[NA-Discuss] 26 August 1300 UTC: Briefing Session on RegistrarImpersonation in Phishing Attacks

Jeffrey A. Williams jwkckid1 at ix.netcom.com
Tue Aug 19 02:10:48 EDT 2008 

Nick and all,

  Why would users really care what a Registrars impersonation
attempts?  What users want is that when they report phishing
attempts, regardless of it's origin is that the perp is caught and
punished.  It's clear as history has shown that ICANN's Registrars
are not adequately supervised, and that self regulation doesn't
and hasn't worked.  Self regulation will never work with ICANN's
registries or registrars unless or until they are held accountable.
This means that some of these registrars leadership will need to
be removed from their jobs, and not allowed to enter in the registry
or registrar business for a long time.

  It is also clear that due to the fees ICANN collects for each
domain name registered, that taking harsh measures with miscreant
registrars or registries isn't likely and therefore preferring legal
action by ICANN against one of it's own "Agents" even if they
know that that "Agent" has acted improperly, isn't in ICANN's
best financial interest.  This leaves Registrants, users, and registrant-
users at the mercy of a set of ethics that isn't in concert with
California and US law, by the ICANN leadership.

  I nor any of our members find such a creditable means and method
by which "Oversight" by ICANN of it's contracted and accredited
agents accordingly.

At-Large Staff wrote:

> Dear all,
>
> We would like to invite you to a briefing attended by Dave Piscitello from
> the Security and Stability Advisory Committee (SSAC) on Registrar
> Impersonation in Phishing Attacks.
>
> The briefing will be on August 26th at 1300 UTC. The meeting will be
> recorded and there will be simultaneous interpretation in French and
> Spanish.
>
> Please find the SSAC Advisory on Registrar Impersonation and participation
> instructions on the meeting page. There is also a link to follow this
> presentation using Adobe Connect.
>
> https://st.icann.org/alac/index.cgi?registrar_impersonation_in_phishing_atta
> cks
>
> What is Registrar Impersonation in Phishing Attacks?
>
> The attacker impersonates a domain name registrar and sends an expected or
> anticipated
> correspondence to a registrar¹s customer (a registrant) regarding a domain
> name related
> matter. Examples of expected correspondence include a notice of pending
> expiration of a
> domain name registration, a promotional email, a notice informing the
> registrant of an
> account management issue, or generally, any correspondence that requires or
> encourages
> a customer¹s immediate attention. The correspondence, however, is bogus. The
> phisher
> creates a web site that is deceptively similar to the registrar¹s site to
> induce the customer
> into accessing his domain management account and unwittingly disclose his
> account
> credentials to the phisher. The phisher will use the customer¹s captured
> credentials to
> access the customer¹s domain name portfolio, alter DNS information of domain
> name(s)
> in that account and use the domains to abet additional attacks.
>
> Regards,
>
> Nick Ashton-Hart, Matthias Langenegger, Frederic Teboul
> ICANN At-Large Staff
> email: staff at atlarge.icann.org
>
> ------
> NA-Discuss mailing list
> NA-Discuss at atlarge-lists.icann.org
> http://atlarge-lists.icann.org/mailman/listinfo/na-discuss_atlarge-lists.icann.org
>
> Visit the NARALO online at http://www.naralo.org
> ------

Regards,

Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1 at ix.netcom.com
My Phone: 214-244-4827

More information about the NA-Discuss mailing list