Sign In

Communications of the ACM

ACM TechNews

Domain-Name Abuse Proliferates; Rogue Registrars Turn a Blind Eye

View as: Print Mobile App Share:

Domain name abuse continues to be a serious problem, which is too often proliferated by some registrars who are willing to overlook phony registration information or other indicators that a customer may have less than savory intentions for the domain. Most large registrars track domains that might be used for harmful purposes and suspend them if necessary. However, even the most vigilant registrars can not always outsmart savvy cybercriminals, partly because most registrar services are so dependent on automation.

A recent report by the Anti-Phishing Working Group found that in the second half of 2008 there were 56,959 phishing attacks that used 30,454 different domain names. Of those domain names, approximately 18.5 percent were found to be directly involved in phishing. The rest of the sites were hacked and belonged to domain owners who had no idea what their site was being used to do. ICANN does what it can to prevent such direct domain name abuse, but its policies are still evolving. VeriSign also has offered its aid to the fight against cybercrime by proposing adding a strong authentication service for registrars and registrants for two-factor authentication. Other ideas, such as auditing registrars, also are being considered by ICANN.

No matter what action ICANN or individual registrars may decide to take, true change may be slow in coming, due to a number of jurisdictional legal issues and language issues. Experts say the only way that ICANN will really be able to effectively prevent malicious use of domain names is through validating entries in the Whois database, which are currently often suspect. Even if ICANN were to pursue such a goal, some in the industry doubt whether the organization really should attempt to take on the role of policing the industry it oversees, and that policing should occur at a national level.

No matter what, ICANN will need to find a way to improve the security of the domain name registration system before it introduces new top-level domains or it will be, as one analyst points out, "opening the floodgates" for domain abuse.

From Network World
View Full Article


Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account