[LINK] Internet Registrars, a disgraceful bunch
David Goldstein
wavey_one at yahoo.com
Mon Sep 8 13:16:51 AEST 2008
It might be wiser to ask if posters to Link had half a brain, they might not fly off the handle at the first scent of a scandal... but that may be asking too much...
These issues were also raised in The Register, who followed up with another story where the Directi denies any involvement in the scams or whatever else you wish to call them outlined below. See http://www.theregister.co.uk/2008/09/03/directi_strikes_back/.
And why should registrars be saints in life, as much as we might wish any organisation or person to be a saint. They are, after all, run by humans who are often enough greedy and without scruples.
David
----- Original Message ----
From: "stephen at melbpc.org.au" <stephen at melbpc.org.au>
To: link at anu.edu.au
Sent: Saturday, 6 September, 2008 2:37:42 AM
Subject: [LINK] Internet Registrars, a disgraceful bunch
If the world's Internet Registrars collectively had the brains of a half
wit, many many Internet problems might be solved almost over-night. Don't
the honest Registrars and ICANN care a toss about the 'health' of the net?
Either ICANN, or self, regulation of Registrars? Haha .. what a poor joke!
And when domains run out, it will be this same crew, apparently with zero
over-sight, who will be conducting the 'bidding' for addresses. Good grief!
--
Cyber-scammers are entrenched, even in the U.S.
http://weblog.infoworld.com/stratdev/archives/2008/09/cyberscammers_a.html?
source=NLC-STRATEGICDEV&cgd=2008-09-04
New reports from KnujOn, SpamHaus and others detail the way bent and
phantom Internet Registrars shelter sites that promote illegal drug sales,
malware, and pornography.
I'm going to name some names of bad actors on the Internet, companies that
foster, promote, and benefit from cybercrime. I didn't do the original
research, but I trust the people who did, including KnujOn, SpamHaus,
StopBadware, and the Washington Post.
Let's start with The Directi Group.
A company called PDR (PublicDomainsRegistry) is #9 on the list of 10 worst
Internet registrars, with a registration address given in Beaverton,
Oregon.
PDR turns out to be one of 48 ICANN-accredited Registrars that did not
seem to exist as companies when KnujOn searched for them. The address in
Beaverton is a phony.
The company is part of the Directi Group, which also owns 40 other phantom
registrars, most of which claim the same address in Beaverton.
Directi now claims to operate from Mumbai, but they don't exist as a
company in India, either.
Next up, PrivacyProtect.org.
KnujOn found over 19,000 domains advertised through spam that use
PrivacyProtect to hide their ownership.
With further digging, KnujOn isolated 1,820 fake pharmacy domains that use
PrivacyProtect and are registered through Directi/PublicDomainsRegistry.
They all resolved to a single IP address at McGill University in Canada;
they have since been moved to a different single IP address at DongHai
University in China.
KnujOn continues:
The service that shields ownership of the unlicensed pharmacies,
PrivacyProtect.org, is itself a phantom with undisclosed ownership.
It was revealed in a Washington Post article that the Directi Group
actually owns PrivacyProtect.org, a fact they did not deny when they
responded to the article.
Directi claims that it suspends illicit domains, but KnujOn has documented
the fact that they report them suspended, and then reinstate them at
another IP address.
And finally, Atrivo. From StopBadware:
Jart Armin, StopBadware.org community volunteer and intrepid security
researcher, released a report today that concludes that Intercage and
Atrivo, a California-based family of companies that operate web hosting,
domain registration, and other online services, are a hub of badware
activity:
"Atrivo is a major hub of cyber crime based within the USA, and has been
known as such within the Internet community for many years. Within this
study we provide detailed evidence not only for public and community
awareness but also to provide evidence for action.
Atrivo’s reach in the cyber crime community and the Internet as a whole
runs deep. From their partners in crime, to the domain registration and
hosting services it has to be remembered this is deliberately misleading
to avoid detection."
Some of the companies included in the report have built a reputation in
the security community as being havens for this type of activity, and
Jart’s extensive research raises questions about the degree to which these
companies are aware of, and turn a blind eye to, badware activity on their
systems.
SpamHaus confirms this story:
"Without exception, all of the major security organizations on the
Internet agree that the 'Home' of cybercrime in the western world is a
place known as Atrivo/Intercage. We ourselves have not come to this
conclusion lightly but from many years of dealing with criminal operations
hosted by Atrivo/Intercage, gangs of cybercriminals - mostly Russian and
East European but with several US online crime gangs as well - whose
activities always lead back to servers run by Atrivo/Intercage. We have
lost count of the times we have tracked a major virus botnet's "command
and control" to Atrivo/Intercage servers, readers can view here some of
the current and historic SBL records for Atrivo for a taste of what has
been happening in this network. At almost every Internet security
conference, or law enforcement seminar on cyber-crime, a presentation will
detail some attack, exploit, phish or financial crime that has some nexus
at Atrivo/Intercage."
There has been some outcry about all this from the ICANN At-Large
Committee, but as of this writing there has been no response from ICANN's
Tim Cole. Perhaps that has something to do with the fact that LogicBoxes,
a Directi-owned registrar, has sponsored ICANN meetings in LA and Delhi.
Posted by Martin Heller on September 3, 2008 02:14 PM
--
Martin Heller » Wall of shame: 10 worst registrars
http://weblog.infoworld.com/stratdev/archives/2008/05/wall_of_shame_1.html
Who are the 10 dirtiest domain registrars according to KnujOn? The list
follows. For explanations, please refer back to the report page. Not
surprisingly, the worst three registrars are in China. Number 4 is in
Germany. Places 5 through 10 are held by U.S. registrars.
What would it take to clean these registrars up or shut them down?
Xinnet Bei Gong Da Software
Area Building 2, Level 1, BDA Beijing 100176 China
Total Domains: 897,962
Reported Sites: 15,551 – 4th highest for site volume (each site is pulled
from a spam email)
Proportion of Reported to Total: 1.7% - 4th
Raw Aggression: 1,644,986 - 1st (Total count of spam emails featuring
domains at this registrar)
Proportional Aggression: 183.19 -3rd (meaning 183 spams for each domain
they hold)
Overall Score: 3 – 1st, the “worst”
Inaccuracy Count: 10,383 2nd for inaccuracies (in the last 12 months)
Inaccuracy Rating: 1% (Typical inaccuracy percentage is 0.004%, anything
higher than 0.5% is bad)
Trademark Factor: 1st (This is based on site content and scoring for
trademarked brands)
BEIJINGNN
20/F, Block A, SP Tower, Tsinghua Science Park Building 8, No.1
Zhongguaneun East Road Haidian District, Beijing 100084 China
Total Domains: 303,801 Reported Sites: 10,083 -8th highest for site volume
Proportion of Reported to Total: 3.3% - 3rd
Raw Aggression: 857,688 - 2nd
Proportional Aggression: 282.31 - 2nd
Overall Score: 3.75 – 2nd
Inaccuracy Count: 6705 - 6th
Inaccuracy Rating: 2%
Trademark Factor: 5th
Todaynic
Rm 603-605 6B, Xihai Building No. 221 Renmin E. Road Zhuhai City,
Guangdong Province 519000 China
Total Domains: 66,314
Reported Sites: 2,958 -13th highest for site volume
Proportion of Reported to Total: 4.5% - 2nd
Raw Aggression: 342,511 - 4th
Proportional Aggression: 516.5 - 1st
Overall Score: 5 – 3rd
Inaccuracy Count: 2260 – 8th
Inaccuracy Rating: 3%
Trademark Factor: 11th
Joker
Hansaallee 191-193 40549 Duesseldorf Germany
Total Domains: 636,431
Reported Sites: 9051 -9th highest for site volume
Proportion of Reported to Total: 1.42% - 7th
Raw Aggression: 487,727 - 3rd
Proportional Aggression: 76.63 - 4th
Overall Score: 5.75 – 4th
Inaccuracy Count: 7746 – 4th
Inaccuracy Rating: 1%
Trademark Factor: 27th
eNom, Inc.
15801 NE 24th St. Bellevue, WA 98008 USA
Total Domains: 11,040,841
Reported Sites: 47,007 sites - 1st
Proportion of Reported to Total: 0.42% - 11th
Raw Aggression: 317,677 instances or messages - 5th
Proportional Aggression: 2.9 - 9th
Overall Score: 6.5 – 5th
Inaccuracy Count: 8530 – 3rd
Inaccuracy Rating: 0.1%
Trademark Factor: 3rd
MONIKER
20 SW 27th Ave. Suite 201 Pompano Beach, Florida 33069
Total Domains: 2,725,240
Reported Sites: 30628 -2nd highest for site volume
Proportion of Reported to Total: 1.12% - 8th
Raw Aggression: 87,071 - 9th
Proportional Aggression: 3.19 - 8th
Overall Score: 6.75 – 6th
Inaccuracy Count: 11,680 – 1st
Inaccuracy Rating: 0.4%
Trademark Factor: 21st
Dynamic Dolphin
5023 W 120th Ave #233 Broomfield CO
Total Domains: 45,019
Reported Sites: 7,846 -10th highest for site volume
Proportion of Reported to Total: 17.42% - 1st
Raw Aggression: 23,825 - 16th
Proportional Aggression: 52.92 - 6th
Overall Score: 8.25 – 7th
Inaccuracy Count: 4744 – 6th
Inaccuracy Rating: 10%
Trademark Factor: 22nd
The Nameit Co/AITDOMAINS.COM
421 Maiden Lane Fayetteville, N.C. 28301
Total Domains: 155,474
Reported Sites: 2620 -16th highest for site volume
Proportion of Reported to Total: 1.68% - 5th
Raw Aggression: 103,786 - 7th
Proportional Aggression: 66.75 -5th
Overall Score: 8.25 – 8th
Inaccuracy Count: 1433 – 8th
Inaccuracy Rating: 1%
Trademark Factor: 45th
9. PDR
PDR 14525 SW Millikan #48732 Beaverton Oregon, 97005-2343
Total Domains: 1,751,224
Reported Sites: 13,025 - 6th highest for site volume
Proportion of Reported to Total: 0.74% - 9th
Raw Aggression: 45,319 – 13th
Proportional Aggression: 2.59 - 10th
Trademark Factor: 9.5 – 9th
Inaccuracy Count: 6986 – 5th
Inaccuracy Rating: 0.4%
Trademark Factor: 20th
Intercosmos/DIRECTNIC
650 Poydras Street, Suite 1150 New Orleans, Louisiana 70130
Total Domains: 1,125,148
Reported Sites: 4918 -11th highest for site volume
Proportion of Reported to Total: 0.43% - 10th
Raw Aggression: 50678 - 12th
Proportional Aggression: 4.504118569 - 7th
Overall Score: 10 – 10th
Inaccuracy Count: 868 – 12th
Inaccuracy Rating: 0.1%
Trademark Factor: 13th
Message sent using MelbPC WebMail Server
Win a MacBook Air or iPod touch with Yahoo!7. http://au.docs.yahoo.com/homepageset
More information about the Link
mailing list