Wednesday, September 5, 2018

Second UPDATE: Registries and Law Enforcement Agencies

It often requires a court order for an accredited registrar or a registry (ccTLDs, legacy and new gTLDs) to respond to a security threat and when going through an online procedure, it can take...months.

Procedures to stop a phishing operation for example have to go through filling several online forms or sending an email to a registry or a registrar, then wait for something to happen. Such situations are a nonsense since a phishing operation should and could be stopped instantly by "taking down" the domain name.

Changing the status of a domain at the registry level can stops the domain name hosting the phishing operation from working and investigations can then start.

Why are procedures blocking simple things like stopping a phishing or homograph attack from being possible when this could be done instantly? Threats attempts are not going stop, and they're not going to decrease neither.

Law enforcement agencies
These agencies don't do things to be more profitable, nor they have a financial interest in doing their job. They don't work for a client, and if they have one, it is the civil society: these agencies contribute to tracking criminals, stopping pedophiles, terrorists and other persons who think that they can hide behind a fake profile or a domain name.

These agencies should be treated differently when contacting a registry since they contribute to saving lives and not increase the income of a private company.

A dedicated point of contact
Registries seat on top of the pyramid when it comes to domain name infringement: they are the legal entity to take the technical action on a domain name: they can press the button for something to happen FAST.

I often contact registries and found almost no direct contact for law enforcement agencies, which have to stand in line and use the standard contact forms or abuse emails. I believe that this could change since phishing and homograph attacks are becoming more and more sophisticated. The increasing number of new gTLDs won't help lowering these threats in the future.

The ICANN answer
I asked ICANN the following question: "Which working group at ICANN can help national law enforcement agencies to work on the creation of a direct contact at registries for major threats?"

If I noticed that such point of contacts exist at an extremely limited number of registries, I also noticed that such question could be raised at the ICANN for the benefit of consumers. The ICANN answered me and I was offered to look at a certain number of organizations:
  • The Anti-Phishing Working Group, which did not answer the last email that I sent them when I informed them about an ongoing phishing operation (this organization requires a payment of a membership);
  • The Messaging Malware and Mobile Anti-Abuse Working Group that I never heard about and which also requires a membership payment too. They wrote "Recommendations for Preserving Investments in New Generic Top-Level Domains (gTLDs)" in January 2018;
  • The At Large Community (ALAC) which is "the primary organizational home for the voice and concerns of the individual Internet user in the ICANN processes". As a long time contributor to this community ("new gTLDs topic"), I didn't know that I was already in the place to have my question answered so I have questioned the ALAC staff.
The staff answered me with the below:

"Thank you for your inquiry. Your topic of interest is broad, and several groups within ICANN discuss these issues.
Might I point you to related working group pages, where you may familiarize yourself with their issues and determine the best fit:
In addition, there is a page on the ICANN website with resources for Registry Operators. Please let me know if we may assist you further."

As expected, the answer received was fast and if I doubt that the GAC will help, the Security and Stability Advisory Committee (SSAC) might do so, so I sent a third email to the SSAS staff with this question: "I have the question below and wonder where national law enforcement agencies should debate to raise this question. Is the SSAC working group the right place where to start a debate and incite registries to provide a point of contact dedicated to national law enforcement agencies?"

Second update and final
ICANN answered me the below and I have to admit that...they answer fast for such an important organization. Surprisingly, following the publication of this post, I was contacted by "users" who have similar questions don't need to know about the rest ;-)
The answer from ICANN:
I wish I had been given the name of a person to contact directly because, as you might have understood, I don't just do this for fun; but I guess that I'll dig i the SSR direction.

.BRAND new gTLD Reports are updated once a month: CLICK HERE !