390 likes | 486 Views
Registries, Registrars and abuse of domains. Rudi Vansnick – ISOC Belgium/EURALO Garth Bruen – Knujon.com / NARALO. Program. Introduction Role of Registries and Registrars Some abuses in .be Abuse of domains: samples Some practical cases Mission and Goals Questions and Answers. ICANN.
E N D
Registries, Registrars and abuse of domains Rudi Vansnick – ISOC Belgium/EURALO Garth Bruen – Knujon.com / NARALO
Program • Introduction • Role of Registries and Registrars • Some abuses in .be • Abuse of domains: samples • Some practical cases • Mission and Goals • Questions and Answers
ICANN Internet Corporation for Assigned Names and Numbers Registries ccTLD's gTLD's Acc. Registrars Agents Registrant / licensee Role of Registries & Registrars
Registrars: Basic Issues and Concerns • Lack of transparency and accountability • Reseller abuse • Typo squat as selling point? • Lack of registrant verification • Arbitrary policy enforcement • Flouting the local law • Blocking access to Whois • Failure to comply with current RAA • False Suspensions • ccTLD abuse • Bulk Registrations with bad data • Gateway for spam and abuse
Registrars as Gatekeepers • WHOIS forgery has created a massive new class of completely unknown persons engaged in illicit traffic • If Registrars are network administrators they have failed massively to validate who accesses the network • We need metrics and follow-up appeal • Are drug traffickers, counterfeiters, software pirates, and money launders the Registrar’s biggest customers?
What else? – All Profit-Driven • Money laundering • Software Piracy • Counterfeit Consumer Goods • Domain Inflation • Phishing/Intrusions • Employment Scams • Prostitution
Illicit E-Pharma Manifesto • Recently obtained and translated “how to” guide for rogue pharmacies • Casually references ease of bulk Registering • Directs associates to ICANN website • States some Registrars more cooperative than others
Obfuscated Registrars • Mail drop addresses and “brass plate” business registrations • Dozens of Registrars not disclosing real address or even country of location • OnlineNIC is current concern • Missing language from RAA
Where do domain-related fraud profits go? • Consumers in wealthier countries purchase illicit products online • Money often goes to unsavory characters in poorer countries • Poisonous, substandard and fake products are shipped to consumers, injury occurs • General citizens in poorer countries do not benefit
WHOIS Fraud and Illicit Domains • Forged WHOIS Records: ASDF • Blank WHOIS Records • Non-Existent WHOIS Records • False suspension reports • Registrars can and should prevent • Security community will help • We have solutions that will not disrupt or burden Registrars or ICANN
ASDF • ASDF is the first four characters on the second row a standard QWERTY keyboard • Thousands of illicit web pharmacies are registered with this obviously bogus information • Many more examples are subtle but just as preventable at the point of registration
Blank WHOIS Records and Illicit Domains • WHOIS DATA AS OF 2008/08/01 01:15:01 REGISTRAR WHOIS: REGISTRY WHOIS: Whois Server Version 2.0 Domain Name: GEHRUEELS.COM • Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: whois.paycenter.com.cn Referral URL: http://www.xinnet.com Name Server: NS1.VOBIUTE.COM Name Server: NS2.VOBIUTE.COM Status: ok Updated Date: 18-feb-2008 Creation Date: 18-feb-2008 Expiration Date: 18-feb-2009
Non-existent WHOIS Records and Illicit Domains Spammed domain with no WHOIS record redirects to unlicensed pharmacy
False suspension reports Domain Name: AMERICANPERFECTMEDS.COMRegistrant: Directi False Whois Suspended Account Directi False Whois Suspended Account (inaccuratewhois@suspended-domain.com) This Domain is Suspended Due to inaccurate Whois Contact Support Desk null,0000 US Tel. +00.0000 *Directi has corrected – cited reseller abuse
Some Practical Cases • Register.com • Xin Net • OnlineNIC • ParavaNet • eNom
Register.com • 8771 Junk Domains Touting Phantom Cash Offers • 144 Fake Companies Registering Domains • 46,183 Spam emails to consumers
Xin Net • 34,284 Illicit Domains with false Whois records • 1,763,014 Recorded spam messages • Reported invalid domains still up • Mostly rogue pharmacies
eNom • Domain Inflation • Spammed domains are for sale • Traffic in names artificially raises bidding prices
OnlineNic: Where are you? • Assumed to be in China, professes to be in United States • Fake Pharmacies • Software Piracy • General dishonesty and obfuscation hurts accountability and transparency
ParavaNet: Where are you? From this morning: Registrant: Parava Networks Networks Parava info2@parava.net5444 Westheimer Rd. Ste 1585 Houston 77056 US Domain Name: parava.net From July, 2008: *Issued Breach Notice on Friday
Mission and Goals • Fix the Policy Loopholes (RAA) • Support the Policy • Enforce the Policy • Upgrade of WDPRS • We propose building mechanisms to solve these problems… • Other “good” stuff
Our Job as Policy Developers • The consequences of not implementing good policy are permissive; the consequences of implementing bad policy are destructive.
Make Internet Abuse Policy Enforcement User Friendly • End users do not know where to start when abused • “Headers”, “IP,” “ASN”, etc. are foreign words ordinary users • Adopt simple methods for handling unwanted traffic • Create provider standards and guidelines
Help Consumers Navigate Bureaucracy • Consumer inclusion in policy is controversial • Instead, build avenues to express grievances that generate trust
“good” stuff • Breach notices work: Joker and Beijing Net have made considerable improvements • Enforcement has impact: EstDomains closure has had domino-effect on cybercrime • Small loopholes = big problems – but fixing small holes has fantastic results! Strengthening RAA will solve large portions of the problem
Purpose of Internet? • Communication and Trade? • Not created so registrants could talk to each other • Not a “closed” circuit for industry-only • It’s open so consumers can participate and industry can profit – neither exists without the other • Adding consumer advocacy layer does not threaten current model • Future Internet could include every consumer as a “registrant”
Upgrade of WDPRS • WHOIS Data Problem Report System • Critical tool for addressing fraud and abuse • Created in 2002 but not upgraded since! • Rapid expansion of the Internet needs expanded enforcement resources • New WDPRS will help, but more tools needed…
Why ICANN Should “Address” Spam • ICANN clearly is not responsible for spam • Should not be a “front-end” abuse handler – not practical from functional standpoint • Determining what spam is is difficult – “I know it when I see it” • However, ICANN should develop an overall policy to aggressively address conditions that enable spam from within the mandate.
Questions and Answers • This is your time…