Transcript Document
Registries, Registrars and abuse of domains
Rudi Vansnick – ISOC Belgium/EURALO
Garth Bruen – Knujon.com / NARALO
3 March 2009
Program
1.
2.
3.
4.
5.
6.
7.
Introduction
Role of Registries and Registrars
Some abuses in .be
Abuse of domains: samples
Some practical cases
Mission and Goals
Questions and Answers
3 March 2009
Role of Registries & Registrars
ICANN
Internet Corporation for Assigned Names and Numbers
gTLD's
Registries
Acc. Registrars
Registrant / licensee
3 March 2009
ccTLD's
Agents
Some abuses in .be
3 March 2009
Some abuses in .be
3 March 2009
Some abuses in .be
3 March 2009
Some abuses in .be
3 March 2009
Some abuses in .be
3 March 2009
Some abuses in .be
3 March 2009
Registrars: Basic Issues and
Concerns
Lack of transparency and accountability
Reseller abuse
Typo squat as selling point?
Lack of registrant verification
Arbitrary policy enforcement
Flouting the local law
Blocking access to Whois
Failure to comply with current RAA
False Suspensions
ccTLD abuse
Bulk Registrations with bad data
Gateway for spam and abuse
3 March 2009
Registrars as Gatekeepers
3 March 2009
Registrars as Gatekeepers
WHOIS forgery has created a massive new class of
completely unknown persons engaged in illicit traffic
If Registrars are network administrators they have
failed massively to validate who accesses the network
We need metrics and follow-up appeal
Are drug traffickers, counterfeiters, software pirates,
and money launders the Registrar’s biggest customers?
3 March 2009
E-Crime Infrastructure (as it concerns Registrars)
3 March 2009
Unknown Influence Often Illicit
Drug Traffic
3 March 2009
What else? – All Profit-Driven
• Money laundering
Software Piracy
Counterfeit Consumer Goods
Domain Inflation
3 March 2009
Phishing/Intrusions
Employment Scams
Prostitution
Illicit E-Pharma Manifesto
Recently obtained and translated “how to” guide for rogue pharmacies
Casually references ease of bulk Registering
Directs associates to ICANN website
States some Registrars more cooperative than others
3 March 2009
Obfuscated Registrars
Mail drop addresses and
“brass plate” business
registrations
Dozens of Registrars not
disclosing real address or
even country of location
OnlineNIC is current concern
Missing language from RAA
3 March 2009
Where do domain-related fraud
profits go?
Consumers in wealthier
countries purchase illicit
products online
Money often goes to unsavory
characters in poorer countries
Poisonous, substandard and
fake products are shipped to
consumers, injury occurs
General citizens in poorer
countries do not benefit
3 March 2009
WHOIS Fraud and Illicit Domains
Forged WHOIS Records: ASDF
Blank WHOIS Records
Non-Existent WHOIS Records
False suspension reports
Registrars can and should prevent
Security community will help
We have solutions that will not disrupt or burden
Registrars or ICANN
3 March 2009
ASDF
ASDF is the first four
characters on the second row
a standard QWERTY
keyboard
Thousands of illicit web
pharmacies are registered
with this obviously bogus
information
Many more examples are
subtle but just as preventable
at the point of registration
3 March 2009
Blank WHOIS Records and Illicit Domains
WHOIS DATA AS OF 2008/08/01
01:15:01 REGISTRAR WHOIS:
REGISTRY WHOIS: Whois Server
Version 2.0 Domain Name:
GEHRUEELS.COM
Registrar: XIN NET
TECHNOLOGY CORPORATION Whois
Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: NS1.VOBIUTE.COM
Name Server: NS2.VOBIUTE.COM
Status: ok Updated Date: 18-feb-2008
Creation Date: 18-feb-2008 Expiration
Date: 18-feb-2009
3 March 2009
Non-existent WHOIS Records and Illicit Domains
Spammed domain with no WHOIS record redirects to unlicensed
pharmacy
3 March 2009
False suspension reports
Domain Name:
AMERICANPERFECTMEDS.COM
Registrant: Directi False Whois
Suspended Account Directi False
Whois Suspended Account
([email protected]) This Domain is
Suspended Due to inaccurate
Whois Contact Support Desk
null,0000 US Tel. +00.0000
*Directi has corrected – cited
reseller abuse
3 March 2009
Some Practical Cases
Register.com
Xin Net
OnlineNIC
ParavaNet
eNom
3 March 2009
Register.com
8771 Junk Domains Touting
Phantom Cash Offers
144 Fake Companies
Registering Domains
46,183 Spam emails to
consumers
3 March 2009
Xin Net
34,284 Illicit Domains with
false Whois records
1,763,014 Recorded spam
messages
Reported invalid domains
still up
Mostly rogue pharmacies
3 March 2009
eNom
Domain Inflation
Spammed domains are for sale
Traffic in names artificially raises bidding prices
3 March 2009
OnlineNic: Where are you?
Assumed to be in China,
professes to be in United
States
Fake Pharmacies
Software Piracy
General dishonesty and
obfuscation hurts
accountability and
transparency
3 March 2009
ParavaNet: Where are you?
From this morning:
From July, 2008:
Registrant: Parava Networks
Networks Parava
[email protected]
5444 Westheimer Rd. Ste
1585 Houston 77056 US
Domain Name: parava.net
*Issued Breach Notice on Friday
3 March 2009
Mission and Goals
Fix the Policy Loopholes (RAA)
Support the Policy
Enforce the Policy
Upgrade of WDPRS
We propose building mechanisms to solve these
problems…
Other “good” stuff
3 March 2009
Our Job as Policy Developers
The consequences of not
implementing good
policy are permissive; the
consequences of
implementing bad policy
are destructive.
3 March 2009
Make Internet Abuse Policy
Enforcement User Friendly
End users do not know where
to start when abused
“Headers”, “IP,” “ASN”, etc. are
foreign words ordinary users
Adopt simple methods for
handling unwanted traffic
Create provider standards
and guidelines
3 March 2009
Help Consumers Navigate
Bureaucracy
Consumer inclusion in
policy is controversial
Instead, build avenues to
express grievances that
generate trust
3 March 2009
Data not junk
3 March 2009
“good” stuff
Breach notices work: Joker and Beijing Net have made
considerable improvements
Enforcement has impact: EstDomains closure has had
domino-effect on cybercrime
Small loopholes = big problems – but fixing small
holes has fantastic results! Strengthening RAA will
solve large portions of the problem
3 March 2009
Purpose of Internet?
Communication and Trade?
Not created so registrants could talk to each other
Not a “closed” circuit for industry-only
It’s open so consumers can participate and industry
can profit – neither exists without the other
Adding consumer advocacy layer does not threaten
current model
Future Internet could include every consumer as a
“registrant”
3 March 2009
Upgrade of WDPRS
WHOIS Data Problem Report
System
Critical tool for addressing
fraud and abuse
Created in 2002 but not
upgraded since!
Rapid expansion of the
Internet needs expanded
enforcement resources
New WDPRS will help, but
more tools needed…
3 March 2009
Why ICANN Should “Address”
Spam
ICANN clearly is not responsible for spam
Should not be a “front-end” abuse handler – not
practical from functional standpoint
Determining what spam is is difficult – “I know it
when I see it”
However, ICANN should develop an overall policy to
aggressively address conditions that enable spam from
within the mandate.
3 March 2009
Questions and Answers
This is your time…
3 March 2009