- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Network World - Cybercriminals worldwide are amassing domain names to keep their botnet and phishing operations a step ahead of authorities
To obscure their tracks, the criminals register the domain names using phony information, pay with stolen credit cards and hack into legitimate domain-name accounts. Adding to the problem of domain-name abuse, some rogue registrars often look the other way as the money rolls in. (See related story, “Domain-name abuse proliferates; rogue registrars turn a blind eye”)
Today’s cosmopolitan criminals might use “a registrar in China and a Web-hosting company in Russia and a registry in Ireland,” says Ram Mohan, CTO at Dublin-based registry services provider Afilias. The target is usually “a consumer in America.”
Accredited by ICANN for the .info generic top-level domain (gTLD), Afilias helped organize the Registry Internet Safety Group to find ways to improve security.
Mohan says Afilias has seen about 250,000 domain names taken down in the past 2.5 years because they were deemed to be maliciously used. At first the registrars Afilias works with were not too happy to see domain names suspended, but many have come around to see the wisdom in taking action to stop perceived criminal activity, he says.
In the past, standard contracts between ICANN and registrars didn’t address domain-name abuse head-on. (Mohan estimates there about 2,000 registrars and retail channels for domain names globally today.) But Afilias successfully lobbied to have the standard contracts amended so that stringent actions against domain-name abuse could be taken, he says.
Registry services provider Neustar (accredited by ICANN for the .biz gTLD) is also a big believer in tackling domain-name abuse, which after all, hurts the bottom line. Three years ago, Neustar hired a legal team to handle domain abuse questions and set up an internal, isolated networking lab to make determinations to a “near certainty” about a domain name being used for objectionable purposes, says Jeff Neuman, vice president of law and policy at Neustar.
Under its contracts with registrars and ICANN, Neustar can proactively say to a registrar, with a full report, “you have 12 hours to take down that domain name or we will do it,” he says. ICANN has a more informal process for trying to curb domain-name abuse, but that may eventually change, Neuman believes.
Many security researchers today are inclined to blame a lot of domain-name abuse on “rogue registrars” around the world that are said to look the other way when dealing with criminals.
For instance, .cn, the country-code domain for the People’s Republic of China, has emerged as a popular choice for domain-name abuse. For country-code top-level domains, each country through a designated organization directly accredits registrars for the ccTLD, though those registrars may also be accredited by ICANN for gTLDs like .com and .info.
Two ICANN-accredited registrars, Beijing-based Xin Net Technology Corp. and Beijing Innovative Linkage, among other registrars based in China, have gained reputations in some circles as rogue registrars because of the large amount of malicious domains being traced to them over the past year.