Cybercrime

Cybercrime / Most Viewed

Vendor Selection Matters in the Domain Registrar Ecosystem

Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. Many of the largest companies in the world still lack basic domain security protocols, making them prime targets for bad actors. An attack on a domain can lead to the redirection of a company's website, domain spoofing, domain and domain name system (DNS) hijacking attacks, phishing attacks, network breaches, and business email compromise (BEC). more

Loudmouths Wanted for ICANN WHOIS Replacement Work

TL;DR? It's worth reading, BUT, if not -- ICANN has yet another group looking at WHOIS, and there is a huge push to redact it to nothing. I spend easily half my day in WHOIS data fighting online crime, losing it would not make my job harder, it will make it impossible. PLEASE JOIN THE ICANN GROUP and help us fight back against people who are fighting in favour of crime. more

Jerry Falwell Critic Can Keep Domain Name, Appeals Court Says

I want to call your attention to a very important Internet free speech decision, perhaps the most significant of our domain name cases from the past several years. In Lamparello v. Falwell, the United States Court of Appeals for the Fourth Circuit held today that the use of the domain name www.fallwell.com for a web site devoted to denouncing the views of Rev. Jerry Falwell about homosexuality neither infringes Falwell's trademark in his name nor constitutes "cybersquatting." more

Time to Play Offense

The United States is under cyber-attack. An article in Time magazine titled "The Invasion of the Chinese Cyberspies" discusses a computer-network security official for Sandia National Laboratories who had been "tirelessly pursuing a group of suspected Chinese cyberspies all over the world." The article notes that the cyberespionage ring, known to US investigators as Titan Rain, has been "penetrating secure computer networks at the country's most sensitive military bases, defense contractors and aerospace companies." more

Access Logs Reveal 12M Visits to .CM Typosquatted Sites Just in 2018 So Far

An anonymous tip has lead security experts Brian Krebs and Matthew Chambers to four years of access logs for the entire network of more than 1,000 dot-cm typosquatting domains. more

Should the Government Prepare a Preemptive Cyber-Attack?

The House Committee on Science recently held a hearing to "examine the extent of U.S. vulnerability to cyber attacks on critical infrastructure such as utility systems, and what the federal government and private sector are doing, and should be doing, to prevent and prepare for such attacks." Specific issues addressed at the hearing included whether: 1) the U.S. is able to detect, respond to, and recover from cyber-attacks on critical infrastructure; and 2) is there a clear line of responsibility within the federal government to deal with cybersecurity... more

ICANN Investigating Domain Tasting

ICANN has announced that it is seeking input and feedback on the topic of domain tasting. (See their announcement for full details) Interestingly enough Michael Gilmour published an article a couple of days ago covering the same topic - "Why domain tasting is great!", which will probably raise a few hackles! One point that in particular caught my eye... more

Independence and Security Online Have Not Yet Been Won

As we, here in the United States celebrate our independence this Fourth of July, we are reminded that the liberties and freedoms that come with that independence have yet to be won online. As citizens of this country we are blessed with safety and security from threats both foreign and domestic, but those guarantees have not yet extended to our citizenship in the global Internet community. This is true not just for American citizens, but for all Internet users throughout the world. more

The ‘Millennium Problems’ in Brand Protection

As the brand protection industry approaches a quarter of a century in age, following the founding of pioneers Envisional and MarkMonitor in 1999, I present an overview of some of the main outstanding issues which are frequently unaddressed or are generally only partially solved by brand protection service providers. I term these the 'Millennium Problems' in reference to the set of unsolved mathematical problems published in 2000 by the Clay Mathematics Institute, and for which significant prizes were offered for solutions. more

Virginia Supreme Court Rejects First Amendment Challenge to Spam Statute

Thanks to Prof. Goldman I see that the Virginia Supreme Court issued its opinion in Jaynes, the state-law criminal spam case that has wound its way through the courts there. It affirms the conviction and rejects the various challenges to Virginia's spam statute... As a side note I should say that it's not often one is actually excited to read an order in a case you're not involved with. This is definitely one of those instances where the excitement is palpable... The news reports billed the case as the first felony conviction for sending spam. more

DNS and Stolen Credit Card Numbers

FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more

DDoS Attacks Are Surging Both in Frequency and Sophistication

Cloudflare's new report warns about the significant increase of DDoS attacks and their level of sophistication. The numbers doubled from Q1 to Q2 and doubled again in Q3, resulting in a four-fold increase compared to the pre-COVID level in the first quarter. more

More on Dell’s Anti-Tasting Suit

Dell filed a suit in Florida in early October against a nest of domain tasters in Miami, widely reported in the press last week... The primary defendant is a Miami resident named Juan Vasquez, doing business as several registrars called BelgiumDomains, CapitolDomains, and DomainDoorman, as well as a whole bunch of tiny companies of unknown authenticity... Those registrars have an egregious history of domain churning. I gave a talk on domain tasting at MAAWG in October in which I picked out the registrars who churned the most domains from the May registrar reports, and those three were the worst, each having registered about 500,000 domains, refunded over 10 million... more

Gmail as an Email Honeypot

You all remember cybersquatting, a popular sport in the late 90s, right? McDonalds.com, JenniferLopez.com, Hertz.com and Avon.com thankfully all point to the right web sites today, but thaiairline.com, mcdonald.com, luftansa.com, gugle.com, barnesandnobles.com and other misspellings are fake web sites intended to trap the casual surfer with a hand that's a bit too much quicker than the eye... If you want to go to the McDonalds web site, you don't even spend the 10 seconds to look it up -- you will type McDonalds.com and expect to see the latest dollar meal menu. But the same is true for the other popular form of communication -- email... more

Security Costs Money. So - Who Pays?

Computer security costs money. It costs more to develop secure software, and there's an ongoing maintenance cost to patch the remaining holes. Spending more time and money up front will likely result in lesser maintenance costs going forward, but too few companies do that. Besides, even very secure operating systems like Windows 10 and iOS have had security problems and hence require patching. (I just installed iOS 10.3.2 on my phone. It fixed about two dozen security holes.) more