Analysis: Crackdown on domain name crooks

WASHINGTON, May 29 (UPI) -- The non-profit association that oversees Internet addresses is trying to crack down on shady Web pages used by spammers and hackers.

The Internet Corporation for Assigned Names and Numbers sent letters this week to some of the biggest sellers of Internet real estate, warning that those who failed to fulfill their obligations under the rules could be shut down.

"This is about transparency," ICANN Director of Compliance Stacy Burnette told United Press International. "It is an effort to improve the accuracy of information related to who controls" Internet addresses, known as domain names.

Domain names are leased out by companies called registrars, which are accredited by ICANN. As part of the registration process, those leasing domain names -- the registrants -- are required to identify themselves and provide contact information in a huge Internet database known as WHOIS.

But spammers and other criminals who use Web pages to sell counterfeit goods, steal identities or propagate malicious software rarely provide accurate WHOIS information and sometimes do not provide any at all, say Web security specialists.

"It's a huge problem," said Burnette, declining to give more detailed figures on the numbers of registrants reported to have submitted inaccurate or incomplete information.

Burnette told UPI that ICANN has no authority to directly target spammers and other criminals who register domain names and that the registrars it accredits are not required to proactively ensure the accuracy of their registrants' WHOIS information. But they are obliged to follow up reports from ICANN or from the public about missing or incorrect WHOIS data.

"If we find that registrars are not investigating reports (of inaccurate or non-existent WHOIS data) as they are required to, our escalation procedure can ultimately result in their accreditation being terminated," effectively shutting them down, she said.

She said the letters sent this week, known as enforcement notices, required the registrars to detail what steps they had taken to investigate and, if necessary, correct inaccuracies reported to them regarding specific, named domains. The letters set out a deadline by which the registrars must respond.

"Each case is different," said Burnette, adding, "We try to give registrars a reasonable amount of time to respond."

If the registrars fail to respond satisfactorily by the deadline, they can be sent so-called breach notices, giving them 15 days to fix the problem or lose their ICANN accreditation.

Burnette said the notices were the latest step in an enforcement campaign ICANN launched at the end of last year. "We're working aggressively to address the problem," she said, adding that no breach notices had yet been issued.

Many of the domain names at issue are those hosting Web pages advertised in spam e-mails -- billions of unsolicited messages sent every year, mostly by so-called botnets of personal computers that, unbeknownst to their owners, have been taken over by hackers and other cybercriminals.

The messages contain links to Web pages selling discounted (and often counterfeit) pharmaceuticals, jewelry and other products, or -- in the case of so-called phishing e-mails -- to pages purporting to belong to banks or other financial institutions and where customers are asked to enter personal data that can be used to steal their identity and their money.

Often the pages attempt to load malicious software onto any computer that visits them -- hacker programs that will recruit them into a spammer's botnet.

Earlier this month Web security outfit KnujOn -- "no junk" spelled backward -- analyzed millions of spam e-mail messages forwarded by members of the public. They concluded that 90 percent of the Internet addresses the spam advertised had been leased by just 20 registrars.

"KnujOn has found that a minority of registrars are skirting these rules (about registration requirements), and the result is a vacuum with little enforcement or oversight that online criminals have filled with Web sites selling bogus prescription drugs, knockoff luxury products, pirated software, fake consumer goods and phantom mortgages," the analysis reads.

KnujOn's analysis shows that the three worst offenders -- ranked according to the proportion of domain names they had registered that were advertised in spam e-mail, and the numbers of e-mails sent advertising those Web sites -- were all Chinese companies.

But the Top 10 offenders also include major U.S. registrars like Bellevue, Wash.-based eNom Inc. and Moniker, in Pompano Beach, Fla., each of which leases millions of domain names.