Last month I published an article called "What's Driving Spam and Domain Fraud? Illicit Drug Traffic" which explained how the many of the troublesome online crime issues are related to the online sale of narcotics and dodgy pharmaceuticals. Since this article was published we have witnessed one of the largest international law enforcement efforts against online drug traffic (Operation Pangea II)... more
WHOIS issues are looming large for the ICANN meeting next week, starting with an all-day WHOIS Policy Review on Sunday (background). WHOIS is a subject that has been the recent topic of a number of issues including a debacle over potentially disclosing the identities of compliance reporters to spammers and criminal domainers. more
Those who have been involved in the ICANN process as long as I have naturally become accustomed to ICANN controversies at all levels. But the latest is a "wrong" of international ramifications. The four (4) versions of the Guidebook for the new generic Top-Level Domains (gTLDs) have been hundreds of pages long with a lot of The Good, The Bad, and to some, The Ugly. However, something new has appeared in the 4th and latest version called DAG4 can be called: "The Disturbing". more
It's been a very bad month for ESPs, companies that handle bulk mailings for their clients. Several of them have had internal security breaches, leaking client information, client mailing lists, or both. Many have also seen clients compromised, with the compromised credentials used to send spam. The sequence of events suggests all the ESPs whose clients were compromised were themselves compromised first. (That's how the crooks knew who to attack.) more
In the wake of Google's settlement with the Department of Justice for permitting advertising by illegal online pharmacies, what are the legal implications for Domain Name Registrars and ISPs in the US and elsewhere? In short, if you're a Registrar or ISP, it's a new ballgame. Here's why it's critical for you to steer clear of criminal and civil liability by making sure your registration services aren't used by rogue online pharmacy criminals. (And, here's how to do it.) more
The UK today is one of the main attack targets by phishing organized crime groups, globally. Phishing damages will amount to about two billions USD in 2006 worldwide -- not counting risk management measures such as preventative measures, counter-measures, incident response and PR damages. In most cases, phishing is caused by the fault of the users, either by entering the wrong web page, not keeping their computers secure or falling for cheap scams. Often this is due to lack of awareness or ability in the realm of Internet use rather than incompetence by the users... more
A new report published by the insurance giant, AIG, claims phishing attacks via email, often targeted at senior executives, has overtaken ransomware. more
My weekly technology law column focuses this week on the new CIRA whois policy that is scheduled to take effect on June 10, 2008. The whois issue has attracted little public attention, yet it has been the subject of heated debate within the domain name community for many years. It revolves around the whois database, a publicly accessible, searchable list of domain name registrant information (as in "who is" the registrant of a particular domain name). more
A project named S-GPS or Spammer Global Positioning System, by Microsoft researchers uses spammer identification rather than spam identification to identify zombie-based spammers. more
As a designated committee of experts prepares to draft a new treaty to combat the use of information and communications technologies in cybercrime at the UN in January 2022, it is paramount that other stakeholders oversee these discussions to avoid violating human rights on the Internet. This initiative was kickstarted by a 2019 resolution led by Russia and endorsed by other countries considered by many to behavior controversially on cybersecurity matters, such as China, Venezuela, Cambodia, North Korea, and others. more
I just finished reading Richard Clarke and Robert Knake's book Cyberwar. Though the book has flaws, some of them serious, the authors make some important points. They deserve to be taken seriously. I should note that I disagree with some of my friends about whether or not "cyberwar" is a real concept. Earlier, I speculated that perhaps it might be a useful way to conduct disinformation operations, but it need not be so limited. more
Reading this morning's blog from Microsoft about "Operation b70" left me wondering a lot of things. Most analysts within the botnet field are more than familiar with 3322.org - a free dynamic DNS provider based in China known to be unresponsive to abuse notifications and a popular home to domain names used extensively for malicious purposes - and its links to several botnets around the world. more
Bell Canada, nation’s largest telecommunications company, disclosed late on Monday the illegal access of Bell customer information by an anonymous hacker. more
This week United States Attorney-General William Barr cited the need to address child exploitation as one of the factors motivating a mooted review of law called CDA 230, which provides that Internet companies aren't responsible for what their users say or do online. There are many dimensions to the problem of child exploitation, ranging from inappropriate comments on Instagram photos to child grooming on Fortnite... more
The apparent cyber heist of of $81 million from the Bangladesh central bank's U.S. account may cause some people to question the security of online banking. While the online theft prompted SWIFT - a cooperative owned by 3,000 financial institutions around the world -- to make sure banks are following recommended security practices, the incident also could have ramifications for banking customers worldwide. more
A World-Renowned Source for Internet Developments. Serving Since 2002.