Posts tagged ‘ICANN’

SANS Internet Storm Center, InfoCON: green: NTIA begins transition of Root DNS Management, (Sat, Mar 15th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

The U.S. National Telecommunications and Information Administration (NTIA) has begun the final stages of privatizing the management of the Domain Name System (DNS) that powers the Internet.  This transition was begun in 1997.

From the press release

"As the first step, NTIA is asking the Internet Corporation for Assigned Names and Numbers (ICANN) to convene global stakeholders to develop a proposal to transition the current role played by NTIA in the coordination of the Internet’s domain name system (DNS). "

The NTIA, in conjunction with ICANN and Verisign,  is currently responsible for managing the root zone, including the administration of the root zone file which contains the details about the top level domains (TLDs).  The TLDs are the last part of a Full Qualified Domain Name (FQDN), such as .com, .gov, .mil, etc.

– Rick Wanner – rwanner at isc dot sans dot edu – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[Медийно право] [Нели Огнянова]: Управление на интернет: позиция на ЕК

This post was syndicated from: [Медийно право] [Нели Огнянова] and was written by: nellyo. Original post: at [Медийно право] [Нели Огнянова]

Европейската комисия публикува Съобщение COM(2014) 72 /4  за политиката на ЕС към интернет и управлението на мрежата.

Комисията предлага позицията си като основа на подхода на ЕС в бъдещите преговори за  управлението на интернет (Netmundial в Сао Паоло (април 2014),   Internet Governance Forum (август 2014)  и High Level ICANN meeting). Подходът ще бъде изработен с участието на Парламента и Съвета. Комисията призовава за прозрачност, отчетност и демократично участие в управлението на мрежата, за отворен интернет, за сигурност и стабилност.

Съобщението на ЕК беше предхождано от публична консултация за бъдещето на интернет.

Американската администрация приветства.

SANS Internet Storm Center, InfoCON: green: New gTLDs appearing in the root zone, (Thu, Jan 30th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Over the last month or so, new gTLDs (generic top level domains) have been added to the root zone by ICANN. This is the beginning of a process of adding a couple hundred new gTLDs which ICANN colleted applications for last year.

To get a full list of current valid gTLDs see http://newgtlds.icann.org/en/program-status/delegated-strings

It is up to the individual registrars who received the gTLDs to decide how to use them. Some are limited to particular organizations. Others are already available to the public for pre-registration.

This is important if you are doing more detailed input validation on domain names, for example to validate e-mail addresses. For example, the longest name I was able to spot was ".INTERNATIONAL" . 

 

 

——
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

TorrentFreak: Registrars Can’t Hold ‘Pirate’ Domains Hostage Without Court Order

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

Prompted by Hollywood and the major recording labels, during October 2013 the Intellectual Property Crime Unit (PIPCU) of City of London Police embarked on a new approach to take allegedly-infringing sites offline.

In a letter sent to the domain registrars of several torrent and MP3-related sites, police stated that the domains in question (including ExtraTorrent.com, SumoTorrent.com, emp3world.com, full-albums.net and maxalbums.com) were being run by criminals who were breaking UK law. Therefore the domains should be suspended within 48 hours, the police explained.

One registrar, PDR Ltd, immediately complied with the request, even though the police had not obtained a court order compelling them to do so. Another, EasyDNS, refused to comply on the basis that there needed to be due process. This led to an attempt by the owner of the latter three sites listed above to transfer his domains to EasyDNS as he believed the registrar would stand up for his rights.

However, PDR Ltd refused to transfer the domains over, prompting EasyDNS to embark on a crusade to force PDR Ltd to accept that while seizing domains with a court order might be acceptable, doing so simply because someone asks you to is not, even when that someone is the police.

EasyDNS took the matter to Verisign (who issued a decision of “No Decision”) and eventually all the way to the National Arbitration Forum. Yesterday the ICANN Transfer Dispute Resolution Policy panel handed down its decision and it was good news for EasyDNS, the sites in question, plus any others that may face future domain seizures that are not backed by court orders.

“Although there are compelling reasons why the request from a recognized law enforcement agency such as the City of London Police should be honored, the Transfer Policy is unambiguous in requiring a court order before a Registrar of Record may deny a request to transfer a domain name,” the panel wrote in its decision.

“To permit a registrar of record to withhold the transfer of a domain based on the suspicion of a law enforcement agency, without the intervention of a judicial body, opens the possibility for abuse by agencies far less reputable than the City of London Police.”

Concluding, the panel found that PDR Ltd had violated the policy on domain transfers and ordered the registrar to transfer emp3world.com, full-albums.net and maxalbums.com to EasyDNS.

“This is a big victory for all domain holders because it upholds their right to ‘vote with their feet’ in response to unreasonable takedown of their domain names,” EasyDNS CEO Mark Jeftovic tells TorrentFreak.

“We expect all modern democracies to accord a legal process against parties accused of something, something that has been conspicuous in its absence from the London Police requests, which encouraged registrars to summarily shutdown domain names and then go so far as to hijack their traffic to competing interests.”

The question now is whether the police or the BPI / FACT will choose to step away from domain seizures or try a fresh approach with the backing of the courts.

Source: TorrentFreak, for the latest info on copyright, file-sharing and VPN services.

Krebs on Security: Spam-Friendly Registrar ‘Dynamic Dolphin’ Shuttered

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

The organization that oversees the Internet domain name registration industry last week revoked the charter of Dynamic Dolphin, a registrar that has long been closely associated with spam and cybercrime.

Scott Richter. Image: 4law.co.il

Scott Richter. Image: 4law.co.il

The move came almost five years after this reporter asked the Internet Corporation for Assigned Names and Numbers (ICANN) to investigate whether the man at the helm of this registrar was none other than Scottie Richter, an avowed spammer who has settled multi-million-dollar spam lawsuits with Facebook, Microsoft and MySpace over the past decade.

According to the contracts that ICANN requires all registrars to sign, registrars may not have anyone as an officer of the company who has been convicted of a criminal offense involving financial activities. While Richter’s spam offenses all involve civil matters, this reporter discovered several years ago that Richter had actually pleaded guilty in 2003 to a felony grand larceny charge.

Richter’s felony rap was detailed in a January 2004 story in the now-defunct Rocky Mountain News; a cached copy of that story is here. It explains that Denver police were investigating a suspected fencing operation involving the purchase and sale of stolen goods by Richter and his associates. Richter, then 32, was busted for conspiring to deal in stolen goods, including a Bobcat, a generator, laptop computers, cigarettes and tools. He later pleaded guilty to one count of grand larceny, and was ordered to pay nearly $38,000 in restitution to cover costs linked to the case.

After reading this story, I registered with the Colorado state courts Website and purchased a copy of the court record detailing Richter’s conviction — available at this link (PDF) — and shared it with ICANN. I also filed an official request with ICANN (PDF) to determine whether Richter was in fact listed as a principal in Dynamic Dolphin. ICANN responded in 2008 that it wasn’t clear whether he was in fact listed as an officer of the company.

But in a ruling issued last week, ICANN said that analysis changed after it had an opportunity to review information regarding Dynamic Dolphin’s voting shares.

“Prior to this review, ICANN had no knowledge that Scott Richter was the 100% beneficial owner of Dynamic Dolphin,” ICANN wrote. “In light of this review, ICANN initiates a review of the application for accreditation from 2011. Based on Section II. B. of the Statement of Registrar Accreditation Policy, Dynamic Dolphin did not disclose in its application for accreditation that Scott Richter was the 100% beneficial owner of Dynamic Dolphin or that Scott Richter was convicted in 2003 for a felony relating to financial activities.”

ICANN has ordered that Dynamic Dolphin be stripped of its accreditation as a registrar, and that all domains registered with Dynamic Dolphin be transferred to another registrar within 28 days. Neither Richter nor a representative for Dynamic Dolphin could be immediately reached for comment.

ICANN’s action is long overdue. Writing for The Washington Post in May 2008, this author called attention to statistics gathered by anti-spam outfit Knujon (“NOJUNK” spelled backwards), which found that more than three quarters of all Web sites advertised through spam at the time were clustered at just 10 domain name registrars. Near the top of that list was Dynamic Dolphin, a registrar owned by an entity called CPA Empire, which in turn is owned by Media Breakaway LLC – Richter’s company. Another story published around that same time by The Washington Post showed that Media Breakaway was behind the wholesale hijacking of some 65,586 Internet addresses from a San Francisco, Calif. organization that was among the early pioneers of the Internet.

dyndInterestingly, this is the second time that ICANN has acted in response to information presented by this author regarding convicted criminals running domain registrars in violation of ICANN’s rules. Three months after I wrote that story for The Post about Media Breakaway, I penned a column highlighting the massive amount of fraudulent and malicious sites being registered through an infamous Estonian domain registrar known as EstDomains. In that story, I pointed out that the company’s principal, a then-27-year-old Estonian man named Vladimir Tsastsin, had recently been convicted in his native country of credit card fraud, money laundering, and forgery.

ICANN ultimately decided that Tsastsin’s criminal convictions meant that EstDomains had violated ICANN’s registrar agreement, and stripped EstDomains of its power to register new domains. Tsastsin would later be indicted and arrested for his role in the development of the massive DNSChanger botnet, a global malware contagion that infected more than four million computers worldwide.

For a hilarious interview with spammer high-volume email deployer Scottie Richter, check out this 2004 segment from Comedy’s Central’s Daily Show.

TorrentFreak: Registrars Clash at Verisign Over Seized “Pirate” Site Domains

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

easydnsEarly October City of London Police approached several domain registrars, demanding that they suspend the domains of various torrent and other file-sharing sites.

Although there appeared to be no legal basis for the requests, India-based registrar PublicDomainRegistry (PDR) was quick to suspend several domains, including those belonging to Extratorrent.com and SumoTorrent.com, some of the largest torrent indexes on the web today.

The Canadian company easyDNS responded very differently. The company is outraged by the seemingly unsubstantiated police threats and has refused to take action, arguing that the police request has no legal basis.

EasyDNS’s approach was welcomed by the operators of several torrent sites, and motivated the owner of three domains to transfer his suspended domains from PDR to easyDNS. However, this was easier said than done, as the Indian registrar is refusing to transfer the domains out without the blessing of City of London Police.

After inquiries from easyDNS and the domain owner PDR did restore the original nameservers, but the domain names in question remain locked.

According to easyDNS this refusal to transfer the domains goes against the policy of domain regulation body ICANN, and this week the Canadian company took action against PDR.

EasyDNS filed a Request For Enforcement (RFE) with Verisign, the registry responsible for .COM/.NET domains. Through this enforcement request easyDNS hopes that PDR can be compelled to transfer-out three domains, as ICANN’s Tranfers Dispute Resolution Policy prescribes.

In a blog post easyDNS CEO Mark Jeftovic voices his disbelief over PDR’s stubborn refusal to cooperate.

“It’s hard to understand why they are taking their marching orders directly from the UK Police, given the stated aims of the London Police ICPU (to shut down the domains of websites they have summarily declared to be criminal) it’s not likely that they will admit the truth of the matter,” Jeftovic notes.

“In other words, the London Police are not going to come back and tell them: ‘Since we don’t have a court order, we guess you have to let those domains transfer away to some other registrar who has a better understanding of the utter lack of legal basis behind these takedowns than you do’,” he adds.

Instead of waiting for a green light from the City of London Police, Jeftovic believes PDR should comply with the rules and regulations of ICANN as all other domain name registrars do.

“They should not be waiting for the London Police to articulate this, what they should be doing is reading up on the ICANN Inter-Registrar Transfers Policy, since they are actually bound by their Registrar Accreditation Agreement (RAA) to abide by it,” Jeftovic says.

TorrentFreak contacted the apparent operator of the three domain names in question but we are yet to receive a response.

The City of London Police crackdown has had minimal impact thus far, as all affected sites we are aware of have continued their operations under new domain names.

Source: Registrars Clash at Verisign Over Seized “Pirate” Site Domains

TorrentFreak: Seized Torrent Domains Must Be Released Says Domain Registrar

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

Earlier this week it became apparent that City of London Police had approached certain domain registrars with demands that they should suspend the domains of various torrent and other file-sharing sites. Among them were ExtraTorrent and SumoTorrent, some of the largest indexes on the web today.

There appeared to be no legal basis for the requests, something which outraged Canada-based EasyDNS who refused to comply with a suspension request for meta-search engine TorrentPond.com

To get the lowdown on the latest developments and in order to be absolutely sure that there is no formal legal process underway, TorrentFreak spoke with City of London Police. They told us that in the summer they began a campaign to target websites “that attract visitors by providing unauthorised access to copyrighted content for criminal gain” and that the project is now in new hands.

“In September the project was taken on by the City of London Police’s new Police Intellectual Property Crime Unit [PIPCU], which has been set up to target serious and organized intellectual property crime affecting physical and digital goods, with a specific focus on offences committed online,” a spokesman confirmed.

“The latest stage of Operation Creative, as it is now known, involves contacting registrars whose website domains have been identified as involved in facilitating criminal copyright infringement under UK law and as result are potentially breaching the terms and conditions of the registrars. PIPCU are then requesting the registrars adhere to their terms and conditions and take consideration to suspending the supplied domain.”

So, while the police are stating that the domain registrars are involved in facilitating a crime, there is no formal legal process which establishes either that or whether the torrent and other file-sharing sites involved are actually illegal under UK law.

Given the status of The Pirate Bay and sites like KickassTorrents in the UK it’s certainly possible they are, but none of the sites are based in the UK.

Legal certainty would of course be of some comfort to registrars trying to decide the best course of action in these cases. However, for PDR Ltd, the company we yesterday revealed as suspending the domains of ExtraTorrent and three other MP3 sites, no such reassurance was needed.

So far PDR Ltd have failed to respond to our requests for comment, but according to Mark Jeftovic of EasyDNS, they may now need to think again.

“Any of those registrars that actually complied with the UK requests to bring down the torrent domains *must* allow those domains to simply transfer out, or they themselves will be in violation of the ICANN transfers policy,” Jeftovic told TorrentFreak this morning.

The problem is that the suspended domains are effectively seized and out of the control of their owners. This, Jeftovic notes, leaves the registrar exposed to the wrath of ICANN.

“Since there were no charges against any of the domains and no court orders, it may be at the registrars’ discretion to play ball with these ridiculous demands. However – what they clearly cannot do now, is prevent any of those domain holders from simply transferring out their names to more clueful, less wimpy registrars,” Jeftovic explains.

“If any of those registrars denied the ability to do that, then they would be in clear violation of the ICANN Inter-Registrars Transfer Policy.”

According to that policy, registrars can only take a domain when it was paid for fraudulently or is the subject of a “court order by a court of competent jurisdiction.” As already established, one of those doesn’t exist.

This means that domain owners who refuse a transferral of a domain to a new registrar will open themselves up to further action under ICANN’s Transfer Dispute Resolution Policy, a battle Jeftovic predicts they will lose.

“This is why it is never a good idea to just react to pressure in the face of obnoxious bluster – in the very act of trying to diffuse any perceived culpability you end up opening yourself to real liability,” the EasyDNS CEO concludes.

Source: Seized Torrent Domains Must Be Released Says Domain Registrar

TorrentFreak: UK Police Orders Registrars to Suspend Domains of Major Torrent Sites

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

city of london policeEarlier this year UK police began working with rightsholders on a campaign to shut down file-sharing sites. Many site operators received warnings that their activities were breaching copyright law as well as the UK’s Serious Crime Act.

The actions yielded some success as a few smaller sites closed their doors. However, the major targets were unfazed by the police demands and continued business as usual.

This week the newly founded Intellectual Property Crime Unit (PIPCU) of the City of London Police stepped up its efforts and instead of targeting the site owners, they contacted their domain registrars. In a carefully worded letter the police warn that the sites in question may be copyright-infringing.

“The owners of the aforementioned domains are suspected to be involved in the criminal distribution of copyrighted material either directly or indirectly and are liable to prosecution under UK law for the following offences: Conspiracy to Defraud, Offences under the Fraud Act 2006, Copyright, Design & Patents Act 1988,” the letter states.

“Should a conviction be brought for the above offences, UK courts may impose sentences of imprisonment and/or fines. PIPCU has criminal and civil powers in UK law to seize money, belongings and any property in connection with these offences.”

grounds

There is no reference to an active court order that requires the registrar to take action, but the police unit instead points at the obligations the registrars have. Among other things, the letter lists a possible breach of ICANN policy and a violation of the registrars’ own Terms of Services as a validation for the suspension.

The letters were sent to the registrars of dozens of domain names and the fallout is already visible. TorrentFreak spoke to the owner of SumoTorrent.com who confirmed that his domain was suspended yesterday. The site quickly moved to SumoTorrent.sx, but lost a lot of traffic in the process.

MisterTorrent.me was also suspended after the registrar received the police letter, and ExtraTorrent’s .com domain presumably suffered that same fate.

With millions of visitors a day ExtraTorrent is the biggest casualty so far. TorrentFreak talked to the operator who couldn’t yet confirm that City of London Police are behind the suspension, but this seems very likely. For now the site has moved to ExtraTorrent.cc which is still operational.

Not all domain name registrars are blindly complying with the demands of the Intellectual Property Crime Unit. Canada-based easyDNS is refusing to suspend TorrentPond’s domain, describing the police request as overbroad and unfounded as there is no hint of due process.

“Who decides what is illegal? What makes somebody a criminal? Given that the subtext of the request contains a threat to refer the matter to ICANN if we don’t play along, this is a non-trivial question,” easyDNS’ CEO Mark Jeftovic responds.

“Correct me if I’m wrong, but I always thought it was something that gets decided in a court of law, as opposed to ‘some guy on the internet’ sending emails. While that’s plenty reason enough for some registrars to take down domain names, it doesn’t fly here,” he adds.

It’s unclear how many sites were targeted by the police letter but it’s not unlikely that more registrars will take action during the hours to come. The police letter recommends the registrars to act within 48 hours and asks the companies to “consider their liability.”

“Suspension of the domain(s) is intended to prevent further crime. Where possible we request that domain suspension(s) are made within 48 hours of receipt of this Alert. In respect of the information provided by us, we respectfully ask you to consider your liability and the wider public interest should those services be allowed to continue,” the letter states.

In addition, the registrars are being asked to effectively send the traffic of the torrent sites to a landing page with the City of London Police logo, as well as the logos of their entertainment industry partners. Again, all without citing a court order or specific legal mandate.

“We request that the aforementioned domain(s) are redirected to the PIPCU Warning Page located at IP address: 83.138.166.114,” the letter notes.

TorrentFreak asked the City of London Police for the comment on their latest actions but we have not heard back from them. It’s clear, however, that the cooperation between the entertainment industry and UK law enforcement is serious.

Whether the impact will be lasting has yet to be seen.

Update: The emails were sent to registrars of other “pirate” sites as well, including emp3world.com, full-albums.net and maxalbums.com. We will update this article when more information comes in.

Update: ExtraTorrent confirms that their domain troubles are related to the same issue.

“Our registrar and with no court order or due process got scared of the London Police email and did suspend the domain. We are communicating with the registrar to find a logical solution to this chaos,” TorrentFreak was told.

city-police

Source: UK Police Orders Registrars to Suspend Domains of Major Torrent Sites

Schneier on Security: WhoIs Privacy and Proxy Service Abuse

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

ICANN has a draft study that looks at abuse of the Whois database.

This study, conducted by the National Physical Laboratory (NPL) in the United Kingdom, analyzes gTLD domain names to measure whether the percentage of privacy/proxy use among domains engaged in illegal or harmful Internet activities is significantly greater than among domain names used for lawful Internet activities. Furthermore, this study compares these privacy/proxy percentages to other methods used to obscure identity ­ notably, Whois phone numbers that are invalid.

Richard Clayton, the primary author of the report, has a blog post:

However, it’s more interesting to ask whether this percentage is somewhat higher than the usage of privacy or proxy services for entirely lawful and harmless Internet activities? This turned out NOT to be the case ­ for example banks use privacy and proxy services almost as often as the registrants of domains used in the hosting of child sexual abuse images; and the registrants of domains used to host (legal) adult pornography use privacy and proxy services more often than most (but not all) of the different types of malicious activity that we studied.

Richard has been telling me about this work for a while. It’s nice to see it finally published.

Krebs on Security: WHOIS Privacy Plan Draws Fire

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Internet regulators are pushing a controversial plan to restrict public access to WHOIS Web site registration records. Proponents of the proposal say it would improve the accuracy of WHOIS data and better protect the privacy of people who register domain names. Critics argue that such a shift would be unworkable and make it more difficult to combat phishers, spammers and scammers.

ardsA working group within The Internet Corporation for Assigned Names and Numbers (ICANN), the organization that oversees the Internet’s domain name system, has proposed scrapping the current WHOIS system — which is inconsistently managed by hundreds of domain registrars and allows anyone to query Web site registration records. To replace the current system, the group proposes creating a more centralized WHOIS lookup system that is closed by default.

According to an interim report (PDF) by the ICANN working group, the WHOIS data would be accessible only to “authenticated requestors that are held accountable for appropriate use” of the information.

“After working through a broad array of use cases, and the myriad of issues they raised, [ICANN's working group] concluded that today’s WHOIS model—giving every user the same anonymous public access to (too often inaccurate) registration data—should be abandoned,” ICANN’s “expert working group” wrote. The group said it “recognizes the need for accuracy, along with the need to protect the privacy of those registrants who may require heightened protections of their personal information.”

The working group’s current plan envisions creating what it calls an “aggregated registration directory service” (ARDS) to serve as a clearinghouse that contains a non-authoritative copy of all of the collected data elements. The registrars and registries that operate the hundreds of different generic top-level domains (gTLDs, like dot-biz, dot-name, e.g.) would be responsible for maintaining the authoritative sources of WHOIS data for domains in their gTLDs. Those who wish to query WHOIS domain registration data from the system would have to apply for access credentials to the ARDS, which would be responsible for handling data accuracy complaints, auditing access to the system to minimize abuse, and managing the licensing arrangement for access to the WHOIS data.

The plan acknowledges that creating a “one-stop shop” for registration data also might well paint a giant target on the group for hackers, but it holds that such a system would nevertheless allow for greater accountability for validating registration data.

Unsurprisingly, the interim proposal has met with a swell of opposition from some security and technology experts who worry about the plan’s potential for harm to consumers and cybercrime investigators.

“Internet users (individuals, businesses, law enforcement, governments, journalists and others) should not be subject to barriers – including prior authorization, disclosure obligations, payment of fees, etc. – in order to gain access to information about who operates a website, with the exception of legitimate privacy protection services,” reads a letter (PDF) jointly submitted to ICANN last month by G2 Web Services, OpSec Security, LegitScript and DomainTools.

“Internet users have the right to know who is operating a website they are visiting (or, the fact that it is registered anonymously),” the letter continues. “Today, individuals review full WHOIS records and, based on any one of the fields, identify and report fraud and other abusive behaviors; journalists and academics use WHOIS data to conduct research and expose miscreant behavior; and parents use WHOIS data to better understand who they (or their children) are dealing with online. These and other uses improve the security and stability of the Internet and should be encouraged not burdened by barriers of a closed by default system.”

Other public comments submitted so far reflect angst over the geopolitical ramifications of the proposed changes. For example, Afnic, which is the registry for the domain names in the geographical area of France (.fr) among others, notes that the ARDS would have to be legally established in at least one country, and its technical infrastructure would also have to be under at least one jurisdiction.

“We are concerned that the ARDS would use ‘one size fits all’ rules to assess request validity. With approximately 1500 TLDs in the root several of them will be highly local, and should not be subject to the same rules as .com or .net in terms of which Law Enforcement Agencies can request access to data,” wrote Afnic’s Pierre Bonis. “Should Chinese LEAs be granted access to private data for .berlin domain names for instance? We believe this issue is insufficiently taken into account so far.”

The Center for Democracy & Technology (CDT), a nonprofit policy think tank based in Washington, D.C., maintains that the current system is broken and raises serious privacy and free expression concerns by revealing sensitive information to the public.

“According to the OECD’s privacy guidelines, personal data should be relevant to its intended purpose and should be protected from unreasonable or unauthorized disclosure,” CDT wrote in its official comments (PDF) on the proposal. “The WHOIS system needlessly exposes registrants’ sensitive data to anonymous queries, granting easy access to malicious users.”

CDT has proposed a hybrid system that would allow individual, noncommercial registrants to choose to keep their sensitive information private, but maintain public access to commercial Web site registration information. CDT said it favors an approach similar to that adopted by Nominet — the registrar that handles the dot-uk gTLD.

“This policy properly balances the interests and obligations of commercial and non-commercial entities in the internet ecosystem: entities offering services or engaged in trade should necessarily disclose more contact information as part of WHOIS, such that the public can access details needed for commercial and legal activities,” the CDT argues. “Nominet also employs a simple but clever method of dealing with those that abuse this distinction: if Nominet determines that a commercial entity has improperly self-identified as an individual, they can change the setting on that registry entry such that more detailed commercial-entity contact information is publicly shared through WHOIS.”

Garth Bruen, principal investigator at Knujon (“no junk” spelled backwards) and a longtime, vocal critic of ICANN’s lack of progress on WHOIS data accuracy, said the working group’s interim recommendations are about burying — not fixing — the WHOIS problem.

“For 14 years now, ICANN has been criticized for not dealing with this issue directly, and now they want to bury WHOIS records behind a wall so that nobody can criticize them anymore,” Bruen said. “The offering of tiered access with higher access for law enforcement and security operations should not be seen as some kind of positive development, it is actually a red herring. Law enforcement already has superior access to registrant data, they always did. WHOIS is about ordinary Internet users being able to find out who owns a domain name. The consumer is ultimately being frozen out, now having to go to the police or some for-pay security service to get information about a domain name.”

As a journalist and cybercrime researcher, I tend to side with those who favor maintaining the status quo on WHOIS records. As the numerous stories in my Breadcrumbs series make clear, WHOIS records are extremely useful for finding and exposing fraudsters and cybercrooks. Even when spammers or scammers quite obviously put false identity and address information into WHOIS records, they still very often leave behind clues that can be used to draw important connections and correlations, such as the re-use of the same email address or phony phone number. Also, WHOIS records are extremely important means of reaching Web site owners whose sites are infected and being used to spread malicious software.

Finally, the working group’s interim report leaves open in my mind the question of how exactly the ARDS would achieve more accurate and complete WHOIS records. Current accreditation agreements that registrars/registries must sign with ICANN already require the registrars/registries to validate WHOIS data and to correct inaccurate records, but these contracts have long been shown to be ineffective at producing much more accurate records.

Dozens of comments on ICANN’s plan have been posted here and here. What do you think about it? Sound off in the comments below.

SANS Internet Storm Center, InfoCON: green: ICANN Blog: How to Report a DDoS Attack? A worthwhile read: http://blog.icann.org/2013/04/how-to-report-a-ddos-attack/, (Thu, Apr 25th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

SANS Internet Storm Center, InfoCON: green: ICANN "Reveal Day" Lists new TLD Applications, (Wed, Jun 13th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

As announced before, ICANN today published a list of all new TLDs organizations applied for [1]. Applications had to be submitted by May 30th. Being included in the list does not yet imply that these TLDs will actually be approved and created. This is just another stop in the lengthy process. I counted 1930 new top level domain, which I think is a manageable number. Many of the TLDs use foreign character sets. For example companies like Volkswagen apply for their brand name in chinese (大众汽车). Some other interesting proposals I spotted:
.search : Multiple applicants (Amazon is the company that sticks out among them). and .secure has two applications, one from Amazon and one from Artemis Internet. Google, using a company namedCharleston Road Registry applied for 101 different TLDs and is the top bidder, Followed by Amazon EU (76) and Top Level Domain Holdings (70). The most contested TLDs are APP (13 applications), INC (11), Home (11) and ART (10).
There is some criticism that ICANN not only published the TLD and the name of the applicants company, but also full contact details including e-mail addresses.

[1]http://newgtlds.icann.org/en/program-status/application-results/strings-1200utc-13jun12-en
——

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

TorrentFreak: .Pirate Domains Now Available Through OpenNic

This post was syndicated from: TorrentFreak and was written by: Ben Jones. Original post: at TorrentFreak

Despite the best efforts of Dutch lobby groups, and American entertainment cartels, the internet is a place where barriers don’t stay barriers for long.

Throw a roadblock out and a new route is recalculated. So it is with DNS. Add blocks in the ICANN systems, and people work their way around them.

The most common way until now has been a browser plugin, like MAFIAAFire, but alternate DNS systems are starting to become more popular. One of those, OpenNIC, is looking to capitalise on that with its new .pirate TLD (top level domain).

Registration takes just minutes, and then your new .pirate domain will be accessible by anyone using one of OpenNIC’s many DNS servers. That’s the big drawback at present.

However, the OpenNIC project is not just limited to .pirate (or dotPirate, as they’ve called it). They also have .geek, .oss (as in open source software) and .parody, among others.

The man behind the dotPirate project is Travis McCrea, Deputy Leader of the Canadian Pirate Party.

“While the world gets smaller and more connected through advancements of the Internet and web technology, every day our ability to have a free flow of information becomes more and more threatened by countries who wish to censor and control the communication platform which brings us all together,” McCrea told TorrentFreak.

“This is something that we cannot let happen, and why the dotPirate Foundation, … is proud to announce the launch of the new Top Level Domain (TLD) .pirate on the OpenNIC root system.”

To prevent abuse, some of the more popular domains have already been reserved (including torrentfreak.pirate and thepiratebay.pirate). As an extra bonus, people using blockaid.me for their DNS will already be able to access .pirate domains – they added support for OpenNIC over the weekend.

For those using OpenDNS, the provider announced a new service for Windows users last week. DNSCrypt, previously only available for Mac OSX and Linux, is a technology that encrypts all DNS traffic between an Internet user and the OpenDNS service. It can be downloaded here.

.Pirate domains can be registered for free at dotpirate.me.

Source: .Pirate Domains Now Available Through OpenNic

flattr this!

Krebs on Security: Half of All ‘Rogue’ Pharmacies at Two Registrars

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Half of all “rogue” online pharmacies — sites that sell prescription drugs without requiring a prescription — got their Web site names from just two domain name registrars, a study released today found. The findings illustrate the challenges facing Internet policymakers in an industry that is largely self-regulated and rewards companies who market their services as safe havens for shadowy businesses.

Source: LegitScript

There are about 450 accredited domain name registrars worldwide, but at least one-third of all active rogue pharmacy sites are registered at Internet.bs, a relatively small registrar that purports to operate out of the Bahamas and aggressively markets itself as an “offshore” registrar. That’s according to LegitScript, a verification and monitoring service for online pharmacies.

LegitScript President John Horton said the company began to suspect that Internet.bs was courting the rogue pharmacy business when it became clear that the registrar has only two-tenths of one percent of the market share for new Web site name registrations. In a report (PDF) being released today, LegitScript said that a separate analysis of more than 9,000 “not recommended” pharmacies compiled by the National Association of Boards of Pharmacy suggested that Internet.bs is sponsoring nearly 44 percent of the Internet’s dodgy pill shops.

Asked whether he was concerned about allegations that his firm was targeting an industry that seeks out registrars who turn a blind eye to questionable businesses, Internet.bs President Marco Rinaudo replied that, on the contrary, LegitScript’s report was bound to be “excellent advertising for our company.”

Reached via phone at his home in Panama, Rinaudo said he was under no obligation to police whether his customers’ business may be in violation of some other nation’s laws, absent clear and convincing evidence that his registrants were operating illegally from their own country.

“Even though I understand they could bother some pharmacy lobby, if an industry likes us, what’s the problem with an online pharmacy, as long as they are operating legally from their own country?” Rinaudo asked. “We cannot accept pressure to shut down a legitimate business just because it is not pleasing to some political lobbying group. We and I personally make sure that all the domains that are in breach of an applicable law and for which we receive a complete report, will be acted on the same day.”

LegitScript’s Horton said his organization conducted a series of undercover operations in which they posed as pharmacy affiliate programs that were seeking registration for domains representing pharmacies that had previously been shut down by U.S. regulators for marketing addictive and controlled substances, such as Oxycodone, Phentermine and Vicodin.

According to LegitScript, Internet.bs replied that it had “never ever shut down a pharmacy domain based on a request coming from outside our jurisdiction and we have never ever received a request coming from insider our jurisdiction to do so.”

Responding to an email from LegitScript’s investigators, Internet.bs’s Helen Templeton wrote that the company routinely ignores such requests.  “As a matter of fact we have ignored LegitScript requests because we consider that something that is illegal under the laws of the USA, is not necessarily illegal outside the USA and unless it is demonstrated that your website are illegal from where you are conducting business, we do not interfere with your business. We are the registrar of many thousand of pharmacy domains and we fight for you all to protect you interest as if you are happy, we are happy!”

Horton said that if ICANN — the entity that oversees the domain registration industry – does not step up to firmly deal with cybercrime-friendly registrars in their midst, it is inevitable that government authorities will seek to do so.

“If jurisdictional constraints make that difficult, governments will inexorably seek expanded authority and new tools,” he said. “If the Internet community hopes to prevent that, it must insist that ICANN enforce its existing code of conduct against registrars, like Internet.bs, who willingly serve as platforms for cybercrime.”

For his part, Rinaudo said that if someone presents him with evidence that his registrants are violating the laws in their own countries, he will gladly confront the customers and suspend the domains if necessary. But he said the terms of his registrar agreement preclude him from canceling customer domains without a court order.

“I have no grounds to stop some pharmacy site from operating without breaching the ICANN registrar agreement,” Rinaudo said. “ICANN is telling me, ‘Marco, you can suspend a domain only if you receive an order from a competent court or if you have a UDRP decision.’ We don’t care about FDA regulators, pharmacy regulators, food regulators or whoever. We have to organize our business to support our clients, including pharmacies and those subject to unjustified pressure. We’re not going to close these businesses or change our policy.”

The other registrar named in the LegitScript report as rogue was ABSystems (doing business as yournamemonkey.com). According to the report, ABSystems “appears to exist for the sole purpose of providing domain name registrations for a rogue Internet pharmacy network.” The company’s domain registration system is not open to the public, and several antivirus companies current block users from visiting the site.

Anti-spam and registrar watchdog Knujon (“nojunk” spelled backwards) also released a report (PDF) on rogue Internet pharmacies today, calling attention to Internet.bs, AB Systems and a host of other registrars with large volumes of pharma sites.

The reports are being released as ICANN is set to kick off a public meeting in Costa Rica this week. ICANN did not respond to requests for comment.

Garth Bruen, Knujon’s co-founder, said ICANN has fairly limited options for dealing with registrars that cater to rogue pharmacies. Bruen said that in most cases in which ICANN has suspended or terminated a registrar’s contract, it is because the registrar failed to provide open access to WHOIS registration data, or failed to take steps to verify the legitimacy of that data.

Such enforcement actions sometimes do impact registrars that specialize in catering to rogue online pharmacies. On Feb. 16, 2012, ICANN announced (PDF) it was suspending the charter for Alantron, a registrar that has a history of association with pill and spam gangs.

In 2010, KrebsOnSecurity.com was viciously attacked by an organized cyber crime gang known for aggressively pushing male enhancement drugs and other knockoff pharmaceuticals. In that attack, Internet addresses belonging to Microsoft had been used to route traffic to more than 1,000 fraudulent pharmacy Web sites maintained by a notorious group of Russian criminals responsible for promoting Canadian Health&Care Mall pill sites. A follow-up investigation found that all of those pharma domains were being controlled using DNS services from Alantron.

ICANN suspended Alantron’s charter not because it was friendly with pharmacy spammers, but because it had repeatedly failed to provide public access to its WHOIS registration records.

SANS Internet Storm Center, InfoCON: green: New Generic Top-Level Domains (gTLDs) out for Sale, (Fri, Jan 13th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

Yesterday ICANN started accepting applications for new generic top-level domains (gTLDs). The world of .com, .gov, .org and 19 other gTLDs will soon be expanded to include all types of words in many different languages. For the first time generic TLDs can include words in non-Latin languages, such as Cyrillic, Chinese or Arabic. [1]
Last month, the US Federal Trade Commission indicated it has concerns with this change, they are concerned that consumer protection safeguard against bad actors that could lead to potential risk of abuse through existing scams such as phishing sites. [2]
Do you see these changes have a potential for concern and abuse or just business as usual?
[1] http://www.icann.org/en/announcements/announcement-11jan12-en.htm

[2] http://www.ftc.gov/os/closings/publicltrs/111216letter-to-icann.pdf

[3] http://newgtlds.icann.org/en/

———–
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

TorrentFreak: The Privatization of Copyright Lawmaking

This post was syndicated from: TorrentFreak and was written by: Jason Mazzone. Original post: at TorrentFreak

Yet because copyright law is public law—enacted by Congress, enforced where appropriate by the President, and interpreted and applied by the courts—there is plenty of opportunity to monitor the effects of the law and to debate the ways in which it should be reformed.

Increasingly, however, copyright law is being privatized. Its meaning and application are determined not by governmental actors but by private parties, and in particular by deep-pocketed copyright owners. Increasingly, the balance between private rights and public interests is set by private lawmaking.

copyfraudMy new book, Copyfraud and Other Abuses of Intellectual Property Law, shows how copyright owners, unhappy with the scope of protections that Congress has given them, routinely grab more rights than they are entitled to under the law. They do this at the expense of consumers and of the public at large.

One example is the widespread use of contractual provisions that enhance the rights of copyright owners. Many works, especially works delivered in digital form, are made available only to people who agree to give to the provider broader rights of ownership than copyright law itself actually confers.

For instance, the Copyright Act protects the right of fair use but in contracts accompanying digital works consumers waive the right to make any use of the work without the copyright owner’s permission. Copyright law permits consumers to give, lend, or sell their copy of a work after they are done using it. However, terms of use imposed by the supplier prohibit any transfer at all.

While copyright law permits reverse engineering of software to develop interoperable products, contractual terms imposed upon the customer prohibit all reverse engineering. Some contracts even require the customer to agree not to contest the content provider’s claim of copyright ownership, raising the possibility that works that are not even protected by copyright are subject to limitations that mirror those available for works that truly are copyrighted.

Beyond altering the content of copyright law, private individuals and entities also play an increasing role in law enforcement. The MPAA supplies investigators to police departments to determine whether DVDs are pirated. Customs agents routinely defer to information supplied by copyright owners in seizing and destroying imported goods. VeriSign, the manager of .com Internet addresses has asked ICANN for permission to shut down domain names when asked to do so by law enforcement without the need for any sort of judicial review.

Recently, White House officials, including Copyright Czar Victoria Espinel, were involved in negotiations between the recording and movie industries and ISPs to interrupt Internet access for users suspected of violating copyright law. These negotiations, which take the form of private agreements between content providers and ISPs, have vast implications for consumers.

The traditional role of courts in determining whether infringement has occurred and punishment should be imposed is also increasingly privatized. Thousands of people targeted by the RIAA for file sharing have paid out penalties not because a court has found infringement but because it has seemed easier just to settle the dispute over the telephone with a credit card number. When this happens, the strength of the copyright owner’s case is never tested.

The Stop Online Piracy Act (SOPA), the companion bill to the Senate’s PROTECT IP Act, would further privatize adjudication and punishment. Title I of that law (dubbed the E-PARASITE Act) creates a “market-based system to protect U.S. customers and prevent U.S. funding of sites dedicated to theft of U.S. property.” It achieves this by empowering copyright owners who have a “good faith belief” that they are being “harmed by the activities” of a website to send a notice to the site’s payment providers (e.g. PayPal) and Internet advertisers to end business with the allegedly offending site.

The payment providers and advertisers that receive the notice must stop transactions with the site. No judicial review is required for the notice to be sent and for the payments and advertising curtailed—only the good faith representation of the copyright owner. Damages are also not available to the site owner unless a claimant “knowingly materially” misrepresented that the law covers the targeted site, a difficult legal test to meet. The owner of the site can issue a counter-notice to restore payment processing and advertising but services need not comply with the counter-notice.

There is also a catch: a site owner who issues a counter-notice automatically consents to being sued in U.S. courts (a strong disincentive for sites based abroad). With few checks at all, SOPA gives copyright owners a sharp tool to disrupt and shut down websites. Based on their past conduct, there is no reason to think that copyright owners will use this tool with any measure of restraint.

Copyright law that is made by private parties evades constitutional constraints that apply to actions undertaken by the government. For example, the Supreme Court has suggested that protections for fair use of copyrighted works may be constitutionally required; if Congress were to suddenly abolish fair use by statute, the change would be immediately challenged as violating the First Amendment. Fair use extinguished through private contract, however, is not easily subjected to constitutional scrutiny.

Likewise, when government agencies conduct investigations, Fourth Amendment limitations on searches and seizures and warrant requirements apply. MPAA–run investigations, by contrast, proceed free from these constitutional restrictions. So, too, before courts may impose fines for infringement or order websites shut down, there must be notice, a hearing, and other procedural requirements that comport with due process. Private adjudication and punishment proceed without any of these protections.

The biggest misperception about SOPA is that it is somehow unprecedented or extraordinary. It is not. SOPA represents just the latest example of copyright law defined and controlled not by the government but by private entities. Copyright owners will deploy SOPA in the same way they have behaved in the past: to extend out their rights. They will disrupt sites that do not infringe a copyright, interfere with fair uses of copyrighted works, and take other steps that evade the limits that the Copyright Act sets on a copyright owner’s actual rights.

Much of what will happen under SOPA will occur out of the public eye and without the possibility of holding anyone accountable. For when copyright law is made and enforced privately, it is hard for the public to know the shape that the law takes and harder still to complain about its operation.

Jason Mazzone is a law professor at Brooklyn Law School and the author of the new book, Copyfraud and Other Abuses of Intellectual Property Law (Stanford University Press, 2011). The website for the book is www.copyfraud.com.

Source: The Privatization of Copyright Lawmaking

flattr this!

Krebs on Security: ‘Biggest Cybercriminal Takedown in History’

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

The proprietors of shadowy online businesses that have become synonymous with cybercrime in recent years were arrested in their native Estonia on Tuesday and charged with running a sophisticated click fraud scheme that infected with malware more than four million computers in over 100 countries — including an estimated 500,000 PCs in the United States. The law enforcement action, dubbed “Operation Ghost Click,” was the result  of a multi-year investigation, and is being called the “biggest cybercriminal takedown in history.”

Vladimir Tsastsin, in undated photo.

Estonian authorities arrested six men, including Vladimir Tsastsin, 31, the owner of several Internet companies that have been closely associated with the malware community for many years. Tsastsin previously headed EstDomains Inc. a domain name registrar that handled the registrations for tens of thousands of domains associated with the far-flung Russian Business Network.

Reporting for The Washington Post in September 2008, I detailed how Tsastsin’s prior convictions in Estonia for credit card fraud, money laundering and forgery violated the registrar agreement set forth by the Internet Corporation for Assigned Names and Numbers (ICANN), which bars convicted felons from serving as officers of a registrar. ICANN later agreed, and revoked EstDomains’ ability to act as a domain registrar, citing Tsastsin’s criminal history.

Also arrested were Timur Gerassimenko, 31; Dmitri Jegorov, 33; Valeri Aleksejev, 31; Konstantin Poltev, 28 (quoted in the above-linked stories as the spokesperson for EstDomains); and Anton Ivanvov, 26. All six men were arrested and taken into custody this week by the Estonian Police and Border Guard. A seventh defendant, a 31-year-old Russian national named Andrey Taame, is still at large.

Source: FBI

Indictments returned against the defendants in the U.S. District Court for the South District of New York detail how the defendants allegedly used a strain of malware generically known as DNS Changer to hijack victim computers for the purposes of redirecting Web browsers to ads that generated pay-per-click revenue for the defendants and their clients. U.S. authorities allege that the men made more than $14 million through click hijacking and advertisement replacement fraud.

DNS Changer most often comes disguised as a video “codec” supposedly needed to view adult movies. It infects systems at the boot sector level, hooking into the host computer at a very low level and making it often very challenging to remove. This malware family didn’t just infect Microsoft Windows systems: Several versions of DNS changer would just as happily infect Mac systems as well. Other variants of the malware even hijacked DNS settings on wireless home routers. The FBI has posted several useful links to help users learn whether their systems are infected with DNS Changer.

Feike Hacquebord, senior threat researcher for security vendor Trend Micro, called the arrest the “biggest cybercriminal takedown in history.” In a blog post published today, Hacquebord and Trend detail the multi-year takedown, which involved a number of front companies, but principally an entity that Tsastsin founded named Rove Digital:

In 2009 we obtained a copy of the hard drives of two C&C servers that replaced advertisements on websites when loaded by DNS Changer victims. On the hard drives we found public SSH keys of several Rove Digital employees. These keys allowed the Rove Digital employees to log in on the C&C servers without password, but with their private key. From log files on the servers we were able to conclude that the C&C servers were controlled from Rove Digital’s office in Tartu.

Rove Digital had also been running a fake AV / rogue DNS affiliate program called Nelicash. We were able to download a schema of the infrastructure for the fake AV part. From a Nelicash C&C server we discovered data on victims who bought fake AV software. Among the purchases of victims, there were several test orders placed by employees of Rove Digital from IP addresses controlled by Rove Digital in Estonia and the US. This shows that Rove Digital was directly involved in the sales of the fake AV.

From the same Nelicash C&C server we were also able to download a detailed planning of the deployment of new rogue DNS servers in 2010 and 2011. Every day, Rove Digital spread a new malware sample that changed systems’ DNS settings to a unique pair of foreign servers. We checked DNS Changer Trojans for a couple of days and we learned that these Trojans changed DNS settings of victims exactly according to their plan.

We collected much more evidence but we are unable to include them all here. All of our findings indicate that Rove Digital is committing cybercrimes on a large scale indeed and is directly responsible for the large DNS Changer botnet.

As its name suggests, DNS Changer works by hijacking the domain name system (DNS) server settings on a computer; these settings point to Internet servers that are responsible for translating human-friendly domain names like example.com into numeric Internet addresses that are easier for computers to understand. DNS Changer swapped out victims’ legitimate DNS server settings with the addresses of DNS Servers controlled by Rove Digital. Armed with that control, the defendants could redirect any part of the Web browsing session on an infected user’s computer.

This presented a unique challenge for the law enforcement officials and private security experts who sought to dismantle the fraud network. Experts had identified a large number of rogue DNS servers that were owned by front companies tied to Rove Digital, and indeed secured a court order to seize control over those servers. But experts warned the FBI that seizing the rogue DNS servers without first putting in place a backup system would effectively kill Internet access for the four million computers worldwide that were infected with DNS Changer.

In response, the court appointed the job of swapping out the rogue DNS servers for clean ones to Internet Systems Consortium (ISC), a California nonprofit that maintains BIND, a DNS software package that is widely used throughout the Internet.

“The big concerns came when all the evidence had built up on the law enforcement side, and people said, ‘Hey, there are millions of infected systems whose DNS is wrong,’” said Barry Greene, president and CEO of ISC. “We really wanted to keep people from having their DNS shut down, and everyone calling the help desk at their ISP or security provider to complain that their Internet wasn’t working.”

In a press call with reporters, FBI officials said they would be working with industry to help notify ISPs about customers infected with DNS Changer.

“It’s a complicated cleanup because the malware they put on there is boot-sector stuff,” Greene said. “So we’re not finished. We just finished phase 1, which is law enforcement putting handcuffs on people and making sure we don’t black out people on the ‘Net. The press release and outreach is phase two, and cleanup is phase three. We’ll be doing that for some time, I think.”

Officials from the FBI and the U.S. Attorney for the Southern District of New York said they would seek to extradite the defendants to the United States. An FBI official told reporters that four of the arrested have been charged in Estonia and will probably face trial and any judgment over in that country before being extradited. The FBI said it would concentrate on extraditing two of the men arrested — Anton Ivanov and Valeri Aleksejev — neither of whom were charged in Estonia but were arrested provisionally.

The U.S. government has had some success in extraditing Estonian cybercriminals. Sergei Tsurikov, an Estonian man convicted of participating in the coordinated $9 million ATM heist against RBS Worldpay in late 2008, was extradited to the U.S. last year after serving part of his time in an Estonian prison. Tsurikov is currently being processed through an federal jail in Atlanta.

A copy of the indictments returned against the seven men is available here (PDF). This link from Estonian news outlet Delfi includes several pictures of the arrest and seizure of equipment from Rove Digital properties.

Grigor Gatchev - A Weblog: Домейн форум

This post was syndicated from: Grigor Gatchev - A Weblog and was written by: Григор. Original post: at Grigor Gatchev - A Weblog

Става дума за събиране, посветено на gTLD програмата на ICANN. (Ако това ви звучи на китайски – става дума за тънкостите около управлението на имена на домейни, и надали ще ви е интересно. Подходяща е за хора, които се занимават с DNS – регистрари, администратори, Интернет доставчици и т.н.)

Провежда се в зала “София” на Гранд хотел “София”. (Познайте в кой град е. ;-) ) Започва в понеделник сутринта, та до вечерта. (Във вторник до обяд ще има лични срещи.) Предвиждат се огромен куп лекции, някои от тях от наистина интересни хора – президентът на ICANN Род Бекстрьом, Аври Дория, Бен Крауфорд, Вернер Щауб, Натали Тренаман и още куп други. Има и предостатъчно българи – Драгомир Славов и Даниел Калчев от Регистър.БГ, юристите Георги Димитров и Николай Кискинов, (разбира се) представителят на ICANN Вени Марковски, Юлиан Бориславов от ICN.bg… Ще има обяснения какво е аджеба тая нова gTLD програма, как се кандидатства за регистрар по нея, юридически аспекти, сигурност и прочее.

Надали бих могъл да разкажа подробно всичко, а и не е нужно – на практика цялата достъпна информация може да бъде открита на сайта на събитието. За участие се изисква безплатна регистрация, и към момента, в който пиша това, има още девет места свободни. Така че ако сте специалисти по DNS, или професионалисти в областта, се чувствайте поканени. С гаранция ще има какво интересно да видите и чуете. :-)

Grigor Gatchev - A Weblog: Домейн форум

This post was syndicated from: Grigor Gatchev - A Weblog and was written by: Григор. Original post: at Grigor Gatchev - A Weblog

Напоследък свързваме думата “форум” с електронен Хайд парк, където можеш да псуваш анонимно до крампи на пръстите. Този път обаче става дума за доста обичайна по формат конференция на тема ICANN и програмата им за нови домейни.

Датата на провеждането е уточнена за 7 ноември 2011 г. (Всякакви съвпадения са случайни. :-) ) Мястото е Гранд хотел София. Обещано е присъствие на сума ти народ от ICANN (вероятно някои ще се откажат, но с гаранция ще останат достатъчно.) Очакват се куп интересни лекции. (Оставени са и няколко свободни слота за желаещи за лектори, които предложат интересни и важни лекции в рамките на темата – ако имате желание да сте лектор, не се колебайте да изпратите презентация.)

Събитието вероятно ще е интересно и за най-професионалните регистратори на домейни и доставчици на Интернет. Вероятно ще е много полезно за организации, които смятат да кандидатстват за собствен домейн от първо ниво. (Напоследък това става все по-лесно. Очаквам скоро да мога да си регистрирам нещо от сорта на григор.сульо-и-пульо… :-) ) В същото време, немалко от лекциите ще са напълно по познанията дори на обикновени домейн регистранти и Интернет потребители. Предвидено е да има полза и за юристите в областта на интелектуалното право, а се надявам да дойдат и хора от академичната общност (ако Дянков не успее да затвори БАН дотогава).

Засега се планира основните теми да са три:
- новите домейни на ICANN
- кандидатстването за домейн от първо ниво и управлението на регистъра му
- многострадалният вече български домейн на кирилица, DNSSEC и домейните при IPv6

Нищо чудно обаче да се появи и нещо интересно извън тях. Ако имате нещо общо с домейните в Интернет, дръжте сайта на мероприятието под око. Може да се окаже полезно. :-)

Разбира се, търсим и спонсори. Предложението може да се окаже интересно за Интернет доставчици, търговци на домейни, търговци на специализиран за Интернет хардуер и дори просто фирми, които искат да получат видимост в българския ИТ свят (а може би не само в българския – все пак се очаква да има доста сериозно присъствие от ICANN).

Накратко – очаквам да бъде интересно. :-)

Krebs on Security: WHOIS Problem Reporting System to Gain Privacy Option

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

A system that allows anti-spam activists to report entities that bulk-register domain names using false or misleading identity data is about to gain a much-needed new privacy feature: The option for activists not to expose their identities to the very spammers they’re trying to report.

The Internet Corporation for Assigned Names and Numbers (ICANN), the organization that oversees the Internet’s domain name system, runs a program called the WHOIS Data Problem Reporting System (WDPRS). It’s designed to allow Internet community members to alert registrars about customers that list incomplete or inaccurate contact records for domain registrations.

The policy of requiring registrars to make WHOIS data publicly searchable is no doubt a contentious one, but the reality is that spammers and scammers frequently bulk register large numbers of domains in one go, and tend to take their business to registrars that don’t ask too many questions. Indeed, some domain registrars have built a business out of catering to spammers and scammers.

In many cases, spammers will mass-register domains using completely bogus contact information, or — as appears to have been the case with hundreds of domains that were used recently in an attack against KrebsOnSecurity.com — with the contact information belonging to people whose stolen credit cards were used to fraudulently register the spammy domains.

Some anti-spam activists have pursued bulk registrants with false WHOIS data because, under ICANN’s rules, registrars are supposed to investigate and eventually suspend domains whose owners fail to respond to requests to verify or correct false WHOIS data. And in direct response to a massive influx of reporting on these domains by such activists, ICANN built the WPDRS.

But at some point, ICANN began sharing the names and email addresses of people who were reporting the erroneous WHOIS information with the registrars for each offending domain, exposing the identities of any anti-spam activists who used their real contact information in reporting the issues to ICANN.

Ronald Guilmette, an anti-spam activist and a frequent user of the WDPRS, said ICANN’s decision to share reporter information with registrars puts reporters in the awkward and ironic position of having to spoof their identify to report domain registrants who are spoofing their identities.

“It should not be news to ICANN that some of these registrars are not lily white,” Guilmette said. “The effect of forwarding reporter information is a chilling one, and ICANN is in effect going to be discouraging people from even filing these reports because of fear of retaliation.”

I reached out to ICANN on this issue, and heard from Stacy Burnette, the organization’s director of contractor compliance. Burnette said ICANN had heard the concerns of the community and would be making changes to the system as a result.

“We’ve received some comments about our current WDPR system, and how it identifies reporter information, so we are making an adjustment whereby a reporter can elect to have identity information revealed or not,” Burnette said. “If they elect to not have that information revealed, we will not send the reporter’s name and email address.”

Burnette declined to offer a date by which the changes would be made. “We’re working to make sure this happens shortly,” she said.

 

TorrentFreak: BitTorrent Based DNS To Counter US Domain Seizures

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

The domain seizures by the United States authorities in recent days and upcoming legislation that could make similar takeovers even easier in the future, have inspired a group of enthusiasts to come up with a new, decentralized and BitTorrent-powered DNS system. This system will exchange DNS information through peer-to-peer transfers and will work with a new .p2p domain extension.

dot-p2pIn a direct response to the domain seizures by US authorities during the last few days, a group of established enthusiasts have started working on a DNS system that can’t be touched by any governmental institution.

Ironically, considering the seizure of the Torrent-Finder meta-search engine domain, the new DNS system will be partly powered by BitTorrent.

In recent months, global anti-piracy efforts have increasingly focused on seizing domains of allegedly infringing sites. In the United States the proposed COICA bill is explicitly aimed at increasing the government’s censorship powers, but seizing a domain name is already quite easy, as illustrated by ICE and Department of Justice actions last weekend and earlier this year.

For governments it is apparently quite easy to take over the DNS entries of domains, not least because several top level domains are managed by US-based corporations such as VeriSign, who work closely together with the US Department of Commerce. According to some, this setup is a threat to the open internet.

To limit the power governments have over domain names, a group of enthusiasts has started working on a revolutionary system that can not be influenced by a government institution, or taken down by pulling the plug on a central server. Instead, it is distributed by the people, with help from a BitTorrent-based application that people install on their computer.

According to the project’s website, the goal is to “create an application that runs as a service and hooks into the hosts DNS system to catch all requests to the .p2p TLD while passing all other request cleanly through. Requests for the .p2p TLD will be redirected to a locally hosted DNS database.”

“By creating a .p2p TLD that is totally decentralized and that does not rely on ICANN or any ISP’s DNS service, and by having this application mimic force-encrypted BitTorrent traffic, there will be a way to start combating DNS level based censoring like the new US proposals as well as those systems in use in countries around the world including China and Iran amongst others.”

The Dot-P2P project was literally started a few days ago, but already the developers are making great progress. It is expected that a beta version of the client can be released relatively shortly, a team member assured TorrentFreak.

The project has been embraced by many familiar names in the P2P-community. Former Pirate Bay spokesman Peter Sunde is among them, and the people from EZTV have been promoting it as well.

“For me it’s mostly to scare back. To show that if they try anything, we have weapons of making it harder for them to abuse it. If they then back down, we win,” Peter Sunde told TorrentFreak in a comment.

Although the initiators of the project are still debating on various technical issues on how the system should function, it seems that the administrative part has been thought out. The .p2p domain registration will be handled by OpenNIC, an alternative community based DNS network. OpenNIC also maintains the .geek, .free, .null and several other top level domains.

On the other hand, there are also voices that are for distributed domain registration, which would keep the system entirely decentralized.

The domain registrations will be totally free, but registrants will have to show that they own a similar domain with a different extension first, to prevent scammers from taking over a brand.

The new P2P-based DNS system will require users to run an application on their own computer before they can access the domains, but there are also plans to create a separate root-server (like OpenNIC) as a complimentary service. It’s worth noting that the DNS changes will only affect the new .p2p domains, it will not interfere with access to any other domains.

It will be interesting to see in what direction this project goes and how widely it will be adopted. There are already talks of getting Internet Service Providers to accept the .p2p extension as well, but even if this doesn’t happen the system can always be accessed through the BitTorrent-powered application and supporting DNS servers.

If anything, this shows that no matter what legislation or legal actions are taken, technology stays always one step ahead. The more aggressive law enforcement gets, the more creative and motivated adopters of the Open Internet will respond.

Article from: TorrentFreak.

TorrentFreak: US Lawmakers Want to Quash Pirate Websites

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

United States lawmakers have proposed new legislation today that would allow the Department of Justice to take over domain names of websites that promote copyright infringement. The proposed bill would allow for court orders against domestic as well as foreign sites, which could potentially shutter many torrent sites including The Pirate Bay.

Earlier this year the Obama administration declared war on Internet piracy and counterfeiting. “Piracy is theft, clean and simple,” Vice President Joe Biden said when he announced the Joint Strategic Plan to combat intellectual property theft.

A week later the U.S. Government took action against nine websites suspected of promoting copyright infringement by seizing their domains. The targets were mostly movie streaming sites, but it later became apparent the The Pirate Bay and MegaUpload had also been considered. They have escaped for now.

Taking the domains of suspected sites has proven to be a highly effective tool to shut down sites that are considered illegal, and today a group of US senators proposed legislation to make this a standard procedure.

If signed into law, the “Combating Online Infringement and Counterfeits Act” (pdf via TL) would allow the Department of Justice to file a civil lawsuit against the domain owners. If the courts decide that a site is indeed promoting copyright infringement, the DOJ can order the domain registrar to take the domain offline.

“The Combating Online Infringement and Counterfeits Act will give the Department of Justice an expedited process for cracking down on these rogue Web sites regardless of whether the Web site’s owner is located inside or outside of the United States,” Senator Orin Hatch said.

According to Senator Hatch the new legislation is needed because the Internet has “become a tool for online thieves to sell counterfeit and pirated goods, making hundreds of millions of dollars off of stolen American intellectual property.” When and if the proposed legislation will be signed into law will be decided later.

Aside from the classic ‘pirate’ websites the proposed bill can be an effective tool to take the whistleblower site Wikileaks offline, the domain at least. After all, Wikileaks posted thousands of files that are owned by the United States.

If the proposal is accepted it will change the Internet and how domain names are controlled for good. Thus far, no central Government has the power to take over domains. This power belongs exclusively to the Internet Corporation for Assigned Names and Numbers (ICANN).

As if he saw it coming, ICANN CEO Rod Beckstrom already warned against the legislation that was proposed by US senators today.

“If governance were to become the exclusive province of nation states or captured by any other interests, we would lose the foundation of the Internet’s long-term potential and transformative value,” Beckstrom said last week.

The other interests would be those of the movie studios and record labels in this case.

The MPAA has already applauded the introduction of the bill and offered their full cooperation. “In the coming weeks, we look forward to working with Chairman Leahy and the Senate and House committees to help strengthen the bill,” MPAA’s Bob Pisano said.

Article from: TorrentFreak.

[Медийно право] [Нели Огнянова]: .XXX

This post was syndicated from: [Медийно право] [Нели Огнянова] and was written by: nellyo. Original post: at [Медийно право] [Нели Огнянова]

Бордът на директорите на ICANN е одобрил  искането за домейн .ХХХ за съдържание за възрастни (решението не е окончателно, одобрено е допускането до по-нататъшна процедура).

Обсъждането на искането отне много време и беше отлагано и отхвърляно (хронология и анализ).

Администраторът съобщава за 110 000   резервации на имена.

У нас действа 159 НК:

(1) Който създава, излага, представя, излъчва, предлага, продава, дава под наем или по друг начин разпространява порнографски материал, се наказва с лишаване от свобода до една година и глоба от хиляда до три хиляди лева.

(2) (Нова – ДВ, бр. 38 от 2007 г.) Който разпространява чрез интернет порнографски материал, се наказва с лишаване от свобода до две години и глоба от хиляда до три хиляди лева.

……..

Детската порнография е забранена и по правилата на новия домейн, както и тук.

[Медийно право] [Нели Огнянова]: Управление на интернет: следващи стъпки

This post was syndicated from: [Медийно право] [Нели Огнянова] and was written by: nellyo. Original post: at [Медийно право] [Нели Огнянова]

B дневния ред на следващата сесия на Европейския парламент е обсъждането на управлението на интернет.

Съобщение на ЕК (COM(2009)0277) и проектодоклад на парламентарната комисия по промишленост (PE440.183)

Според ЕК:

Основните принципи, насърчавани от ЕС и довели до успеха на интернет, остават в сила. Трябва да се запази отвореният, оперативно съвместим характер на базовата архитектура на интернет.

Що се отнася до външната отчетност, настоящите споразумения за едностранен надзор по отношение на ICANN и IANA трябва да бъдат заменени от алтернативен механизъм, гарантиращ многостранна отчетност на ICANN.

Това следва да е част от един еволюционен подход, имащ за цел да даде възможност на правителствата да упражняват надлежно своите задължения. В този контекст ще се наложи да се реши въпросът с гарантирането на подходящи средства за въздействие на правителствата върху ICANN независимо от правния характер, възникващ в следствие на подвластността на организацията на калифорнийското право.

Според проектодоклада на комисията:

Да продължи напредъкът в следните области:
– гарантиране на всеобщ и недискриминационен достъп до интернет,
– защитаване на европейската позиция за неутралност на интернет,
– аспекти, свързани със сигурността,
– защита на правото на гражданите на личен живот,
– защита на правото на интелектуална собственост и гарантиране на достъпа на потребителите до културата,
– гарантиране на свободната конкуренция,
– борба срещу престъпността, и по-специално защита на правата на
непълнолетните и малолетните лица.

Grigor Gatchev - A Weblog: Отказът за .бг

This post was syndicated from: Grigor Gatchev - A Weblog and was written by: Григор. Original post: at Grigor Gatchev - A Weblog

Наскоро из медиите излезе съобщение, че ICANN са отказали на България да получи домейна .бг.

В Унинет се опитахме да научим от Министерството на транспорта и ИТ подробности. Бяха ни отказани. Пуснахме искане за достъп по Закона за обществената информация, на което нямат право да откажат. Срокът за отговор обаче е 14 работни дни, и вероятността да получим информацията по-бързо според мен е малка. А информацията е важна – без нея няма как да се обсъжда справедлив ли е отказът, и как следва да се действа в такъв случай.

Без нея се опитах да предположа какви биха могли да бъдат причините за отказа. Единственото, което ми звучи като принципна база да се направи някакъв отказ, е да се твърди, че буквеното съчетание има прилика със съществуващи домейни. (Някои медии предположиха, че става дума за бразилския .br, или домейна на Буркина Фасо, bf. Не зная дали предположенията им са базирани на изтекла истинска информация, или само са гадаели.) Това обаче ми се струва доста малко вероятно.

Като начало, на предварителни консултации с правителството от Унинет бяхме направили проверки за приликата. ICANN разполагат със специализиран инструмент, който я сравнява и дава степен на съвпадение в проценти. Твърди се, че решенията за преценката се вземат основно на негова база, и че ако приликата е над 50%, се прави анкета сред живи хора. Ако и те оценят, че приликата е объркваща, се смятало за база за отказ на домейна.

Инструментът на ICANN оцени приликата с .br на 26 или 27%, не помня точно. За всеки случай се допитахме през Интернет до десетина случайно подбрани бразилци – всички бяха категорични, че не е реално двата домейна да бъдат объркани. По-висока степен на съвпадение (уви, пак не помня колко точно) инструментът даде с домейна на Буркина Фасо, bf. Това доста ни изненада – според нас е нереално човек да ги сбърка. Допитахме се до повечко хора, които не владеят кирилица, и те бяха единодушни с нас: приликата е още по-малка, отколкото с .br; на практика няма никакъв шанс двата домейна да бъдат объркани… За да може Министерството на транспорта и ИТ да аргументира искането си до ICANN срещу аргументи в тази насока, му предадохме резултатите от проверката си.

Затова и смятам, че е много малко вероятно причината за отказ да е тази. Или ако наистина е тази, то ICANN са направили сериозен гаф, и той следва да бъде оспорен. (Факт е, че държави, които проявиха настойчивост, постигнаха далеч по-неосновани искания: Китай например получи два домейна вместо един, и т.н.) Но повтарям, преди да имаме точния отговор на ICANN с причината за отказа (и точно копие от документите, изпратени до тях), е трудно да гадаем каква може да е причината, и кой може да е виновен.

Междувременно в Унинет спретнахме една анкета – как да процедираме оттук нататък. Ако съдбата на българския кирилски домейн не ви е безразлична, моля ви, дайте ни обратна връзка. Обещаваме да я предадем на Министерството на транспорта и ИТ.

Благодаря ви.