Home / Blogs

ICANN and Your Internet Abuse

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.
Garth Bruen

In spite of the material we were presented with in Durban something has gone very wrong inside of ICANN Compliance. KnujOn has published a report which demonstrates that ICANN Compliance appears to completely collapse between September 2012 and December 2012. Following December 2012, ICANN seems to stop responding to or processing any complaints. It is around this time certain compliance employees start disappearing. This was not limited to the Sydney office as some would have us believe, all while we have been given assurances the compliance team was being ramped up not down. The accepted budget has 20 Compliance staffers listed but in reality there are only 14 employees with another ubiquitous staff member vanished from the roster. Six phantom employees is a lot.

We can see the impact of this within the report as 8000 plus complaints were not process effectively or simply did not get processed at all. This report was very much a follow up to a previous report which shows the lack of enforcement in detail. The report speaks for itself in its multiple examples. However, let us focus on one, which given the history and details is completely unacceptable.

The Rape Tube

While the registrar BizCn has been a cited as a comfortable home to drug-dealing sites as well as trademark infringement, one of the most outrageous domains existing in perpetual violation, but with the silent approval of ICANN, is The Rape Tube. A play on Youtube, rapetube[DOT]org offers the most heinous and sick material, which is beyond any other Internet trash (I can't even re-print the site's own description here). But this is not just about the garbage content, it is about ineffective ICANN policy and process. You see the Rape Tube is hiding behind a completely invalid WHOIS record which had been documented and reported to ICANN Compliance multiple times since 2011. The Rape Tube has the same WHOIS record as approvedonlinepharmacy[DOT]net and at least 1000 other illicit sites sponsored by BizCn and is accused of being part of a network run by a criminal organization. None of this is a problem apparently. Not only did the registrar fail to correct the issue or suspend the domains in question but ICANN did not issue a breach notice when alerted. When asked why, ICANN insisted that answering such questions would jeopardize ICANN's relationship with BizCn. Placing the importance of a relationship with a contracted party in clear violation of the RAA over that of the ICANN commitment to the public seems a serious transgression of public trust. But, according to our research the relationship with BizCn trumps everything, calling the sincerity of ICANN pledges into question.

And this is not even the first time. In 2010 a BizCn-sponsored domain with false WHOIS was part of a massive malware attack. Complaints were filed, the registrar did not act, ICANN was notified and no breach notice was issued. Additionally, according to a recent report BizCn has not been providing Port 43 WHOIS access which is a condition of the contract. So what is going on here?

Analyzing the Analysis

Putting some perspective on the issue, the drive for new Compliance metrics started several years ago when the previous head of ICANN Compliance called for more resources and publicly accessible statistics. He was silently removed from his post shortly after. Now, we have a new push, but is it real?

Compliance has started publishing more information, but the way they put data out is frustrating. There is little context for their numbers. Look at this chart. Does it make sense? Does the Processed value include the Closed count? Add up the various closed counts and they do not equal the total closed count. Since the Processed value far exceeds the Received value we must assume that some portion of the 5043 processed complaints are from previous months, how many? How old? Are the closed complaints from this month or a previous month? Compare this chart to the chart below. The Received complaints in chart one for February is 2423. The second chart has 2409. If you assume they are adding the 14 breach and termination notices to the number works out, but breaches and terminations are not complaints. Look at the detailed list of actions and it becomes even more confusing. The charts list 6 Breach notices in February, but the detail shows 1 breach notice and the rest are updates of previous actions. The enforcements against Bargin Register, Inc and Power Brand Center Corp. are counted TWICE in different sections.

I put forth a different metric: Does what Compliance produces actually have any effect or benefit for the Internet? The simple answer is no. Cybercrime is barreling ahead and ICANN appears powerless to slow access to domain names for illicit use. But why would it? ICANN's various moves always seem geared towards limiting the scope of Internet consumer complaints, favoring the desires of commercial stakeholders. To ICANN, the ordinary Internet user is not important. What is important is keeping the domain industry happy, so all areas of ICANN are engaged in this effort. Thus the language used to respond to complaints reflects this bias. Policy discussion occurs in public, but important decisions are still happening secretly. Most people do not own a domain name, but are impacted by their use. Even those who own domain names typically do no own very many. However, the spammers profiled in our report own thousands. The abusers of the system who purchase and dump domain names are contributing far more to ICANN's growth than the average netizen could ever dream of. Spammers may be their best repeat customers and as such may receive better treatment than ordinary Internet users. The abusers put money and energy into the cycle. We're counting on ICANN to protect the DNS but the watchman has been asleep too long and the thieves slip in with impunity.

The Invisible Money Line

Regardless of the flurry of compliance notices in 2013 the department remains a primary bill collector. The most recent notice is about a $6,834.56 deficit. But this is not simply about the money, it is about how much money. To say that only registrars who owe money get terminated is just the beginning of the story. Is Compliance a tool for shaking out registrars who are not "bringing home the bacon"? The number of registrars actually terminated in the last three years had less than 4,000 total combined .COM domains. This represents a rounding error decimal point in ICANN's budget. 67% of the breach notices in the last 2 years were to registrars with fewer than 10k names. 85% have fewer than 20k names. Only 34% are for non-financial reasons — none ever reached enforcement level. 8 of them came up because of the new audit process so are not really complaint-based; without those, 76% of all enforcement is to collect fees. However, within the counts there are two anomalies: Tucows and XinNet. XinNet has over one million domains. However, ICANN stated this was "due to an error” and the breach was withdrawn. As for Tucows, they received multiple extensions and the issue was eventually dropped by ICANN. Would a registrar with a small number of domains who owed fees be given such reprieve?

What Happened?

There seems to have been a purge of critical compliance staff at the end of 2012 which coincides with the general decline of performance. Meanwhile, a minority of players are using the DNS as a weapon against consumers all under ICANN's watchful eye. There cannot be consumer trust in an environment of skullduggery. It is part of the reason why sites like the Rape Tube are allowed to endure.

We started off with such high hopes from the new CEO but it appears he has come to a locked door which is beyond even the CEO's ability to open. Additionally, even more doors were closed. What the CEO set out to accomplish cannot be completed. The special relationship with BizCn places real limits on what the CEO can deliver to the rest of the community. It seems he needs more support from the ICANN community to keep the organization on track, if he fails we all fail. Anyone who wants to discuss this issue and find out how to move forward can contact me directly.

By Garth Bruen, Internet Fraud Analyst and Policy Developer. More blog posts from Garth Bruen can also be read here.

Related topics: Cybercrime, Cybersquatting, Domain Names, ICANN, Internet Governance, Law, Malware, Policy & Regulation, Cybersecurity, Whois

 
   

Comments

ICANN document Glenn McKnight  –  Sep 26, 2013 6:00 AM PDT

Additional reads
SECTION 1:
The Effectiveness of ICANN’s WHOIS Compliance Effort Appendix A:
Letter from WHOIS Review Team Chair to Maguy Serad, Senior Director Contractual
Compliance, ICANN Compliance

http://mm.icann.org/pipermail/atrt2/2013/000914.html

Great find Garth Bruen  –  Sep 26, 2013 7:25 AM PDT

This is clearly dizzying. What you see in these documents over and over is the Review Team trying to get facts but ICANN consistently delivering them in contradictory fragments.

During our call to staff the other week, we asked for numbers of compliance staff over time since 2007

They further point out:

when the team was set up. We asked for names, but [ICANN Legal] suggested numbers instead

So, how do we know how many employees they really have without knowing who? They could claim any number at that point. I guess this is just the ICANN portion that deals with numbers and not names ;-)

ICANN responds by sending more confusing information leading the Review Team to ask:

I'm a bit confused by these numbers, as they appear to be different from those given to us by the Compliance team when we met in January...Can you help us out with these differences

It goes on like this, with delays, incomplete information, discrepancies. Even now in the email you referenced ICANN is insisting that:

the WHOIS Review Team was provided with detailed information on Compliance staffing

But another member of the ATRT team quickly points out

that page lists the current staff (presuming it is current) but says nothing about approved staffing levels

So here we are, they say they have 20, they can only prove 14 (and several were jettisoned). If they can be upfront with such basic information how can we trust ANY other information coming out of Compliance?

UPDATE! Garth Bruen  –  Oct 04, 2013 9:21 PM PDT

ICANN has admitted there are in fact only 14 Compliance employees, not 20 as they requested funding for. Six phantom employees.

Furthermore, they have tossed off the WHOIS Review Team requirement to implement WHOIS validation because it would be...too expensive. It's funny since they have budgeted nearly $1 million to STUDY the issues of invalid WHOIS. Actually doing anything...too expensive. The WHOIS RT Report has been eviscerated.

Your comments illustrate some checks and balances Pinkard Brand  –  Sep 27, 2013 9:59 AM PDT

Your comments illustrate some checks and balances that need addressing within the ICANN organization. I think part of the problem lies with ICANN's ability and its stakeholders to manage massive change on a global scale, and at the same time manage the way they engage stakeholders within the People's Republic of China.

On the other hand I'm disturbed in that I don't see any evidence of you attempting to contact registrars such as BizCN mentioned in your article.  It would seem to be a responsible effort to be undertaken. If I was a registrar I would probably be boiling-over mad to read such accusations without at least giving the registrar the opportunity to respond.

Perhaps ICANN and/or you may not be aware there is a certain way to approach any registrar, or any business organization within China for that matter, when you have any question, or just want to be introduced in order to ask a question. Even if that question is related to a possible contractual matter.  I know this from over 14 years of making trips to China directly related to the domain name industry. How registrars or any business in the PRC interprets and acts on contracts can be quite different from the way we in the 'western' world interpret them. It's not necessarily a problem if you know how to deal with issues in the correct manner. Then it becomes amazing in what you can accomplish in the complex society and business environment of the PRC.

Very recently I met the COO and Vice General Manager of BizCN face-to-face at their offices. I had specifically targeted them for a meeting even though I had never met them before. How did I do this? I arranged for an introduction the Chinese way. I won't go into detail here, but it's no small feat.

I found them to be quite engaging and very honest in their opinions. I recently asked a fellow consultant and Chinese colleague to conduct basic research into the business practices and reputation of BizCN within Chinese online communities (Baidu, Weibo and other online forums).

Through our research, we didn’t find any articles or mentions online regarding dishonest dealings by BizCN.  In general, it appears that BizCN has a relatively good online reputation. The tonality of the online media coverage since 2010 is positive, with most of the articles focusing on its contribution to larger local events, like the Shenzhen University Games.

In terms of the buzz on Weibo and other Chinese online forums, we did see several serious customer complaints. Overall, some of its customers are not satisfied with its customer service, and the fact that the company failed to address these concerns and effectively communicate with the customers has made angry customers spread out negative comments online. But it appears that BizCN made improvements by using Weibo to monitor and reach out to those unhappy customers.

We also observed that BizCN used its Weibo account to reply to negative comments with solutions. In particular we observed that the percentage of the complaints is still low, compared to BizCN's huge market and the enormous number of registrar resellers and registrants in the PRC.

My comments here are not meant to explicitly defend BizCN, but to contribute a balanced view from within the Chinese context. However I will state that our research indicates that there is zero chatter in the PRC about gang/rape/murder/theft/etc issues around BizCN in Chinese media, social media, blogosphere, etc.

Does not apply to the discussion Garth Bruen  –  Sep 28, 2013 8:44 AM PDT

Thank you for the thoughtful cultural commentary, unfortunately it does not apply to the discussion.

I think part of the problem lies with ICANN's ability and its stakeholders to manage massive change on a global scale

Good point, should the new gTLD deployment be delayed?

On the other hand I'm disturbed in that I don't see any evidence of you attempting to contact registrars such as BizCN mentioned in your article.

Nah, they’ve known about this for two years.

Perhaps ICANN and/or you may not be aware there is a certain way to approach any registrar

This is inapplicable to the issue. ICANN already has a special relationship with BizCn which apparently supersedes the Affirmation of Commitments in all matters of dealing with the public.

In general, it appears that BizCN has a relatively good online reputation.

You didn’t look hard enough. Start with this:

My identity has been stolen by BIZCN domain registrar (or their customer(s)), who is accredited by ICANN. Someone at BIZCN has registered over 50 to 70 domain names (or more) using my name and my address...My numerous attempts to call , email and fax ICANN ended up in a wall of silence and complete ignorance by ICANN… My numerous attempts to reach BIZCN ended up in "Jimmy" from BIZCN responding (after numerous no-responses) and promising changes, yet he did very little

The tonality of the online media coverage since 2010 is positive, with most of the articles focusing on its contribution to larger local events, like the Shenzhen University Games.

Nice commercial.

In terms of the buzz on Weibo and other Chinese online forums, we did see several serious customer complaints.

Another commercial.

Overall, some of its customers are not satisfied with its customer service, and the fact that the company failed to address these concerns and effectively communicate with the customers has made angry customers spread out negative comments online.

The posting had nothing to do with complaints from customers of BizCn, rather abuse victims complaining about customers of BizCn.

But it appears that BizCN made improvements by using Weibo to monitor and reach out to those unhappy customers.

commercial…

We also observed that BizCN used its Weibo account to reply to negative comments with solutions. In particular we observed that the percentage of the
complaints is still low, compared to BizCN's huge market and the enormous number of registrar resellers and registrants in the PRC.

commercial…

My comments here are not meant to explicitly defend BizCN

Um, you’ve basically said you consult for them, how else is the reader supposed to take the comments?

our research indicates that there is zero chatter in the PRC about gang/rape/murder/theft/etc issues around BizCN in Chinese media, social media, blogosphere, etc.

Why would it? The people behind the domains in question are not Chinese. These are international illicit traffickers taking advantage of the cultural confusion you reference and abusing the Chinese domain marketplace. Efforts would be better placed on rooting the problems out.

In response to your question: "...should the Pinkard Brand  –  Sep 29, 2013 8:19 PM PDT

In response to your question: "...should the new gTLD deployment be delayed?" The new gTLD program is already delayed and has been quite some time. 

Your assumption that I consult for BizCN is incorrect. I have not ever been nor am I a consultant or employee to BizCN.  The most I've ever received from BizCN is green tea to sip during our pleasant and cordial meeting.

Next tea time Garth Bruen  –  Sep 30, 2013 5:26 AM PDT

The next time you have tea with him let him know BizCn was ranked #8 in the world for phishing by APWG in this most recent quarter.

Thank you Pinky Antony Van Couvering  –  Sep 27, 2013 12:41 PM PDT

It's always good to see a humane, real-world perspective, especially in response to accusations made from a limited data set without context.  Thanks Pinky.

Irony Garth Bruen  –  Sep 30, 2013 7:24 AM PDT

"It's always good to see a humane, real-world perspective, especially in response to accusations made from a limited data set without context."

I’m not sure how you can call two years of monitoring, hundreds of pages of sourced research, 8000 plus documented process failures, and 9 unanswered case studies as “a limited data set without context,” but I suppose there is always more information to be highlighted.

The BizCn-sponsored illicit domains have been in violation for two years and ICANN even acknowledged they did not follow procedure and perform their obligations in the mandated time-frame. Additionally, BizCn reported to ICANN that they verified the contact information as valid even though it is clear that this would be impossible. So, is BizCn providing false information to ICANN or is ICANN covering for BizCn?

Furthermore, this is all plainly documented in public correspondence to the ICANN CEO, in which he is specifically notified about The Rape Tube:

Referring again to approvedonlinepharmacy[DOT]net we find there are over 2,100 domains sponsored by BizCN which use this same willfully inaccurate contact information. One such site is called “rapetube[dot]org” which purports to show violent sexual assaults.

Speaking of being humane, you can mark yourself a community leader right now by taking a stand against the trade in online sexual assault material. Can I count on you?

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Verisign

Cybersecurity

Sponsored by Verisign
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services
Afilias

DNS Security

Sponsored by Afilias

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

The Rise and Fall of the UDRP Theory of 'Retroactive Bad Faith'

.PRESS Supports Press Freedom Day for 3rd Consecutive Year

Leading Internet Associations Strengthen Cooperation

5 Afilias Top Level Domains Now Licensed for Sale in China

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

Afilias Chairman Jonathan Robinson Wins ICANN's 2016 Leadership Award at ICANN 57

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

8 Tips to Find Your Perfect .COM Domain Name

Why .com is the Venture Capital Community's Power Player