3 March 2009

Rudi Vansnick – ISOC Belgium/EURALOGarth Bruen – Knujon.com / NARALO

Registries, Registrars and abuse of domains

3 March 2009

Program1. Introduction2. Role of Registries and Registrars3. Some abuses in .be4. Abuse of domains: samples5. Some practical cases6. Mission and Goals7. Questions and Answers

3 March 2009

ICANNInternet Corporation for Assigned Names and Numbers

Registries

Acc. RegistrarsAgents

Registrant / licensee

gTLD's ccTLD's

Role of Registries & Registrars

3 March 2009

Some abuses in .be

3 March 2009

Some abuses in .be

3 March 2009

Some abuses in .be

3 March 2009

Some abuses in .be

3 March 2009

Some abuses in .be

3 March 2009

Some abuses in .be

3 March 2009

Registrars: Basic Issues and Concerns

Lack of transparency and accountabilityReseller abuseTypo squat as selling point?Lack of registrant verificationArbitrary policy enforcementFlouting the local lawBlocking access to WhoisFailure to comply with current RAAFalse SuspensionsccTLD abuseBulk Registrations with bad dataGateway for spam and abuse

3 March 2009

Registrars as Gatekeepers

3 March 2009

Registrars as GatekeepersWHOIS forgery has created a massive new

class of completely unknown persons engaged in illicit traffic

If Registrars are network administrators they have failed massively to validate who accesses the network

We need metrics and follow-up appealAre drug traffickers, counterfeiters, software

pirates, and money launders the Registrar’s biggest customers?

3 March 2009

E-Crime Infrastructure (as it concerns Registrars)

3 March 2009

Unknown Influence Often Illicit Drug Traffic

3 March 2009

What else? – All Profit-Driven• Money launderingSoftware PiracyCounterfeit Consumer GoodsDomain Inflation

Phishing/IntrusionsEmployment ScamsProstitution

3 March 2009

Illicit E-Pharma ManifestoRecently obtained and translated “how to” guide for rogue

pharmaciesCasually references ease of bulk RegisteringDirects associates to ICANN websiteStates some Registrars more cooperative than others

3 March 2009

Obfuscated RegistrarsMail drop addresses and

“brass plate” business registrations

Dozens of Registrars not disclosing real address or even country of location

OnlineNIC is current concern

Missing language from RAA

3 March 2009

Where do domain-related fraud profits go?

Consumers in wealthier countries purchase illicit products online

Money often goes to unsavory characters in poorer countries

Poisonous, substandard and fake products are shipped to consumers, injury occurs

General citizens in poorer countries do not benefit

3 March 2009

WHOIS Fraud and Illicit DomainsForged WHOIS Records: ASDFBlank WHOIS RecordsNon-Existent WHOIS RecordsFalse suspension reportsRegistrars can and should preventSecurity community will helpWe have solutions that will not disrupt or

burden Registrars or ICANN

3 March 2009

ASDFASDF is the first four

characters on the second row a standard QWERTY keyboard

Thousands of illicit web pharmacies are registered with this obviously bogus information

Many more examples are subtle but just as preventable at the point of registration

3 March 2009

Blank WHOIS Records and Illicit Domains WHOIS DATA AS OF 2008/08/01

01:15:01 REGISTRAR WHOIS: REGISTRY WHOIS: Whois Server Version 2.0 Domain Name: GEHRUEELS.COM

Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: whois.paycenter.com.cn Referral URL: http://www.xinnet.com Name Server: NS1.VOBIUTE.COM Name Server: NS2.VOBIUTE.COM Status: ok Updated Date: 18-feb-2008 Creation Date: 18-feb-2008 Expiration Date: 18-feb-2009

3 March 2009

Non-existent WHOIS Records and Illicit Domains

Spammed domain with no WHOIS record redirects to unlicensed pharmacy

3 March 2009

False suspension reportsDomain Name: AMERICANPERFECTMEDS.COM Registrant: Directi False Whois Suspended Account Directi False Whois Suspended Account (inaccuratewhois@suspended-domain.com) This Domain is Suspended Due to inaccurate Whois Contact Support Desk null,0000 US Tel. +00.0000

*Directi has corrected – cited reseller abuse

3 March 2009

Some Practical CasesRegister.comXin NetOnlineNICParavaNet eNom

3 March 2009

Register.com8771 Junk Domains

Touting Phantom Cash Offers

144 Fake Companies Registering Domains

46,183 Spam emails to consumers

3 March 2009

Xin Net34,284 Illicit Domains

with false Whois records1,763,014 Recorded

spam messagesReported invalid

domains still upMostly rogue

pharmacies

3 March 2009

eNomDomain InflationSpammed domains are for saleTraffic in names artificially raises bidding

prices

3 March 2009

OnlineNic: Where are you?Assumed to be in

China, professes to be in United States

Fake PharmaciesSoftware PiracyGeneral dishonesty

and obfuscation hurts accountability and transparency

3 March 2009

ParavaNet: Where are you?From this morning:

Registrant: Parava Networks Networks Parava info2@parava.net5444 Westheimer Rd. Ste 1585 Houston 77056 US Domain Name: parava.net

From July, 2008:

*Issued Breach Notice on Friday

3 March 2009

Mission and GoalsFix the Policy Loopholes (RAA)Support the PolicyEnforce the PolicyUpgrade of WDPRSWe propose building mechanisms to solve

these problems…Other “good” stuff

3 March 2009

Our Job as Policy DevelopersThe consequences of

not implementing good policy are permissive; the consequences of implementing bad policy are destructive.

3 March 2009

Make Internet Abuse Policy Enforcement User Friendly

End users do not know where to start when abused

“Headers”, “IP,” “ASN”, etc. are foreign words ordinary users

Adopt simple methods for handling unwanted traffic

Create provider standards and guidelines

3 March 2009

Help Consumers Navigate Bureaucracy

Consumer inclusion in policy is controversial

Instead, build avenues to express grievances that generate trust

3 March 2009

Data not junk

3 March 2009

“good” stuffBreach notices work: Joker and Beijing Net

have made considerable improvementsEnforcement has impact: EstDomains closure

has had domino-effect on cybercrimeSmall loopholes = big problems – but fixing

small holes has fantastic results! Strengthening RAA will solve large portions of the problem

3 March 2009

Purpose of Internet?Communication and Trade?Not created so registrants could talk to each

otherNot a “closed” circuit for industry-onlyIt’s open so consumers can participate and

industry can profit – neither exists without the other

Adding consumer advocacy layer does not threaten current model

Future Internet could include every consumer as a “registrant”

3 March 2009

Upgrade of WDPRSWHOIS Data Problem

Report SystemCritical tool for

addressing fraud and abuse

Created in 2002 but not upgraded since!

Rapid expansion of the Internet needs expanded enforcement resources

New WDPRS will help, but more tools needed…

3 March 2009

Why ICANN Should “Address” Spam

ICANN clearly is not responsible for spamShould not be a “front-end” abuse handler –

not practical from functional standpointDetermining what spam is is difficult – “I

know it when I see it” However, ICANN should develop an overall

policy to aggressively address conditions that enable spam from within the mandate.

3 March 2009

Questions and Answers

This is your time…