Changing the status of a domain at the registry level can stops the domain name hosting the phishing operation from working and investigations can then start.
Why are procedures blocking simple things like stopping a phishing or homograph attack from being possible when this could be done instantly? Threats attempts are not going stop, and they're not going to decrease neither.
Law enforcement agencies
These agencies don't do things to be more profitable, nor they have a financial interest in doing their job. They don't work for a client, and if they have one, it is the civil society: these agencies contribute to tracking criminals, stopping pedophiles, terrorists and other persons who think that they can hide behind a fake profile or a domain name.
These agencies should be treated differently when contacting a registry since they contribute to saving lives and not increase the income of a private company.
A dedicated point of contact
Registries seat on top of the pyramid when it comes to domain name infringement: they are the legal entity to take the technical action on a domain name: they can press the button for something to happen FAST.
I often contact registries and found almost no direct contact for law enforcement agencies, which have to stand in line and use the standard contact forms or abuse emails. I believe that this could change since phishing and homograph attacks are becoming more and more sophisticated. The increasing number of new gTLDs won't help lowering these threats in the future.
The ICANN answer
I asked ICANN the following question: "Which working group at ICANN can help national law enforcement agencies to work on the creation of a direct contact at registries for major threats?"
If I noticed that such point of contacts exist at an extremely limited number of registries, I also noticed that such question could be raised at the ICANN for the benefit of consumers. The ICANN answered me and I was offered to look at a certain number of organizations:
Law enforcement agencies
These agencies don't do things to be more profitable, nor they have a financial interest in doing their job. They don't work for a client, and if they have one, it is the civil society: these agencies contribute to tracking criminals, stopping pedophiles, terrorists and other persons who think that they can hide behind a fake profile or a domain name.
These agencies should be treated differently when contacting a registry since they contribute to saving lives and not increase the income of a private company.
A dedicated point of contact
Registries seat on top of the pyramid when it comes to domain name infringement: they are the legal entity to take the technical action on a domain name: they can press the button for something to happen FAST.
I often contact registries and found almost no direct contact for law enforcement agencies, which have to stand in line and use the standard contact forms or abuse emails. I believe that this could change since phishing and homograph attacks are becoming more and more sophisticated. The increasing number of new gTLDs won't help lowering these threats in the future.
The ICANN answer
I asked ICANN the following question: "Which working group at ICANN can help national law enforcement agencies to work on the creation of a direct contact at registries for major threats?"
If I noticed that such point of contacts exist at an extremely limited number of registries, I also noticed that such question could be raised at the ICANN for the benefit of consumers. The ICANN answered me and I was offered to look at a certain number of organizations:
- The Anti-Phishing Working Group, which did not answer the last email that I sent them when I informed them about an ongoing phishing operation (this organization requires a payment of a membership);
- The Messaging Malware and Mobile Anti-Abuse Working Group that I never heard about and which also requires a membership payment too. They wrote "Recommendations for Preserving Investments in New Generic Top-Level Domains (gTLDs)" in January 2018;
- The At Large Community (ALAC) which is "the primary organizational home for the voice and concerns of the individual Internet user in the ICANN processes". As a long time contributor to this community ("new gTLDs topic"), I didn't know that I was already in the place to have my question answered so I have questioned the ALAC staff.
Update
The staff answered me with the below:
"Thank you for your inquiry. Your topic of interest is broad, and several groups within ICANN discuss these issues.
Might I point you to related working group pages, where you may familiarize yourself with their issues and determine the best fit:
In addition, there is a page on the ICANN website with resources for Registry Operators. Please let me know if we may assist you further."
Second update and final
ICANN answered me the below and I have to admit that...they answer fast for such an important organization. Surprisingly, following the publication of this post, I was contacted by "users" who have similar questions and...well...you don't need to know about the rest ;-)
The answer from ICANN:
The answer from ICANN:
- Join a Contractual Compliance & Consumer Safeguards Conversation:
https://www.icann.org/news/blog/join-a-contractual-compliance-consumer-safeguards-conversation - Security, Stability, and Resiliency of the DNS Review (SSR):
https://www.icann.org/resources/reviews/specific-reviews/ssr - There is also an ICANN Barcelona Meeting coming up on October and it may be a good chance to meet with the internet community and attend meetings on Internet Security and Stability. While the full schedule will be announced on October 1st, you may view the details of the meeting from: https://meetings.icann.org/en/barcelona63
I wish I had been given the name of a person to contact directly because, as you might have understood, I don't just do this for fun; but I guess that I'll dig i the SSR direction.
No comments:
Post a Comment
Interested in learning if it makes sense to create your own new domain name extension? Ask Jovenet Consulting for your SWOT analysis.