Cybercrime

Cybercrime / Most Viewed

A Question of DNS Protocols

One of the most prominent denial of service attacks in recent months was one that occurred in March 2013 between Cloudflare and Spamhaus... How did the attackers generate such massive volumes of attack traffic? The answer lies in the Domain Name System (DNS). The attackers asked about domain names, and the DNS system answered. Something we all do all of the time of the Internet. So how can a conventional activity of translating a domain name into an IP address be turned into a massive attack? more

Defending Networks Against DNS Rebinding Attacks

DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers. more

An Economic Analysis of Domain Name Policy - Part I

"The Root Server is a Scarce Resource" is the focus of part one of a three-part series based on a study prepared by Karl M. Manheim, Professor of Law at Loyola Law School and Lawrence B. Solum, Professor of Law at University of San Diego. Special thanks and credit to Hastings Communications and Entertainment Law Journal, Vol. 25, p. 317, 2004. ...We begin our analysis of domain name policy with a brief excursion into economics. Economics cannot answer all of the questions raised by domain name policy. First, domain name policy must answer to the discipline of network engineering. A useful domain name system must work, and the functionality, scalability, reliability, and stability of the system are determined by the soundness of its engineering. Second, domain name policy must answer to public policy. The Internet is a global network of networks, and Internet policy is answerable to a variety of constituencies, including national governments, the operators of the ccTLDs, Internet Service Providers, information providers, end users of the Internet, and many others. more

Domain Name Typosquatter Still Generating Millions

Ever visit cartoonneetwork.com? Adaptac.com? Check the URLs carefully, for these aren't the "real" sites operated by the Cartoon Network cable channel or by Adaptec, manufacturer of PC storage devices. Instead, these domains -- and some 5,000+ others -- were registered by a Mr. John Zuccarini. Read on to learn what he is up to and how he has gotten away with it. more

Domain Name Theft, Fraud And Regulations

When it comes to domain name disputes, no domain name has captured more media attention than sex.com. Of course, disputes about sex often obtain a great deal of attention, and the sex.com domain name dispute can grab its share of headlines because the case involves sex, theft, declared bankruptcy, a once-thriving Internet porn business, and fraud, instead of the typical cybersquatting allegations. Indeed, this case is remarkable for its potential impact on the development of caselaw concerning whether there is a valid basis to assume that trademark interests should overwhelm all non-commercial interests in the use of domain names. The answer is no, but the caselaw to support that answer is in tension with cases that strongly imply a contrary conclusion. more

PIR’s Anti-Abuse Policy for .ORG Offers No Due Process for Innocent Domain Registrants

PIR, the registry operator for .org, has sent notices to registrars that it is implementing an anti-abuse policy that offers no due process for innocent domain registrants... While it's good intentioned, there is great potential for innocent domain registrants to suffer harm, given the lack of appropriate safeguards, the lack of precision and open-ended definition of "abuse", the sole discretion of the registry operator to delete domains, and the general lack of due process. more

MegaBust’s MegaQuestions Cloud the Net’s Future

Mid-January 2012 marked a major inflection point for digital copyright policy in the United States... Yet no one involved with Congressional interaction on either side of the issue believes it has been sidetracked for long, and "Hollywood" and "Silicon Valley" are both plotting their next moves in this high-stakes game to further define the responsibilities and potential liabilities... The resolution of this dispute will determine the ability of Internet services to move to "the cloud"... more

Report on Reaction to Zuccarini’s Arrest

On September 3, 2003, United States federal law enforcement officers arrested the notorious John Zuccarini accused of allegedly creating misleading domain names to deceive children and direct them to pornographic websites. Zuccarini's arrest is the first to be made under the Truth in Domain Names Act, which took effect earlier this year prohibiting people from creating misleading domain names as a means to deceive children into viewing content that's harmful to minors, or tricking adults into clicking on obscene websites. What follows is a collection of commentaries made by experts in response to this event...
 more

Invalid WHOIS Data: Who Is Responsible?

Suppose you wanted to know who operates a website at a given domain name. Perhaps you suspect that the domain name is pointing to a website that offers illegal content, or you may just want to send a comment to its authors. Conveniently, the Internet provides a so-called "WHOIS" system that ordinarily provides contact information for each registered domain. But in the case of many hundreds of thousands of domains, the WHOIS data just isn't accurate.  more

Most Abusive Domain Registrations are Preventable

As the WHOIS debate rages and the Top-Level Domain (TLD) space prepares to scale up the problem of rogue domain registration persists. These are set to be topics of discussion in Costa Rica. While the ICANN contract requires verification, in practice this has been dismissed as impossible. However, in reviewing nearly one million spammed domain registrations from 2011 KnujOn has found upwards of 90% of the purely abusive registrations could have been blocked. more

Conflict of Opinion

If a UDRP panelist believes domainers are the same thing as cybersquatters, is he fit to arbitrate? I came across an editorial on CNET today by Doug Isenberg, an attorney in Atlanta and founder of GigaLaw.com, and a domain name panelist for the World Intellectual Property Organization. The guest editorial focuses on Whois privacy and why it's imperative to maintain open access to registrant data for intellectual property and legal purposes. That's a common opinion I've read a million times. Nothing groundbreaking there. But then I was shocked to read that Isenberg generalizes domainers as cybersquatters: "Today, cybersquatters have rebranded themselves as 'domainers.' Popular blogs and news sites track their activities..." more

Where Is Cyberspace?

In my first CircleID post, I compared the cyberspace to a farmland, which has to be cultivated and developed. I ended by asking: Where is cyberspace? I have asked this same question from many people, many of whom are internet experts. They all said the cyberspace is in the computers, networks, or servers, or the Internet itself. I agree with these cyberspace ideas. In addition, my opinion is a bit different. more

Internet Drug Traffic, Service Providers and Intellectual Property

You could call this Part Three in our series on Illicit Internet Pharmacy. Part One being What's Driving Spam and Domain Fraud? Illicit Drug Traffic, Part Two being Online Drug Traffic and Registrar Policy. There are a few facts I'd like to list briefly so everyone is up to speed. The largest chunk of online abuse at this time is related to illicit international drug traffic, mostly counterfeit and diverted pharmaceuticals. more

CircleID’s Top 10 Posts of 2017

It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2017 participants for sharing their thoughts and making a difference in the industry. 2017 marked CircleID's 15th year of operation as a medium dedicated to all critical matters related to the Internet infrastructure and services. We are in the midst of historic times, facing rapid technological developments and there is a lot to look forward to in 2018. more

Internet Attacks Against Georgian Websites

In the last days, news and government web sites in Georgia suffered DDoS attacks. While these attacks seem to affect the Georgian Internet, it is still there... Up to the Estonian war, such attacks would be called "hacker enthusiast attacks" or "cyber terrorism" (of the weak sort). Nowadays any attack with a political nature seems to get the "information warfare" tag. When 300 Lithuanian web sites were defaced last month, "cyber war" was the buzzword. Running security for the Israeli government Internet operation and later the Israeli government CERT such attacks were routine... more