Cybercrime

Cybercrime / Most Commented

Taking Back the DNS

Most new domain names are malicious. I am stunned by the simplicity and truth of that observation. Every day lots of new names are added to the global DNS, and most of them belong to scammers, spammers, e-criminals, and speculators. The DNS industry has a lot of highly capable and competitive registrars and registries who have made it possible to reserve or create a new name in just seconds, and to create millions of them per day. Domains are cheap, domains are plentiful, and as a result most of them are dreck or worse. more»

Domain Tasting Target of US Federal Cybersquatting Lawsuit

So Domain Tasting, where registrants (who may also be registrars) taste names and keep only those that have economic value, is now the target of a federal cybersquatting lawsuit, brought about by lawyers for major brand name retailers Neiman Marcus and Bergdorf Goodman against major domain name registrar Dotster. This Dotster lawsuit involves allegations of cybersquatting by registrars who use the Create Grace Period, which is mandated by ICANN for global registries... more»

Fake Bank Site, Fake Registrar

In our continuing review of Rogue Registrars we have stumbled upon on a very elaborate fake banking site for "Swiss Bank" or "Bank of Switzerland". To the casual Internet consumer this site probably appears legitimate, but a number of clues tip off the fraud. Phishing sites are everywhere so this does not immediately raise eyebrows until you review the Thick WHOIS record for the domain. more»

When Registrars Look the Other Way, Drug-Dealers Get Paid

Since November of last year we have been discussing the problem of illicit and illegal online pharmacy support by ICANN-accredited Registrars. In several articles and direct contact with the Registrars we have tirelessly tried to convey the seriousness of this problem, many listened, some did not... With the background information already known, the case presented here is much more specific and concerns EvaPharmacy, which was until recently, the world's largest online criminal pharmacy network. more»

Who Is Blocking WHOIS? Part 2

We have just returned from the Brussels, Belgium ICANN meeting where we released our Registrar audit, the Internet "Doomsday Book." There are many topics covered in the report, but we wanted to follow up specifically on the issue of WHOIS access and add data to our previous column Who Is Blocking WHOIS? which covered Registrar denial of their contracted obligation to support Port 43 WHOIS access. more»

On Mandated Content Blocking in the Domain Name System

COICA (Combating Online Infringement and Counterfeits Act) is a legislative bill introduced in the United States Senate during 2010 that has been the topic of considerable debate. After my name was mentioned during some testimony before a Senate committee last year I dug into the details and I am alarmed. I wrote recently about interactions between DNS blocking and Secure DNS and in this article I will expand on the reasons why COICA as proposed last year should not be pursued further in any similar form. more»

Domain Name Registrar Allows Completely Blank WHOIS

In a very casual and low-key footnote over the weekend, ICANN announced it would be further bypassing the Affirmation of Commitments and ignoring the WHOIS Review Team Report. There will be no enhanced validation or verification of WHOIS because unidentified people citing unknown statistics have said it would be too expensive... As a topic which has burned untold hours of community debate and development, the vague minimalist statement dismisses every ounce of work put in by stakeholders. more»

Network Solutions Responds to Front Running Accusations

Following a post on the DomainState forum today, a number news and blogs have criticized Network Solutions for front running domain names that customers try to register. (See for instance today's report on DomainNameNews). Jonathon Nevett, Vice President of Policy at Network Solutions, has offered the following in response to the news break... more»

Port 25 Blocking, or Fix SMTP and Leave Port 25 Alone for the Sake of Spam?

Larry Seltzer wrote an interesting article for eWeek, on port 25 blocking, the reasons why it was being advocated, and how it would stop spam. This quoted an excellent paper by Joe St.Sauver, that raised several technically valid and true corollaries that have to be kept in mind when blocking port 25 -- "cough syrup for lung cancer" would be a key phrase... Now, George Ou has just posted an article on ZDNET that disagrees with Larry's article, makes several points that are commonly cited when criticizing port 25 blocking, but then puts forward the astonishing, and completely wrong, suggestion, that worldwide SPF records are going to be a cure all for this problem. Here is my reply to him... more»

Most Abusive Domain Registrations are Preventable

As the WHOIS debate rages and the Top-Level Domain (TLD) space prepares to scale up the problem of rogue domain registration persists. These are set to be topics of discussion in Costa Rica. While the ICANN contract requires verification, in practice this has been dismissed as impossible. However, in reviewing nearly one million spammed domain registrations from 2011 KnujOn has found upwards of 90% of the purely abusive registrations could have been blocked. more»

Domain Front Running by Registrars Continues to Draw Attention

In response to accusations lodged yesterday in a post on the DomainState forum, NSI has issued a statement which essentially admits that it engages in a form of domain front running. No one has challenged domain Front Running by registrars in the courts, likely because the practice is new and since the loss of a single domain would not typically generate a level of damages to support litigation. But litigation over this arguably fraudulent domain practice by registrars is both viable and likely inevitable... more»

Conflict of Opinion

If a UDRP panelist believes domainers are the same thing as cybersquatters, is he fit to arbitrate? I came across an editorial on CNET today by Doug Isenberg, an attorney in Atlanta and founder of GigaLaw.com, and a domain name panelist for the World Intellectual Property Organization. The guest editorial focuses on Whois privacy and why it's imperative to maintain open access to registrant data for intellectual property and legal purposes. That's a common opinion I've read a million times. Nothing groundbreaking there. But then I was shocked to read that Isenberg generalizes domainers as cybersquatters: "Today, cybersquatters have rebranded themselves as 'domainers.' Popular blogs and news sites track their activities..." more»

Typosquatting: A Solution

Typosquatting's negative effect on the surfing experience can be easily eliminated, and in a way that allows all parties to make money. What's called for is an affiliate program. You would not be happy if you typed a domain name into your browser and wound up in nowhere land because of a simple misspelling. That's the negative surfing effect of typosquatting... more»

PIR's Anti-Abuse Policy for .ORG Offers No Due Process for Innocent Domain Registrants

PIR, the registry operator for .org, has sent notices to registrars that it is implementing an anti-abuse policy that offers no due process for innocent domain registrants... While it's good intentioned, there is great potential for innocent domain registrants to suffer harm, given the lack of appropriate safeguards, the lack of precision and open-ended definition of "abuse", the sole discretion of the registry operator to delete domains, and the general lack of due process. more»

DNSSEC: Once More, With Feeling!

After looking at the state of DNSSEC in some detail a little over a year ago in 2006, I've been intending to come back to DNSSEC to see if anything has changed, for better or worse, in the intervening period... To recap, DNSSEC is an approach to adding some "security" into the DNS. The underlying motivation here is that the DNS represents a rather obvious gaping hole in the overall security picture of the Internet, although it is by no means the only rather significant vulnerability in the entire system. One of the more effective methods of a convert attack in this space is to attack at the level of the DNS by inserting fake responses in place of the actual DNS response. more»