[LINK] Internet Registrars, a disgraceful bunch

stephen at melbpc.org.au stephen at melbpc.org.au
Sat Sep 6 02:37:42 AEST 2008


If the world's Internet Registrars collectively had the brains of a half
wit, many many Internet problems might be solved almost over-night. Don't
the honest Registrars and ICANN care a toss about the 'health' of the net?

Either ICANN, or self, regulation of Registrars?  Haha .. what a poor joke!

And when domains run out, it will be this same crew, apparently with zero
over-sight, who will be conducting the 'bidding' for addresses. Good grief!

--
Cyber-scammers are entrenched, even in the U.S.

http://weblog.infoworld.com/stratdev/archives/2008/09/cyberscammers_a.html?
source=NLC-STRATEGICDEV&cgd=2008-09-04

New reports from KnujOn, SpamHaus and others detail the way bent and 
phantom Internet Registrars shelter sites that promote illegal drug sales, 
malware, and pornography.

I'm going to name some names of bad actors on the Internet, companies that 
foster, promote, and benefit from cybercrime. I didn't do the original 
research, but I trust the people who did, including KnujOn, SpamHaus, 
StopBadware, and the Washington Post.

Let's start with The Directi Group. 

A company called PDR (PublicDomainsRegistry) is #9 on the list of 10 worst 
Internet registrars, with a registration address given in Beaverton, 
Oregon. 

PDR turns out to be one of 48 ICANN-accredited Registrars that did not 
seem to exist as companies when KnujOn searched for them. The address in 
Beaverton is a phony. 

The company is part of the Directi Group, which also owns 40 other phantom 
registrars, most of which claim the same address in Beaverton. 

Directi now claims to operate from Mumbai, but they don't exist as a 
company in India, either.

Next up, PrivacyProtect.org. 

KnujOn found over 19,000 domains advertised through spam that use 
PrivacyProtect to hide their ownership. 

With further digging, KnujOn isolated 1,820 fake pharmacy domains that use 
PrivacyProtect and are registered through Directi/PublicDomainsRegistry. 

They all resolved to a single IP address at McGill University in Canada; 
they have since been moved to a different single IP address at DongHai 
University in China. 

KnujOn continues:

The service that shields ownership of the unlicensed pharmacies, 
PrivacyProtect.org, is itself a phantom with undisclosed ownership. 

It was revealed in a Washington Post article that the Directi Group 
actually owns PrivacyProtect.org, a fact they did not deny when they 
responded to the article.

Directi claims that it suspends illicit domains, but KnujOn has documented 
the fact that they report them suspended, and then reinstate them at 
another IP address.

And finally, Atrivo. From StopBadware:

Jart Armin, StopBadware.org community volunteer and intrepid security 
researcher, released a report today that concludes that Intercage and 
Atrivo, a California-based family of companies that operate web hosting, 
domain registration, and other online services, are a hub of badware 
activity:

"Atrivo is a major hub of cyber crime based within the USA, and has been 
known as such within the Internet community for many years. Within this 
study we provide detailed evidence not only for public and community 
awareness but also to provide evidence for action.

Atrivo’s reach in the cyber crime community and the Internet as a whole 
runs deep. From their partners in crime, to the domain registration and 
hosting services it has to be remembered this is deliberately misleading 
to avoid detection."

Some of the companies included in the report have built a reputation in 
the security community as being havens for this type of activity, and 
Jart’s extensive research raises questions about the degree to which these 
companies are aware of, and turn a blind eye to, badware activity on their 
systems.

SpamHaus confirms this story:

"Without exception, all of the major security organizations on the 
Internet agree that the 'Home' of cybercrime in the western world is a 
place known as Atrivo/Intercage. We ourselves have not come to this 
conclusion lightly but from many years of dealing with criminal operations 
hosted by Atrivo/Intercage, gangs of cybercriminals - mostly Russian and 
East European but with several US online crime gangs as well - whose 
activities always lead back to servers run by Atrivo/Intercage. We have 
lost count of the times we have tracked a major virus botnet's "command 
and control" to Atrivo/Intercage servers, readers can view here some of 
the current and historic SBL records for Atrivo for a taste of what has 
been happening in this network. At almost every Internet security 
conference, or law enforcement seminar on cyber-crime, a presentation will 
detail some attack, exploit, phish or financial crime that has some nexus 
at Atrivo/Intercage."


There has been some outcry about all this from the ICANN At-Large 
Committee, but as of this writing there has been no response from ICANN's 
Tim Cole. Perhaps that has something to do with the fact that LogicBoxes, 
a Directi-owned registrar, has sponsored ICANN meetings in LA and Delhi.

Posted by Martin Heller on September 3, 2008 02:14 PM

--

Martin Heller » Wall of shame: 10 worst registrars

http://weblog.infoworld.com/stratdev/archives/2008/05/wall_of_shame_1.html

Who are the 10 dirtiest domain registrars according to KnujOn? The list 
follows. For explanations, please refer back to the report page. Not 
surprisingly, the worst three registrars are in China. Number 4 is in 
Germany. Places 5 through 10 are held by U.S. registrars.

What would it take to clean these registrars up or shut them down?

Xinnet Bei Gong Da Software 
Area Building 2, Level 1, BDA Beijing 100176 China 
Total Domains: 897,962 
Reported Sites: 15,551 – 4th highest for site volume (each site is pulled 
from a spam email) 
Proportion of Reported to Total: 1.7% - 4th 
Raw Aggression: 1,644,986 - 1st (Total count of spam emails featuring 
domains at this registrar) 
Proportional Aggression: 183.19 -3rd (meaning 183 spams for each domain 
they hold) 
Overall Score: 3 – 1st, the “worst” 
Inaccuracy Count: 10,383 2nd for inaccuracies (in the last 12 months) 
Inaccuracy Rating: 1% (Typical inaccuracy percentage is 0.004%, anything 
higher than 0.5% is bad) 
Trademark Factor: 1st (This is based on site content and scoring for 
trademarked brands) 

BEIJINGNN 
20/F, Block A, SP Tower, Tsinghua Science Park Building 8, No.1 
Zhongguaneun East Road Haidian District, Beijing 100084 China 
Total Domains: 303,801 Reported Sites: 10,083 -8th highest for site volume 
Proportion of Reported to Total: 3.3% - 3rd 
Raw Aggression: 857,688 - 2nd 
Proportional Aggression: 282.31 - 2nd 
Overall Score: 3.75 – 2nd 
Inaccuracy Count: 6705 - 6th 
Inaccuracy Rating: 2% 
Trademark Factor: 5th 

Todaynic 
Rm 603-605 6B, Xihai Building No. 221 Renmin E. Road Zhuhai City, 
Guangdong Province 519000 China 
Total Domains: 66,314 
Reported Sites: 2,958 -13th highest for site volume 
Proportion of Reported to Total: 4.5% - 2nd 
Raw Aggression: 342,511 - 4th 
Proportional Aggression: 516.5 - 1st 
Overall Score: 5 – 3rd 
Inaccuracy Count: 2260 – 8th 
Inaccuracy Rating: 3% 
Trademark Factor: 11th 

Joker 
Hansaallee 191-193 40549 Duesseldorf Germany 
Total Domains: 636,431 
Reported Sites: 9051 -9th highest for site volume 
Proportion of Reported to Total: 1.42% - 7th 
Raw Aggression: 487,727 - 3rd 
Proportional Aggression: 76.63 - 4th 
Overall Score: 5.75 – 4th 
Inaccuracy Count: 7746 – 4th 
Inaccuracy Rating: 1% 
Trademark Factor: 27th 

eNom, Inc. 
15801 NE 24th St. Bellevue, WA 98008 USA 
Total Domains: 11,040,841 
Reported Sites: 47,007 sites - 1st 
Proportion of Reported to Total: 0.42% - 11th 
Raw Aggression: 317,677 instances or messages - 5th 
Proportional Aggression: 2.9 - 9th 
Overall Score: 6.5 – 5th 
Inaccuracy Count: 8530 – 3rd 
Inaccuracy Rating: 0.1% 
Trademark Factor: 3rd 

MONIKER 
20 SW 27th Ave. Suite 201 Pompano Beach, Florida 33069 
Total Domains: 2,725,240 
Reported Sites: 30628 -2nd highest for site volume 
Proportion of Reported to Total: 1.12% - 8th 
Raw Aggression: 87,071 - 9th 
Proportional Aggression: 3.19 - 8th 
Overall Score: 6.75 – 6th 
Inaccuracy Count: 11,680 – 1st 
Inaccuracy Rating: 0.4% 
Trademark Factor: 21st 

Dynamic Dolphin 
5023 W 120th Ave #233 Broomfield CO 
Total Domains: 45,019 
Reported Sites: 7,846 -10th highest for site volume 
Proportion of Reported to Total: 17.42% - 1st 
Raw Aggression: 23,825 - 16th 
Proportional Aggression: 52.92 - 6th 
Overall Score: 8.25 – 7th 
Inaccuracy Count: 4744 – 6th 
Inaccuracy Rating: 10% 
Trademark Factor: 22nd 

The Nameit Co/AITDOMAINS.COM 
421 Maiden Lane Fayetteville, N.C. 28301 
Total Domains: 155,474 
Reported Sites: 2620 -16th highest for site volume 
Proportion of Reported to Total: 1.68% - 5th 
Raw Aggression: 103,786 - 7th 
Proportional Aggression: 66.75 -5th 
Overall Score: 8.25 – 8th 
Inaccuracy Count: 1433 – 8th 
Inaccuracy Rating: 1% 
Trademark Factor: 45th 

9. PDR 
PDR 14525 SW Millikan #48732 Beaverton Oregon, 97005-2343 
Total Domains: 1,751,224 
Reported Sites: 13,025 - 6th highest for site volume 
Proportion of Reported to Total: 0.74% - 9th 
Raw Aggression: 45,319 – 13th 
Proportional Aggression: 2.59 - 10th 
Trademark Factor: 9.5 – 9th 
Inaccuracy Count: 6986 – 5th 
Inaccuracy Rating: 0.4% 
Trademark Factor: 20th 

Intercosmos/DIRECTNIC 
650 Poydras Street, Suite 1150 New Orleans, Louisiana 70130 
Total Domains: 1,125,148 
Reported Sites: 4918 -11th highest for site volume 
Proportion of Reported to Total: 0.43% - 10th 
Raw Aggression: 50678 - 12th 
Proportional Aggression: 4.504118569 - 7th 
Overall Score: 10 – 10th 
Inaccuracy Count: 868 – 12th 
Inaccuracy Rating: 0.1% 
Trademark Factor: 13th 


Message sent using MelbPC WebMail Server






More information about the Link mailing list