About Me

Chris Barton

Chris Barton
Having been with "big red" since the Dr Solomons acquisition Chris has seen many come and go but is never content to be ...

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

ICANN slaps registrars who help criminals

Tuesday, May 27, 2008 at 11:02am by Chris Barton
Chris Barton

It’ll come as no surprise that there are a bunch of domain registrars that are effectively supporting criminal gangs by not acting on reports of domains run for evil deeds and criminal activities. (Or as we say: They don’t wear a glowing white hat!)

I was chatting on email with Garth Bruen from KnujOn the other day and we agreed that it’s been well known for a long time in the industry that certain registrars are “black hat” and he questioned what was being done about it and pointed me at a story they had worked with the Washington Post on the subject of their top ten documented here: http://www.knujon.com/registrars/#the_list.

For a different data source (and one that looks very much like our own ;) ) URIBL’s “hall of shame” has been on line for ages and can be viewed here: http://rss.uribl.com/nic/

I don’t take these things at face value but I’ve been aware of this issue for a couple of years and have even stood up at an APWG conference and shook my finger at registries and registrars in the room after an early presentation on double-flux and made sure they knew only they could help fight it.

Well it looks like Garths article and PR worked, the wheels of power at ICANN have turned and they have told the worst registrars to act!

So my hat tip for the month of May has to go to Garth, Cool.. Nice one… and congratulations!

ICANN state

“But if those registrars, including those publicly cited, do not investigate and correct alleged inaccuracies reported to ICANN, our escalation procedure can ultimately result in ICANN terminating their accreditation and preventing them from registering domain names,”

I suspect however that the “inaccuracies” relate to the accuracy of whois information and if that is the case I suspect that the registrars will simply start their own privacy services.

NB: Privacy and anonymity are different things if your a LEA (Law Enforcement Authority) within your jurisdiction, but to me the humble lower middle-class sysadmin (Hi @SRS) and those outside of their primary jurisdiction they are effectively the same impenetrable barrier. We repute against domains registered with privacy services because statistically speaking (in the filtering metric truck-loads of email world) they are used as anonymity services more than privacy.

Competition time: Just for fun, I’m going to open a book on the first registrar to expire date and put a black McAfee Baseball Cap up for grabs. (We engineers don’t get much SWAG, let alone give it away). Just leave a message with the registrar you think will stop trading (or be disaccredited by ICANN) first and the date you think they will be gone on.

Employees of McAfee, KnujOn and ICANN need not apply, I’m the judge and my decision is final!

Final thoughts: All we need now is a few of the heavily abused cc-TLD’s to do the same and dive into the fight before we see more of these.

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (2)

  • George August 8, 2008 3:24AM

    ICANN won’t actually do anything. That would interfere with the money flow.

    Imagine if LE used the same methods to control blue collar crime…

    “Hey, Bill, look…we got a letter from the feds saying we’d better knock it off or else they might ultimately do something.”

    Slap? How about huff-n-puff so they don’t look completely complacent?

    Here’s a predication: Your black hats will collect dust.

    - George

    Reply
  • dallase May 27, 2008 11:08AM

    We’re not worthy! Party on Garth.

    Reply