayer, in AUP, Acceptable Use Policy:
1. Unlawful Activities.
B.Threats, harassment and abuse of any individual, organization or business.
C.Fraudulent activities.

For LegitScript:
citotec-cytotec.com is a Rogue Internet Pharmacy
http://www.legitscript.com/pharmacy/citotec-cytotec.com

A - Can I just say that Softlayer is a new haven for ROGUE INTERNET PHARMACIES, as well as INTERNETBS.NET?

B - Why this site is still operating by registered, Everyones Internet, LLC dba Resellone.net that is part of SOFTLAYER?

C - If LEGITSCRIPT Approval Status: ROGUE (since 07/18/2012) Why SOFTLAYER Record last updated on 08/17/2012?

DO YOU WANT TO KNOW ANSWER OF SOFTLAYER?

"The host/domain in question is not on our network at this time."

THIS IS A GREAT AND FALSE CLAIM ... PIRATES ARE IN OUR BACKYARD!

The domain is on hold and as Derek  –  Aug 23, 2012 3:58 PM PDT

The domain is on hold and as such not resolving. That may be why they are stating this. They most likely did a DNS lookup, got nothing and as such the reply. The hosting account probably still exists.

CRIMINAL ORGANIZATION John Dias  –  Aug 24, 2012 1:37 PM PDT

I am sending copies of this email to LegitScript organization.
This websites are a CRIMINAL GROUP OF ROUGE PHARMACIES. I'm exposing a network of sites that village laws in different countries.

This network sells and abortifacient drugs cytotec without control or without requesting any medical consultation! Their focus are women of latin origin.

This is a group of websites that are part of the same network group:

WWW.CITOTEC-CYTOTEC.COM (This was shutdown in the present moment)

This criminal organization sells cytotec for abortion practices around the world and has the overwhelming majority of its sites registered in SOFTLAYER.

www.comprarcitotec-ba.com
www.comprarcitotec-bh.com
www.comprarcitotec-es.com

And many others. Aproximated ten (10) others!

NETWORK THAT THIS BEING THE SOFTLAYER covered up.

Women in United States and Latin America are dying due to the complicity of SOFTLAYER and this network of malware.

Is there any doubt about what has happened here?

Thanks
John Dias

MAKING A CORRECTION!! - CRIMINAL ORGANIZATION IN DOMAINSITE.COM John Dias  –  Aug 24, 2012 2:39 PM PDT

These criminals are like african ants in earch of victims. Only with the support of domainsite.com!

http://comprarcitotec.com/

This other website is part of a criminal organization that sells cytotec for women of Hispanic origin.
The sale is made without any medical consultation, prescription or register. Completely illegal.

I am sending copies of this email to LegitScript organization.
This websites are a CRIMINAL GROUP OF ROUGE PHARMACIES. I'm exposing a network of sites that village laws in different countries.
This network sells and abortifacient drugs cytotec without control or without requesting any medical consultation! Their focus are women of latin origin.

This is a group of websites that are part of the same network group:

WWW.CITOTEQUE.COM (This was shutdown in the present moment)

This criminal organization sells cytotec for abortion practices around the world and has the overwhelming majority of its sites registered in domainsite.com .

www.comprarcitotec-ba.com
www.comprarcitotec-bh.com
www.comprarcitotec-es.com
www.comprarcitotec.com

And many others. Aproximated ten (10) others!

NETWORK THAT THIS BEING THE domainsite.com covered up.

Women in United States and Latin America are dying due to the complicity of (WWW.DOMAINSITE.COM) and this network of malware!

Is there any doubt about what has happened here?

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Infographic: Where in the World Do Chinese People Live?

Public Interest Registry Seeks Leaders to Serve on its NGO Community Advisory Council

Neustar to Build Multiple Tbps DDoS Mitigation Platform

Auctions Update: MMX Wins .law and .vip

LogicBoxes Partners with I-Content to Implement Vertical Integration for .RICH and .ONL

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

General Availability Kicks Off for .Website, .Press and .Host

New .ORGANIC Top-Level Domain Welcomes Leading Brands As .ORGANIC Pioneers

Dot Chinese Online and Dot Chinese Website Featured in EURid's World Report on IDNs 2014

New .ORGANIC Top-Level Domain Opens to Serve the Organic Community

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

Independent Endorsement of Dot Chinese Online & Dot Chinese Website by by FiarWinds Partners

New gTLDs and Best Practices for Domain Management Policies (Video)

.Host Announces Top Global Players As Pioneer Partners

Public Interest Registry Releases Bi-Annual Report, .Org Domain Registrations Pass 10.4 Million

Public Interest Registry to Speak About Upcoming Launch of .ngo and .ong Domains for NPOs

Landrush Opens for .Website, .Press and .Host

Afilias Announces General Availability of .BLACK Top-Level Domain

Nominum Announces Future Ready DNS

Sponsored Topics