Internet body cracking down on shady Web sites

By SHAUN WATERMAN, UPI Homeland and National Security Editor  |  Oct. 2, 2008 at 6:22 PM
share with facebook
share with twitter

WASHINGTON, Oct. 2 (UPI) -- The non-profit association that oversees Internet addresses says it will effectively close down two major domain registrars unless they fix flaws in their system for investigating shady Web sites.

The Internet Corporation for Assigned Names and Numbers sent formal letters called breach notices Tuesday to two of the registrars it accredits, giving them 15 days to fix the problem or lose their accreditation. The registrars -- Swiss-based Joker.com and Beijing Innovative Linkage Technology Ltd., doing business as DNS.com.cn -- between them lease out about 900,000 Internet addresses, known as domain names.

"We are sending a message in public … that everyone needs to be vigilant," said ICANN Vice President for Corporate Affairs Paul Levins.

Registrars are companies, accredited by ICANN, that lease out domain names, effectively selling Internet addresses.

ICANN Chief Executive Officer Paul Twomey told United Press International that if the companies were de-accredited, there was a process for transferring the domains they had leased to other registrars. "The registrants will be taken care of," he said.

He added that though the companies might be able to keep leasing out domains, they would have to do so as "resellers" for accredited registrars, which would be held accountable for their behavior. Registrars are "responsible for actions of their resellers," he said.

The breach notices are the latest step in a crackdown aimed at improving the accuracy of information about who controls domain names and the Web sites based there.

As part of the registration process, those leasing domain names from registrars -- the registrants -- are required to identify themselves and provide contact information in a huge Internet database known as WHOIS.

But spammers and other criminals who use Web pages to sell counterfeit goods, steal identities or propagate malicious software rarely provide accurate WHOIS information and sometimes do not provide any at all, say Web security specialists.

"There are some domain registrars who facilitate criminal activities on the Web by turning a blind eye" to registrants who deliberately provide false or incomplete WHOIS information, said Garth Bruen of the anti-spam advocacy group KnujOn -- "no junk" spelled backward.

He said a hard core of registrars rent most of the domain names where are based the Web sites advertised in spam e-mails -- billions of unsolicited messages sent every year, mostly by so-called botnets of personal computers that, unbeknownst to their owners, have been taken over by hackers and other cybercriminals.

Earlier this year Bruen analyzed millions of spam e-mail messages forwarded by members of the public. He concluded that 90 percent of the Web addresses the spam advertised had been leased by just 20 registrars.

ICANN says it has no authority to directly target spammers, counterfeiters and other criminals who register domain names and that the registrars it accredits are not required to proactively ensure the accuracy of their registrants' WHOIS information. But they are obliged to follow up reports about missing or incorrect WHOIS data, and the failure of Joker.com and DNS.com.cn to do so is what led ICANN to issue the breach notices.

"The good registrars, which is the vast majority of them, welcome this enforcement," said Levins, adding that a recent audit had found 850 out of 900 accredited registrars were complying with requirements to get accurate and complete data from registrants.

"I don't want to minimize the problem," he said, "that is potentially millions of domain names" where there is no process in place for ensuring that registrants provide accurate and complete information about who they are.

Among the Internet addresses whose owners hide behind missing or bogus WHOIS information are sites selling counterfeit pharmaceuticals, jewelry, clothing and other brand products -- also heavily advertised in spam e-mail.

MarkMonitor, a company that says it safeguards online brands for more than half of the Fortune 500 companies, estimates there is a $137 billion annual trade in such counterfeit goods.

Margie Milam, general counsel for MarkMonitor, said a big part of the problem is the procedure for resolving disputes over trademark infringement by Web sites, called "brand-jacking," or "cyber-squatting."

As a condition of their accreditation, domain registrars agree to comply with an arbitration procedure that companies can use to get control of Web addresses using trademarked addresses.

But she said "a number of registrars simply don't comply" with the procedure. "ICANN's role is to make sure that registrars comply," said Milam. "That's where they could do a better job."

Related UPI Stories
Trending Stories