Cybercrime

Sponsored
by

Noteworthy

Domain Research and Monitoring: Keeping an Eye on the Web for You

WHOIS History API: Powering Domain Investigations

Reverse WHOIS: A Powerful Process in Cybersecurity

Cybercrime / Most Commented

DNS Hackers Target Domain Registrars

Hackers have launched distributed denial of service attacks against the Domain Name System (DNS) servers of a brace of domain name registrars over recent days. The motive for the separate attacks against VeriSign and Joker.com remains unclear.

VeriSign said the attack on its name servers caused a "brief degradation" in the quality of its service to customers for around 25 minutes on Tuesday afternoon, ComputerWorld reports. Domain registrar Joker.com is recovering from an attack on its name servers last week that lasted for six days up until last Sunday. Joker.com, which is based in Germany, handles the registration of approximately 550,000 domains. more

Cybersquatters Try New Tactics: Soft Squatting

Cybersquatting the domain name of a celebrity and selling it for a king's ransom was one of the great get-rich-quick schemes of the early internet. But since courts now tend to favor the star over the squatter, a new kinder, gentler cybersquatting tactic has emerged.

These days, cybersquatters seek to register a star's domain before that person becomes famous, and then develop a business relationship with the new celebrity, offering website hosting or design work. These so-called soft squatters are registering the domains of hundreds of amateur athletes, musicians and other would-be stars in the hope that one or two of the names will become well-known. more

DNS Servers Do Hackers' Dirty Work

"DNS is now a major vector for DDOS," Dan Kaminsky, a security researcher said, referring to distributed denial-of-service attacks. "The bar has been lowered. People with fewer resources can now launch potentially crippling attacks."

Just as in any DDOS attack, the target system -- which could be a victim's Web server, name server or mail server -- is inundated with a multitude of data coming from multiple systems on the Internet. The goal is to make the target unreachable online by flooding the data connection or by crashing it as it tries to handle the incoming data.  more

Effects of Domain Hijacking Can Linger

Malicious hackers who are able to hijack an organization's Web domain may be able to steal traffic from the legitimate Web site long after the domain has been restored to its owner, according to a recent report.

Design flaws in the way Web browsers and proxy servers store data about Web sites allow malicious hackers to continue directing Web surfers to malicious Web pages for days or even months after the initial domain hijacking. more

New Policy in China Favors Cybersquatters

New regulations will make it more difficult for companies to protect their domain names from cybersquatters in China.

Under the new rules, foreign and local firms will need to prove malicious intent and act quickly to have any hope of retrieving stolen domain names, according to a regulatory official interviewed by Chinese news site Sina. The new rules appear to give a green light to cybersquatters who buy up domain names which are similar to brand names in the hope of selling later for a profit. more

When the Defendant is a Domain Name: The Power of In Rem Proceedings Under the ACPA

A recent decision by a federal court in Virginia illustrates some interesting legal issues that arise from the global nature of the domain name system. It also highlights a powerful mechanism under the Anticybersquatting Consumer Protection Act ("ACPA") by which a plaintiff can proceed with a legal action to recover a domain name without regard to the court's personal jurisdiction over the registrant.  more

New Study Revealing Behind the Scenes of Phishing Attacks

The following is an overview of the recent Honeynet Project and Research Alliance study called 'Know your Enemy:Phishing' aimed at discovering practical information on the practice of phishing. This study focuses on real world incidents based on data captured and analyzed from the UK and German Honeynet Project revealing how attackers build and use their infrastructure for Phishing based attacks. "This data has helped us to understand how phishers typically behave and some of the methods they employ to lure and trick their victims. We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online..." more

What is 'Pharming' and Should You Be Worried?

The sky is falling! The sky is falling! ...or is it? What is this thing called "pharming"? Put simply, it's redirection of web traffic, so that the server you think you're talking to actually belongs to a criminal. For example: you think you're talking to www.examplebank.com because it says so in the browser's address bar, but actually you're connected to www.mafia-R-us.ru. This can happen in three main ways: 1. DNS Hijack: a social engineering attack on the Internet infrastructure... more

CENTR Statement on IDN Homograph Attacks

Recently a proof of concept attack was announced on the Internet that demonstrated how a web address could be constructed that looked in some web browsers identical to that of a well known website. This technique could be used to trick a user into going to a website that they did not plan on visiting, and possibly provide sensitive information to a third party. As a result of this demonstration, there has been a number of voices calling for web browsers to disable or remove support for IDNs by default. ...CENTR, a group of many of the world's domain registries - representing over 98% of domain registrations worldwide - believes such strong reactions are heavily detrimental... more

Creating a Police State From the Ashes of the Internet

Former CIA Director, George J. Tenet recently called for measures to safeguard the United States against internet-enabled attacks. "I know that these actions will be controversial in this age when we still think the Internet is a free and open society with no control or accountability, but ultimately the Wild West must give way to governance and control." Mr. Tenet seems about as confused about the internet as the ITU... more

Survey Predicts Attacks on the Network Infrastructure Within 10 Years

Pew Internet Project has released a report called "The Future of the Internet" based on a recently conducted survey where 1,286 internet experts are said to have looked at the future impact of the internet and assessed predictions about how technology and society will unfold. The following is and excerpt from the report predicting at least one devastating attack will occur in the next 10 years on the networked information infrastructure or the United States power grid. more

Zuccarini To Receive 30 Months in Prison

In a Press Release issued yesterday, February 26, 2004, it has been announced that Zuccarini (background here) will receive 30 months in prison for violating the Truth in Domain Names Act. At least two of the domain names mentioned in the press release, DINSEYLAND.COM and BOBTHEBIULDER.COM appear to have been registered by third parties and are pointing to pages of links... more

New TLDs, Swiftly: This Is No Beauty Contest!

In response to ICANN's request for proposal (RFP) for the selection of new sponsored Top-Level Domains, Wendy Seltzer for the At-Large Advisory Committee (ALAC) urges ICANN to move quickly beyond "testing" to more open addition of a full range of new gTLDs in the near future and offers some general principles to guide that expansion. more

IP And The Internet: A Growing Need to Police Online Content

The Internet and corresponding online world have radically expanded the landscape Intellectual Property professionals need to investigate when monitoring for possible infringements of their trademarks, brands and other intangible assets. With few barriers to entry, coupled with the ability to operate anonymously, the Internet has rapidly become a significant target for unscrupulous individuals hoping to take advantage of the easily accessible Intellectual Property assets of legitimate businesses. more

Diverting Traffic On The Web: Trademarks And The First Amendment

What's at the heart of cybersquatting may also be at the heart of free speech on the Internet: the diversion of Internet users looking for plaintiff's web site to defendant's web site. Cybersquatters register domain names to accomplish this, while meta-infringers (as we will call them) use HTML code and search engine optimization techniques. Meta-infringers do this by creating keyword density by using competitor's trademarks and permutations thereof in their website in order to rank higher in the search engine results when someone searches on the competitor's trademarks. more