Mexico Registries Registrars Abuse Domains 030309

50 %
50 %
Information about Mexico Registries Registrars Abuse Domains 030309
News & Politics

Published on March 4, 2009

Author: gmcknight

Source: slideshare.net

Description

A extensive slideshow by
Rudi Vansnick – ISOC Belgium/EURALO
Garth Bruen – Knujon.com / NARALO

Discussion of the problems with Domain Registrations leading to ECRIME

Rudi Vansnick – ISOC Belgium/EURALO Garth Bruen – Knujon.com / NARALO Registries, Registrars and abuse of domains

Program Introduction Role of Registries and Registrars Some abuses in .be Abuse of domains: samples Some practical cases Mission and Goals Questions and Answers

Introduction

Role of Registries and Registrars

Some abuses in .be

Abuse of domains: samples

Some practical cases

Mission and Goals

Questions and Answers

Role of Registries & Registrars ICANN Internet Corporation for Assigned Names and Numbers Registries Acc. Registrars Agents Registrant / licensee gTLD's ccTLD's

Some abuses in .be

Some abuses in .be

Some abuses in .be

Some abuses in .be

Some abuses in .be

Some abuses in .be

Registrars: Basic Issues and Concerns Lack of transparency and accountability Reseller abuse Typo squat as selling point? Lack of registrant verification Arbitrary policy enforcement Flouting the local law Blocking access to Whois Failure to comply with current RAA False Suspensions ccTLD abuse Bulk Registrations with bad data Gateway for spam and abuse

Lack of transparency and accountability

Reseller abuse

Typo squat as selling point?

Lack of registrant verification

Arbitrary policy enforcement

Flouting the local law

Blocking access to Whois

Failure to comply with current RAA

False Suspensions

ccTLD abuse

Bulk Registrations with bad data

Gateway for spam and abuse

Registrars as Gatekeepers

Registrars as Gatekeepers WHOIS forgery has created a massive new class of completely unknown persons engaged in illicit traffic If Registrars are network administrators they have failed massively to validate who accesses the network We need metrics and follow-up appeal Are drug traffickers, counterfeiters, software pirates, and money launders the Registrar’s biggest customers?

WHOIS forgery has created a massive new class of completely unknown persons engaged in illicit traffic

If Registrars are network administrators they have failed massively to validate who accesses the network

We need metrics and follow-up appeal

Are drug traffickers, counterfeiters, software pirates, and money launders the Registrar’s biggest customers?

E-Crime Infrastructure (as it concerns Registrars)

Unknown Influence Often Illicit Drug Traffic

What else? – All Profit-Driven Money laundering Software Piracy Counterfeit Consumer Goods Domain Inflation Phishing/Intrusions Employment Scams Prostitution

Money laundering

Software Piracy

Counterfeit Consumer Goods

Domain Inflation

Phishing/Intrusions

Employment Scams

Prostitution

Illicit E-Pharma Manifesto Recently obtained and translated “how to” guide for rogue pharmacies Casually references ease of bulk Registering Directs associates to ICANN website States some Registrars more cooperative than others

Recently obtained and translated “how to” guide for rogue pharmacies

Casually references ease of bulk Registering

Directs associates to ICANN website

States some Registrars more cooperative than others

Obfuscated Registrars Mail drop addresses and “brass plate” business registrations Dozens of Registrars not disclosing real address or even country of location OnlineNIC is current concern Missing language from RAA

Mail drop addresses and “brass plate” business registrations

Dozens of Registrars not disclosing real address or even country of location

OnlineNIC is current concern

Missing language from RAA

Where do domain-related fraud profits go? Consumers in wealthier countries purchase illicit products online Money often goes to unsavory characters in poorer countries Poisonous, substandard and fake products are shipped to consumers, injury occurs General citizens in poorer countries do not benefit

Consumers in wealthier countries purchase illicit products online

Money often goes to unsavory characters in poorer countries

Poisonous, substandard and fake products are shipped to consumers, injury occurs

General citizens in poorer countries do not benefit

WHOIS Fraud and Illicit Domains Forged WHOIS Records: ASDF Blank WHOIS Records Non-Existent WHOIS Records False suspension reports Registrars can and should prevent Security community will help We have solutions that will not disrupt or burden Registrars or ICANN

Forged WHOIS Records: ASDF

Blank WHOIS Records

Non-Existent WHOIS Records

False suspension reports

Registrars can and should prevent

Security community will help

We have solutions that will not disrupt or burden Registrars or ICANN

ASDF ASDF is the first four characters on the second row a standard QWERTY keyboard Thousands of illicit web pharmacies are registered with this obviously bogus information Many more examples are subtle but just as preventable at the point of registration

ASDF is the first four characters on the second row a standard QWERTY keyboard

Thousands of illicit web pharmacies are registered with this obviously bogus information

Many more examples are subtle but just as preventable at the point of registration

Blank WHOIS Records and Illicit Domains WHOIS DATA AS OF 2008/08/01 01:15:01 REGISTRAR WHOIS: REGISTRY WHOIS: Whois Server Version 2.0 Domain Name: GEHRUEELS.COM Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: whois.paycenter.com.cn Referral URL: http://www.xinnet.com Name Server: NS1.VOBIUTE.COM Name Server: NS2.VOBIUTE.COM Status: ok Updated Date: 18-feb-2008 Creation Date: 18-feb-2008 Expiration Date: 18-feb-2009

WHOIS DATA AS OF 2008/08/01 01:15:01 REGISTRAR WHOIS: REGISTRY WHOIS: Whois Server Version 2.0 Domain Name: GEHRUEELS.COM

Registrar: XIN NET TECHNOLOGY CORPORATION Whois Server: whois.paycenter.com.cn Referral URL: http://www.xinnet.com Name Server: NS1.VOBIUTE.COM Name Server: NS2.VOBIUTE.COM Status: ok Updated Date: 18-feb-2008 Creation Date: 18-feb-2008 Expiration Date: 18-feb-2009

Non-existent WHOIS Records and Illicit Domains Spammed domain with no WHOIS record redirects to unlicensed pharmacy

False suspension reports Domain Name: AMERICANPERFECTMEDS.COM Registrant: Directi False Whois Suspended Account Directi False Whois Suspended Account (inaccuratewhois@suspended-domain.com) This Domain is Suspended Due to inaccurate Whois Contact Support Desk null,0000 US Tel. +00.0000 *Directi has corrected – cited reseller abuse

Domain Name: AMERICANPERFECTMEDS.COM Registrant: Directi False Whois Suspended Account Directi False Whois Suspended Account (inaccuratewhois@suspended-domain.com) This Domain is Suspended Due to inaccurate Whois Contact Support Desk null,0000 US Tel. +00.0000

Some Practical Cases Register.com Xin Net OnlineNIC ParavaNet eNom

Register.com

Xin Net

OnlineNIC

ParavaNet

eNom

Register.com 8771 Junk Domains Touting Phantom Cash Offers 144 Fake Companies Registering Domains 46,183 Spam emails to consumers

8771 Junk Domains Touting Phantom Cash Offers

144 Fake Companies Registering Domains

46,183 Spam emails to consumers

Xin Net 34,284 Illicit Domains with false Whois records 1,763,014 Recorded spam messages Reported invalid domains still up Mostly rogue pharmacies

34,284 Illicit Domains with false Whois records

1,763,014 Recorded spam messages

Reported invalid domains still up

Mostly rogue pharmacies

eNom Domain Inflation Spammed domains are for sale Traffic in names artificially raises bidding prices

Domain Inflation

Spammed domains are for sale

Traffic in names artificially raises bidding prices

OnlineNic: Where are you? Assumed to be in China, professes to be in United States Fake Pharmacies Software Piracy General dishonesty and obfuscation hurts accountability and transparency

Assumed to be in China, professes to be in United States

Fake Pharmacies

Software Piracy

General dishonesty and obfuscation hurts accountability and transparency

ParavaNet: Where are you? From this morning: Registrant: Parava Networks Networks Parava info2@parava.net 5444 Westheimer Rd. Ste 1585 Houston 77056 US Domain Name: parava.net From July, 2008: *Issued Breach Notice on Friday

From this morning:

Registrant: Parava Networks Networks Parava info2@parava.net 5444 Westheimer Rd. Ste 1585 Houston 77056 US Domain Name: parava.net

Mission and Goals Fix the Policy Loopholes (RAA) Support the Policy Enforce the Policy Upgrade of WDPRS We propose building mechanisms to solve these problems… Other “good” stuff

Fix the Policy Loopholes (RAA)

Support the Policy

Enforce the Policy

Upgrade of WDPRS

We propose building mechanisms to solve these problems…

Other “good” stuff

Our Job as Policy Developers The consequences of not implementing good policy are permissive; the consequences of implementing bad policy are destructive.

The consequences of not implementing good policy are permissive; the consequences of implementing bad policy are destructive.

Make Internet Abuse Policy Enforcement User Friendly End users do not know where to start when abused “ Headers”, “IP,” “ASN”, etc. are foreign words ordinary users Adopt simple methods for handling unwanted traffic Create provider standards and guidelines

End users do not know where to start when abused

“ Headers”, “IP,” “ASN”, etc. are foreign words ordinary users

Adopt simple methods for handling unwanted traffic

Create provider standards and guidelines

Help Consumers Navigate Bureaucracy Consumer inclusion in policy is controversial Instead, build avenues to express grievances that generate trust

Consumer inclusion in policy is controversial

Instead, build avenues to express grievances that generate trust

Data not junk

“good” stuff Breach notices work: Joker and Beijing Net have made considerable improvements Enforcement has impact: EstDomains closure has had domino-effect on cybercrime Small loopholes = big problems – but fixing small holes has fantastic results! Strengthening RAA will solve large portions of the problem

Breach notices work: Joker and Beijing Net have made considerable improvements

Enforcement has impact: EstDomains closure has had domino-effect on cybercrime

Small loopholes = big problems – but fixing small holes has fantastic results! Strengthening RAA will solve large portions of the problem

Purpose of Internet? Communication and Trade? Not created so registrants could talk to each other Not a “closed” circuit for industry-only It’s open so consumers can participate and industry can profit – neither exists without the other Adding consumer advocacy layer does not threaten current model Future Internet could include every consumer as a “registrant”

Communication and Trade?

Not created so registrants could talk to each other

Not a “closed” circuit for industry-only

It’s open so consumers can participate and industry can profit – neither exists without the other

Adding consumer advocacy layer does not threaten current model

Future Internet could include every consumer as a “registrant”

Upgrade of WDPRS WHOIS Data Problem Report System Critical tool for addressing fraud and abuse Created in 2002 but not upgraded since! Rapid expansion of the Internet needs expanded enforcement resources New WDPRS will help, but more tools needed…

WHOIS Data Problem Report System

Critical tool for addressing fraud and abuse

Created in 2002 but not upgraded since!

Rapid expansion of the Internet needs expanded enforcement resources

New WDPRS will help, but more tools needed…

Why ICANN Should “Address” Spam ICANN clearly is not responsible for spam Should not be a “front-end” abuse handler – not practical from functional standpoint Determining what spam is is difficult – “I know it when I see it” However, ICANN should develop an overall policy to aggressively address conditions that enable spam from within the mandate.

ICANN clearly is not responsible for spam

Should not be a “front-end” abuse handler – not practical from functional standpoint

Determining what spam is is difficult – “I know it when I see it”

However, ICANN should develop an overall policy to aggressively address conditions that enable spam from within the mandate.

Questions and Answers This is your time…

This is your time…

Add a comment

Related presentations

Related pages

Slides for Registries Registrars Abuse Domains | PPT Directory

Slides for Registries Registrars Abuse Domains 3 March 2009 . Rudi Vansnick ? ISOC Belgium/EURALO. Garth Bruen ? Knujon.com / NARALO . Registries,
Read more

Registrars and Abuse of Domains - Technology

... Knujon.com / NARALO Registries, Registrars and abuse of domains. ... Mexico Registries Registrars Abuse Domains 030309. Domains, Registrars, Registries
Read more

Jisc Casper 030309 - Technology - documents.mx

Dfsoffshore Power Point 030309. ... Mexico Registries Registrars Abuse Domains 030309. Cloudworks Jisc. JISC Create. Liu - Wyoming Business Report - Casper ...
Read more

SURBL-Listed Domains And Their Registrars (In Just Seven ...

SURBL-Listed Domains And Their Registrars (In Just Seven or Eight Minutes). Joe St Sauver, Ph.D. ... Forum on DNS Abuse Grand Ballroom, ...
Read more

« FAST-FLUX problem & domains registrars » Pavel Khramtsov ...

« FAST-FLUX problem & domains registrars » Pavel Khramtsov ( paul@nic.ru) Slovenia -200 9. DNS – the most popular themes (threads). Spoofing ...
Read more

PowerPoint Presentation - KnujOn

Registries, Registrars and abuse of domains Rudi Vansnick – ISOC Belgium/EURALO Garth Bruen – Knujon.com / NARALO Program Introduction Role of ...
Read more

1 Recent marketing actions Conference for ccTLD registries ...

1 Recent marketing actions Conference for ccTLD registries and registrars of CIS Bled, Slovenia – 7 September 2009 Joke Braeken, Deputy Manager External.
Read more