[At-Large] Privacy and domain abuse vs the IP constituency

Antony Van Couvering avc at namesatwork.com
Sat May 7 00:33:25 UTC 2011


Derek,

These are great points.  If you want to get a response to "how do we counter the IP constituency," it might be useful to hear the perspective of registrars.  

It may be easy to see what a registrar should do to solve any particular evil.   But the question is, what can a registrar do to deal with a particular evil AND ALSO provide services that consumers want AND ALSO not do things to piss off the consumers.  Asking a registrar to remove popular services or do things that cause a hue and cry with its customers is not realistic.   Of course the IP people don't care about that, because they only care about their livelihood.  

You might want to forward this to the registrar list and see what they say.   Registrars, as you point out, are a big part of the solution, so they need to be engaged. 

Antony


On May 7, 2011, at 7:41 AM, Derek Smythe wrote:

> Hi Folks
> 
> Here is a more than excellent example of why domain abuse issues
> belongs at the registrar and why true privacy will not be possible
> until abusers are taken care of.
> 
> It all started off with a report of a phishing site. Doing a reverse
> lookup on the IP the domain was hosted on, we get the list included below.
> 
> Spending a bit of time on the search engines quickly shows numerous
> frauds related to the relevant domains. Digging a bit deeper keeps on
> leading to a specific "hosting provider" with a track record of these
> type of domains and even SSL certificate abuse.
> 
> Now, looking a bit closer at them in terms of whois details, we find
> gross privacy abuse for the domains used in fraud and fraud attempts.
> 
> For those that know how, looking very closely at them leads to victims
> to this fraud and details showing them all to be of the same origin as
> regards certain design elements.
> 
> Now, considering the background of the hosting provider, he
> specializes in these.
> 
> How do we counter the the IP constituency if they throw these examples
> at us?
> 
> How do we deal with this form of domain abuse? The authorities are in
> the know for a more than a while know. The SSL certificate providers
> are in the know as well. The domain registrars are in the know.
> 
> Doing a bit of backtracking leads to this post:
> http://www.jaguarpc.com/forums/showthread.php?t=24529
> 
> Now here is the sad part;
> Since that post, the hosting was terminated and simply moved to
> another IP at the same hoster, later we have two more more victims in
> Australia after this move.
> 
> http://www.rbol-uk.com/INT-UK/ (as I said, those that know how ...)
> 
> In fact the Nigerian hosting provider is simply moving hosting once
> caught out. In the meantime the "free one year privacy" is abused to
> for anonymity and to make tracking more difficult. Without finding,
> stopping and disabling these domains, the misery they create at the
> hands of the abusers continues.
> 
> As you will see, there is no easy way to do a 1-to-1 mapping of domain
> name against the spoofed domain, so more TLDs will just compound the
> issue.
> 
> It also does not help if we claim that domain names have no special
> meaning, in the eyes of the "ordinary user", how can
> http://www.barclaysonlineservice.com not be part of Barclays Bank PLC?
> 
> 
> Just one such IP - 209.217.237.134:
> adamscolechambers.com
> airfrcdcuk.com
> Download your scam kit at https://airfrcdcuk.com/images/intcourier.zip
> ... or use the online pages:
> https://airfrcdcuk.com/intcourier/contactus.htm
> 
> if you search a bit on the contact details, you will see it's a
> continuation of
> http://www.complaintsboard.com/?search=Air%20Freight%20Courier%20Delivery%20Service
> 
> albmb-my.com (http://www.albmb-my.com/INT-BANKING/ - initial report)
> albmb-my.net
> babaplc.com
> banquefinamauk.com
> barbplcuk.com
> barcba-uk.com
> barcbplcuk.com
> barclaysonlineservice.com
> barristermayallemersonstuart.com
> bdl-eu.com
> boabn.com
> boaplc-online.com
> cahootbplc.com
> capitalcrownbplc.com
> cbplconline.net
> chelseabuk.com
> chevronoilcompany-uk.com
> chmbchina.com
> ctmfirm.com
> davidhunterpartnerschambers.com
> daviesandpartnerschambers.com
> ddicourier.com
> dhlhome-uk.com
> dib-ae.com
> dislamiconline-ae.net
> e-alliancetrustsonline.com
> e-clydesdalebauk.com
> e-clydesdalebauk.net
> e-creditalliance.com
> eu-finciu.com
> eurolacbn.com
> expressparceldelivery-ng.com
> fbi-govs.com
> fbi-uk.com
> fbidirect.org
> fcmbdirect.com
> fcmbhome.com
> frontierforwardings.com
> fsaofficeonline.com
> fwcdsonline.com
> g-maildirect.com
> gainvestmentlimited.com
> gcc-as.com
> globalinvestltd.net
> halimicrofinance.com
> hlisbs.com
> ibarclaydirect.com
> iraqreconstructionjobs.net
> irsukonline.com
> katiemarchart.com
> kayenterprisesinsurance.com
> kmiexpresscourier.com
> leighdaysolicitors.com
> ltsb-official.com
> macsreview.com
> milestonemonetaryfirm.com
> monitoringcommission.org
> nbgroupplc.com
> nokiastaff.com
> norwichcitybn.com
> ntwstbnplc.com
> nwsttbplc.com
> planfslimited.com
> rbimb.com
> rbnsplc.net
> rbosmy.com
> responsecs.com
> rrs-asociados.com
> thehotmailupdate.com
> thestudenteventhost.com
> tpcapitallimited.com
> uknl-office.com
> ukpdac.com
> ukworldlinkcourier.com
> un-worldwide.org
> upds-ng.com
> wapblogin.com
> yahoo-maildirectonline.com
> zenithb-ng.com
> zenithoffices.com
> 
> Note the impunity with which even the FBI, IRS, United Nations is
> being impersonated, never mind Yahoo, Hotmail and the rest. And this
> party has been doing it for years now.
> 
> Now ask yourself: what number of legitimate domain owners are targeted
> by lack of domain privacy vs what number of the public are victimized
> by domain "anonymity"? Which is the lesser of the two evils?
> 
> Just some real world food for thought.
> 
> Derek Smythe
> Artists Against 419
> http://www.aa419.org
> 
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> 
> At-Large Official Site: http://atlarge.icann.org





More information about the At-Large mailing list