The contribution of domain names to cybercrime are outlined in this Network World report. "In the criminal world, domain names are a key part of botnet and phishing operations, and cyber-criminals are plundering domain-name registrars around the world to get them," the report says.
"Criminals are amassing domain names by registering them under phony information, paying with stolen credit cards or hard-to-trace digital currencies like eGold, and breaking into legitimate domain-name accounts. To add to the problem of domain-name abuse, some rogue registrars often look the other way as the money rolls in." "There’s absolutely a big problem," says Ben Butler, director of network abuse at Go Daddy. The article interviews representatives from a number of organisations involved in fighting cybercrime.
One, "ScanSafe researcher Mary Landesman last month uncovered evidence that a handful of Go Daddy domains were being farmed out for use in three distinct botnet-controlled SQL injection attacks against Web sites in India, U.S. and China.
"But the larger issue is not about Go Daddy, which has a good reputation for fighting domain-name abuse, Landesman says. Rather, the problem encompasses the entire domain-name registration system, along with the faulty Whois database of registrant information (overseen by ICANN) that contains fake data, even total gibberish." "It’s not intentionally designed for this kind of abuse, but it works in favor of the criminals," Landesman notes. Effective reform of the domain-name registration process would strike at the heart of Internet crime, she says. Network World also looks at the appeal of domain names in cybercrime. "Criminals who mastermind botnets for spam, phishing, and denial-of-service attacks have come to rely on domain names because it gives them ‘stability’ in their controls, says Joe Stewart, a researcher at Atlanta-based SecureWorks. ‘All the bots can map to the new IP address when it comes up.’" The article also looks at the issue from ICANN’s point of view. "This takes the problem to another level, particularly for ICANN, which has no obvious authority outside of its direct contractual relationships with registrars and registries in the ICANN-driven domain-name world." "Criminal activity that concerns the abuse of domain names is a huge concern to ICANN," says Stacy Burnette, director of contractual compliance for the Marina Del Ray, Calif.-based organization. "It disrupts the system." Meanwhile Dave Piscitello, ICANN’s senior security technologist who works on such issues, told Network World that ICANN plans to introduce a proposal in October for possible new guidelines for tighter security in advance of ICANN’s planned expansion of new gTLDs. "We are focusing more on registration issues and malicious conduct," Piscitello says. "I don’t think anyone wants to see the DNS abused."
To read this report from Network World in full, see:
www.networkworld.com/news/2009/091409-domain-name-abuse.html
www.pcworld.com/article/171954/.html
David Goldstein
