[At-Large] Privacy and domain abuse vs the IP constituency

Derek Smythe derek at aa419.org
Sat May 7 03:12:38 UTC 2011 

My view is that the IP constituency ranges from genuine protective and
for the good of all to totally abusive in self interest, much as the
privacy group stretches from a genuine desire for privacy to nefarious
actors that desire anonimity.

The truth is somewhere in between.

To move forward in any way, we first have to understand there is no
passing the buck - this hurts us, our fellow internet users (be they
registrants or not) to legitimate businesses.

There are many that would have a "them" vs "us" scenario and in some
cases it is in their best interest to distract us all.

However, to move forward we all have to understand and accept the
system is being manipulated and we have to work together to oust bad
actors, even  if (dare I say it) we work with members of the "evil" IP
constituency.

We all have valid points and need to accept that privacy is needed,
but not at all costs. Currently privacy is hurting us (the general
consumer) as implemented, also the IP constituency.

In the end there are those tat do not care, it's just more business.

Even though off topic, we even see it with SSL certificates. Nowadays
a SSL certificate is worthless, it has to be a "special" certificate
to convey any trust (theoretically, but that has also been proven wrong).

Example:
https://airfrcdcuk.com/intcourier/contactus.htm
Beautiful SSL certificate (most likely free or a cheapie)

There is nothing bogus about
https://airfrcdcuk.com/PositiveSSL_tl_trans.gif

Note how the company registration and VAT number for
http://www.samedayuk.com/ has been stolen.

This domain is in turn being used to target the general consumer. Let
us look at where this consumer finds himself from the victim list on
airfrcdcuk.com:
> Sweden 
> United States of Ame 
> USA 
> Dominican 
> United States of Ame 
> JORDAN 
> UNITED STATES OF AME 
> U.S.A 
> United States of Ame 
> United States of Ame 
> USA 
> United Kingdom 
> USA 
> Israel 
> Australia 
> USA 
> Saudi Arabia 
> VENEZUELA 
> VENEZUELA 
> jordan 
> New York 
> POLAND 
> Canada 
> New Zealand 
> USA 
> United Kingdom 
> Denmark 
> Sweden 
> Canada 
> AUSTRALIA 
> Espana 
> United State 
> U S A 
> Malaysia 

So who do we blame? The fraudster tucked safely away in Nigeria in
this instance, laughing at us getting nowhere? Registrars are
basically giving most of this to him at virtually no cost. Why, he is
actually becoming quite wealthy after the years he has been exploiting
the system.

He is using his fake registrant details for his business
"bigbizhosting.com".

Yes, fake whois:
> 165, Jalan Ampang,
>    Kuala Lumpur,  50450
>    MY

 is the address for the Hotel Nikko in KL, Malysia. "Dig" around a bit
and get to agamahost at yahoo.com. But Agamahost (Donmaco/Ace live Web
Host/....) is in Nigeria, quite a bit removed from Malaysia - whoops!

Well at least that is better than the reseller that lives in a tree in
New Zealand (as per his whois) and acts as a proxy for other German
users (who happen to set up fake shops, spoofs etc) and host on bullet
proof hosting in Russia. All in the name of privacy of course!

My point is we cannot argue with the IP constituency at this stage.
There has to be better checks throughout the system to cut out the bad
actors. Both us and the IP constituency needs to agree on this is a
start of making it better for all users, commercial or not. At the
moment there is little credibility in the system and is even being
used as a reason in some camps to do away with he current whois
system. Should we ask why trust on the Internet is declining to an all
time low if we are selling trust away (unverified and with free
privacy) at about $10 per domain? Where in the real non-virtual world
would you see this?

Maybe this is too cheap. The savings is being passed on to discrete
registrants, the real cost is being paid later by bystanders being
drawn in (see the country list above), in terms of secondary security
products (anti-virus, firewalls, associated spam costs etc).

We are trying to do something that is unsustainable.

Derek


On 2011/05/07 02:33, Antony Van Couvering wrote:
> Derek,
> 
> These are great points.  If you want to get a response to "how do we counter the IP constituency," it might be useful to hear the perspective of registrars.  
> 
> It may be easy to see what a registrar should do to solve any particular evil.   But the question is, what can a registrar do to deal with a particular evil AND ALSO provide services that consumers want AND ALSO not do things to piss off the consumers.  Asking a registrar to remove popular services or do things that cause a hue and cry with its customers is not realistic.   Of course the IP people don't care about that, because they only care about their livelihood.  
> 
> You might want to forward this to the registrar list and see what they say.   Registrars, as you point out, are a big part of the solution, so they need to be engaged. 
> 
> Antony
> 
> 
> On May 7, 2011, at 7:41 AM, Derek Smythe wrote:
> 
>> Hi Folks
>>
>> Here is a more than excellent example of why domain abuse issues
>> belongs at the registrar and why true privacy will not be possible
>> until abusers are taken care of.
>>
>> It all started off with a report of a phishing site. Doing a reverse
>> lookup on the IP the domain was hosted on, we get the list included below.
>>
>> Spending a bit of time on the search engines quickly shows numerous
>> frauds related to the relevant domains. Digging a bit deeper keeps on
>> leading to a specific "hosting provider" with a track record of these
>> type of domains and even SSL certificate abuse.
>>
>> Now, looking a bit closer at them in terms of whois details, we find
>> gross privacy abuse for the domains used in fraud and fraud attempts.
>>
>> For those that know how, looking very closely at them leads to victims
>> to this fraud and details showing them all to be of the same origin as
>> regards certain design elements.
>>
>> Now, considering the background of the hosting provider, he
>> specializes in these.
>>
>> How do we counter the the IP constituency if they throw these examples
>> at us?
>>
>> How do we deal with this form of domain abuse? The authorities are in
>> the know for a more than a while know. The SSL certificate providers
>> are in the know as well. The domain registrars are in the know.
>>
>> Doing a bit of backtracking leads to this post:
>> http://www.jaguarpc.com/forums/showthread.php?t=24529
>>
>> Now here is the sad part;
>> Since that post, the hosting was terminated and simply moved to
>> another IP at the same hoster, later we have two more more victims in
>> Australia after this move.
>>
>> http://www.rbol-uk.com/INT-UK/ (as I said, those that know how ...)
>>
>> In fact the Nigerian hosting provider is simply moving hosting once
>> caught out. In the meantime the "free one year privacy" is abused to
>> for anonymity and to make tracking more difficult. Without finding,
>> stopping and disabling these domains, the misery they create at the
>> hands of the abusers continues.
>>
>> As you will see, there is no easy way to do a 1-to-1 mapping of domain
>> name against the spoofed domain, so more TLDs will just compound the
>> issue.
>>
>> It also does not help if we claim that domain names have no special
>> meaning, in the eyes of the "ordinary user", how can
>> http://www.barclaysonlineservice.com not be part of Barclays Bank PLC?
>>
>>
>> Just one such IP - 209.217.237.134:
>> adamscolechambers.com
>> airfrcdcuk.com
>> Download your scam kit at https://airfrcdcuk.com/images/intcourier.zip
>> ... or use the online pages:
>> https://airfrcdcuk.com/intcourier/contactus.htm
>>
>> if you search a bit on the contact details, you will see it's a
>> continuation of
>> http://www.complaintsboard.com/?search=Air%20Freight%20Courier%20Delivery%20Service
>>
>> albmb-my.com (http://www.albmb-my.com/INT-BANKING/ - initial report)
>> albmb-my.net
>> babaplc.com
>> banquefinamauk.com
>> barbplcuk.com
>> barcba-uk.com
>> barcbplcuk.com
>> barclaysonlineservice.com
>> barristermayallemersonstuart.com
>> bdl-eu.com
>> boabn.com
>> boaplc-online.com
>> cahootbplc.com
>> capitalcrownbplc.com
>> cbplconline.net
>> chelseabuk.com
>> chevronoilcompany-uk.com
>> chmbchina.com
>> ctmfirm.com
>> davidhunterpartnerschambers.com
>> daviesandpartnerschambers.com
>> ddicourier.com
>> dhlhome-uk.com
>> dib-ae.com
>> dislamiconline-ae.net
>> e-alliancetrustsonline.com
>> e-clydesdalebauk.com
>> e-clydesdalebauk.net
>> e-creditalliance.com
>> eu-finciu.com
>> eurolacbn.com
>> expressparceldelivery-ng.com
>> fbi-govs.com
>> fbi-uk.com
>> fbidirect.org
>> fcmbdirect.com
>> fcmbhome.com
>> frontierforwardings.com
>> fsaofficeonline.com
>> fwcdsonline.com
>> g-maildirect.com
>> gainvestmentlimited.com
>> gcc-as.com
>> globalinvestltd.net
>> halimicrofinance.com
>> hlisbs.com
>> ibarclaydirect.com
>> iraqreconstructionjobs.net
>> irsukonline.com
>> katiemarchart.com
>> kayenterprisesinsurance.com
>> kmiexpresscourier.com
>> leighdaysolicitors.com
>> ltsb-official.com
>> macsreview.com
>> milestonemonetaryfirm.com
>> monitoringcommission.org
>> nbgroupplc.com
>> nokiastaff.com
>> norwichcitybn.com
>> ntwstbnplc.com
>> nwsttbplc.com
>> planfslimited.com
>> rbimb.com
>> rbnsplc.net
>> rbosmy.com
>> responsecs.com
>> rrs-asociados.com
>> thehotmailupdate.com
>> thestudenteventhost.com
>> tpcapitallimited.com
>> uknl-office.com
>> ukpdac.com
>> ukworldlinkcourier.com
>> un-worldwide.org
>> upds-ng.com
>> wapblogin.com
>> yahoo-maildirectonline.com
>> zenithb-ng.com
>> zenithoffices.com
>>
>> Note the impunity with which even the FBI, IRS, United Nations is
>> being impersonated, never mind Yahoo, Hotmail and the rest. And this
>> party has been doing it for years now.
>>
>> Now ask yourself: what number of legitimate domain owners are targeted
>> by lack of domain privacy vs what number of the public are victimized
>> by domain "anonymity"? Which is the lesser of the two evils?
>>
>> Just some real world food for thought.
>>
>> Derek Smythe
>> Artists Against 419
>> http://www.aa419.org
>>
>> _______________________________________________
>> At-Large mailing list
>> At-Large at atlarge-lists.icann.org
>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>>
>> At-Large Official Site: http://atlarge.icann.org
> 
> 
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> 
> At-Large Official Site: http://atlarge.icann.org
>

More information about the At-Large mailing list