The first part of this series explained how Amendment 35 to the NTIA-Verisign cooperative agreement is highly offensive to the public interest. But the reasons for saving the Internet are more fundamental to Western interests than a bad deal made under highly questionable circumstances. One of the world's foremost experts on conducting censorship at scale, the Chinese Communist Party's experience with the Great Firewall... more
A few weeks ago, Appdetex published a blog with predictions for 2021, and admittedly, at the date of publication, there were already very clear indications that one prediction was already in flight. In our blog post, we'd said, "With the global domain name system failing to abate abuse, and, in fact, thwarting consumer protection, get ready for a patchwork of local laws targeting attribution and prosecution of bad actors... Get ready for some confusion and turmoil in the world of notice and takedown related to local laws and regulations." more
I recently shared at a conference how a seasoned brand and fraud expert from one of the world's largest global financial institutions lamented a major attack where multiple fraudulent websites would pop up every single day. All attacks were launched from the same registrar and web hosting company, and no matter how much they reached out to these providers, they received the same reply: "we will pass on your request to the registrant or site owner," and then nothing happened. more
The Silent Librarian advanced persistent threat (APT) actors have been detected once again, as the academic year started in September. With online classes increasingly becoming the norm, the group's phishing campaigns that aim to steal research data and intellectual property could have a high success rate. Dozens of phishing domain names have been reported, although some may have already been taken down. more
This isn't the blog post I had hoped to write. When I signed up to participate in ICANN's Expedited Policy Development Process for gTLD Registration Data, I knew we had a lot of work ahead of us, but I was cautiously optimistic that we would, eventually, reach a successful outcome. Today, I find myself looking at things differently. After hundreds of hours and countless meetings and emails, Phase 2 of the EPDP's work has wrapped up with the delivery of our final report to the GNSO Council. more
While the EU is boasting about the success of its flagship privacy law, the General Data Protection Regulation (GDPR), the U.S. administration is ramping up attacks on the system, saying it provides cover to cybercriminals and threatens public health. more
The Registration Operations Workshop (ROW) was conceived as an informal industry conference that would provide a forum for discussion of the technical aspects of registration operations in the domain name system and IP addressing. The 9th ROW will be held online on Tuesday, June 16th, 2020 at 13h00-16h00 UTC. more
While the March report from ICANN's Domain Abuse Activity Reporting system show a general reduction in second-level gTLD domain names identified as being used in phishing, malware distribution, and botnet command and control, it has been widely reported that criminals are taking advantage of the global COVID-19 pandemic by launching malicious online campaigns. There have also been numerous reports of spikes in the use of COVID-19-related domain names for DNS Abuse. more
And so it goes, we are coming to the end of 2019, and that can mean only one thing. It's time for another Domain Name Year in Review. And unlike years past, this year was a real doozy. So without further ado, here are the domain name industry's top 10 biggest stories for 2019... To date, 48 leading registries and registrars have signed onto the "Framework to Address Abuse." The initiative was launched in November 2019, just prior to the ICANN meeting in Montreal. more
Major European legislation, the General Data Protection Regulation, evoked substantial change in the way we deal with the visibility of domain name registration information, and understandably those that use that data to solve problems are concerned about these changes, and some have even called for a U.S. legislative fix. However, a more in-depth look at the issue and the policy-making surrounding it will show that there is, in fact, a process already well underway to address the situation. more
A recent exchange on CircleID highlighted a critical need for data to inform the debate on the impact of ICANN's post-GDPR WHOIS policy that resulted in the redaction of domain name registrant contact data. A bit of background: in my original post, I made the point that domain name abuse had increased post-GDPR. A reader who works with a registrar (according to his bio) commented: "Can you back up that statement with data? Our abuse desk has actually seen a reduction in abuse complaints." more
We've seen alarmingly BIG increases in multiple abusive behaviors – like phishing, hacking and malware – that often leverage the domain name system (DNS) and privacy/proxy services. Cybercriminals capitalize on gaps in DNS security measures, and ICANN is holding the door open for them by failing to implement their privacy/proxy policy. If you are ever targeted, you are not alone. more
It's true, domain data has many practical uses that individuals and organizations may or may not know about. But most would likely be interested in how it can help combat cyber threats, which have been identified as the greatest risks businesses will face this year. Dubbed as the greatest bane of most organizations today, cybersecurity can actually be enhanced with the help of domain data. How? more
New Zealand's Domain Name Commission (DNC) wins in court against the US company DomainTools for "illegally scrapping personal information" of .nz domain name owners. more
How many times have you heard that humans are the weakest link in cybersecurity? The headlines have proven that over and over again. In particular, business email compromise or BEC (also known as email account compromise or EAC) scams, which typically target an employee with access to the financial resources of his company -- this could be a C-level executive or any high-ranking officer -- for fraud are still on a constant uphill trend. more