Registrars and Abuse of Domains


Published on

This is a presentation by Rudi Vansnick ISOC Belgium and EURALO and Garth Bruen of Knujon and NARALO

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Registrars and Abuse of Domains

  1. 1. Rudi Vansnick – ISOC Belgium/EURALO Garth Bruen – / NARALO Registries, Registrars and abuse of domains
  2. 2. Program <ul><li>Introduction </li></ul><ul><li>Role of Registries and Registrars </li></ul><ul><li>Some abuses in .be </li></ul><ul><li>Abuse of domains: samples </li></ul><ul><li>Some practical cases </li></ul><ul><li>Mission and Goals </li></ul><ul><li>Questions and Answers </li></ul>
  3. 3. Role of Registries & Registrars ICANN Internet Corporation for Assigned Names and Numbers Registries Acc. Registrars Agents Registrant / licensee gTLD's ccTLD's
  4. 4. Some abuses in .be
  5. 5. Some abuses in .be
  6. 6. Some abuses in .be
  7. 7. Some abuses in .be
  8. 8. Some abuses in .be
  9. 9. Some abuses in .be
  10. 10. Registrars: Basic Issues and Concerns <ul><li>Lack of transparency and accountability </li></ul><ul><li>Reseller abuse </li></ul><ul><li>Typo squat as selling point? </li></ul><ul><li>Lack of registrant verification </li></ul><ul><li>Arbitrary policy enforcement </li></ul><ul><li>Flouting the local law </li></ul><ul><li>Blocking access to Whois </li></ul><ul><li>Failure to comply with current RAA </li></ul><ul><li>False Suspensions </li></ul><ul><li>ccTLD abuse </li></ul><ul><li>Bulk Registrations with bad data </li></ul><ul><li>Gateway for spam and abuse </li></ul>
  11. 11. Registrars as Gatekeepers
  12. 12. Registrars as Gatekeepers <ul><li>WHOIS forgery has created a massive new class of completely unknown persons engaged in illicit traffic </li></ul><ul><li>If Registrars are network administrators they have failed massively to validate who accesses the network </li></ul><ul><li>We need metrics and follow-up appeal </li></ul><ul><li>Are drug traffickers, counterfeiters, software pirates, and money launders the Registrar’s biggest customers? </li></ul>
  13. 13. E-Crime Infrastructure (as it concerns Registrars)
  14. 14. Unknown Influence Often Illicit Drug Traffic
  15. 15. What else? – All Profit-Driven <ul><li>Money laundering </li></ul><ul><li>Software Piracy </li></ul><ul><li>Counterfeit Consumer Goods </li></ul><ul><li>Domain Inflation </li></ul><ul><li>Phishing/Intrusions </li></ul><ul><li>Employment Scams </li></ul><ul><li>Prostitution </li></ul>
  16. 16. Illicit E-Pharma Manifesto <ul><li>Recently obtained and translated “how to” guide for rogue pharmacies </li></ul><ul><li>Casually references ease of bulk Registering </li></ul><ul><li>Directs associates to ICANN website </li></ul><ul><li>States some Registrars more cooperative than others </li></ul>
  17. 17. Obfuscated Registrars <ul><li>Mail drop addresses and “brass plate” business registrations </li></ul><ul><li>Dozens of Registrars not disclosing real address or even country of location </li></ul><ul><li>OnlineNIC is current concern </li></ul><ul><li>Missing language from RAA </li></ul>
  18. 18. Where do domain-related fraud profits go? <ul><li>Consumers in wealthier countries purchase illicit products online </li></ul><ul><li>Money often goes to unsavory characters in poorer countries </li></ul><ul><li>Poisonous, substandard and fake products are shipped to consumers, injury occurs </li></ul><ul><li>General citizens in poorer countries do not benefit </li></ul>
  19. 19. WHOIS Fraud and Illicit Domains <ul><li>Forged WHOIS Records: ASDF </li></ul><ul><li>Blank WHOIS Records </li></ul><ul><li>Non-Existent WHOIS Records </li></ul><ul><li>False suspension reports </li></ul><ul><li>Registrars can and should prevent </li></ul><ul><li>Security community will help </li></ul><ul><li>We have solutions that will not disrupt or burden Registrars or ICANN </li></ul>
  20. 20. ASDF <ul><li>ASDF is the first four characters on the second row a standard QWERTY keyboard </li></ul><ul><li>Thousands of illicit web pharmacies are registered with this obviously bogus information </li></ul><ul><li>Many more examples are subtle but just as preventable at the point of registration </li></ul>
  21. 21. Blank WHOIS Records and Illicit Domains <ul><li>WHOIS DATA AS OF 2008/08/01 01:15:01 REGISTRAR WHOIS: REGISTRY WHOIS: Whois Server Version 2.0 Domain Name: GEHRUEELS.COM </li></ul><ul><li>Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: Referral URL: Name Server: NS1.VOBIUTE.COM Name Server: NS2.VOBIUTE.COM Status: ok Updated Date: 18-feb-2008 Creation Date: 18-feb-2008 Expiration Date: 18-feb-2009 </li></ul>
  22. 22. Non-existent WHOIS Records and Illicit Domains Spammed domain with no WHOIS record redirects to unlicensed pharmacy
  23. 23. False suspension reports <ul><li>Domain Name: AMERICANPERFECTMEDS.COM Registrant: Directi False Whois Suspended Account Directi False Whois Suspended Account ( This Domain is Suspended Due to inaccurate Whois Contact Support Desk null,0000 US Tel. +00.0000 </li></ul>*Directi has corrected – cited reseller abuse
  24. 24. Some Practical Cases <ul><li> </li></ul><ul><li>Xin Net </li></ul><ul><li>OnlineNIC </li></ul><ul><li>ParavaNet </li></ul><ul><li>eNom </li></ul>
  25. 25. <ul><li>8771 Junk Domains Touting Phantom Cash Offers </li></ul><ul><li>144 Fake Companies Registering Domains </li></ul><ul><li>46,183 Spam emails to consumers </li></ul>
  26. 26. Xin Net <ul><li>34,284 Illicit Domains with false Whois records </li></ul><ul><li>1,763,014 Recorded spam messages </li></ul><ul><li>Reported invalid domains still up </li></ul><ul><li>Mostly rogue pharmacies </li></ul>
  27. 27. eNom <ul><li>Domain Inflation </li></ul><ul><li>Spammed domains are for sale </li></ul><ul><li>Traffic in names artificially raises bidding prices </li></ul>
  28. 28. OnlineNic: Where are you? <ul><li>Assumed to be in China, professes to be in United States </li></ul><ul><li>Fake Pharmacies </li></ul><ul><li>Software Piracy </li></ul><ul><li>General dishonesty and obfuscation hurts accountability and transparency </li></ul>
  29. 29. ParavaNet: Where are you? <ul><li>From this morning: </li></ul><ul><li>Registrant: Parava Networks Networks Parava 5444 Westheimer Rd. Ste 1585 Houston 77056 US Domain Name: </li></ul>From July, 2008: *Issued Breach Notice on Friday
  30. 30. Mission and Goals <ul><li>Fix the Policy Loopholes (RAA) </li></ul><ul><li>Support the Policy </li></ul><ul><li>Enforce the Policy </li></ul><ul><li>Upgrade of WDPRS </li></ul><ul><li>We propose building mechanisms to solve these problems… </li></ul><ul><li>Other “good” stuff </li></ul>
  31. 31. Our Job as Policy Developers <ul><li>The consequences of not implementing good policy are permissive; the consequences of implementing bad policy are destructive. </li></ul>
  32. 32. Make Internet Abuse Policy Enforcement User Friendly <ul><li>End users do not know where to start when abused </li></ul><ul><li>“ Headers”, “IP,” “ASN”, etc. are foreign words ordinary users </li></ul><ul><li>Adopt simple methods for handling unwanted traffic </li></ul><ul><li>Create provider standards and guidelines </li></ul>
  33. 33. Help Consumers Navigate Bureaucracy <ul><li>Consumer inclusion in policy is controversial </li></ul><ul><li>Instead, build avenues to express grievances that generate trust </li></ul>
  34. 34. Data not junk
  35. 35. “good” stuff <ul><li>Breach notices work: Joker and Beijing Net have made considerable improvements </li></ul><ul><li>Enforcement has impact: EstDomains closure has had domino-effect on cybercrime </li></ul><ul><li>Small loopholes = big problems – but fixing small holes has fantastic results! Strengthening RAA will solve large portions of the problem </li></ul>
  36. 36. Purpose of Internet? <ul><li>Communication and Trade? </li></ul><ul><li>Not created so registrants could talk to each other </li></ul><ul><li>Not a “closed” circuit for industry-only </li></ul><ul><li>It’s open so consumers can participate and industry can profit – neither exists without the other </li></ul><ul><li>Adding consumer advocacy layer does not threaten current model </li></ul><ul><li>Future Internet could include every consumer as a “registrant” </li></ul>
  37. 37. Upgrade of WDPRS <ul><li>WHOIS Data Problem Report System </li></ul><ul><li>Critical tool for addressing fraud and abuse </li></ul><ul><li>Created in 2002 but not upgraded since! </li></ul><ul><li>Rapid expansion of the Internet needs expanded enforcement resources </li></ul><ul><li>New WDPRS will help, but more tools needed… </li></ul>
  38. 38. Why ICANN Should “Address” Spam <ul><li>ICANN clearly is not responsible for spam </li></ul><ul><li>Should not be a “front-end” abuse handler – not practical from functional standpoint </li></ul><ul><li>Determining what spam is is difficult – “I know it when I see it” </li></ul><ul><li>However, ICANN should develop an overall policy to aggressively address conditions that enable spam from within the mandate. </li></ul>
  39. 39. Questions and Answers <ul><li>This is your time… </li></ul>