Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
23Activity
0 of .
Results for:
No results containing your search query
P. 1
knujon_audit0610

knujon_audit0610

Ratings:

5.0

(1)
|Views: 1,203 |Likes:
Published by The GigaOM Network

More info:

Published by: The GigaOM Network on Jun 21, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

02/18/2013

pdf

text

original

 
KnujOn.com, LLCUpdated: 6/20/2010 Page 1
 
AbstractIntroductionOutlineRegistrars in Potential BreachAbout KnujOnTerms Used
Abstract
This independent audit of ICANN Registrar adherence and compliance to the RegistrarAccreditation Agreement has revealed that162 Registrars may be in breach of their contracts forvarious reasons. The reasons are not trivial, they range from blocking and manipulating WHOISaccess to falsifying applications to knowingly facilitating criminal traffic. This report takes a deeplook at the relationships between registration fraud, DNS manipulation, spam, compliance failureand the growing trade in illicit drugs online. We also offer recommendations to correct theseproblems.
 
Introduction
The authors of this report are members of the ICANN At-Large community, representing Internetusers and consumers globally free of cost. We are committed to improving the quality and safetyof the Domain Name System through constant analysis of Internet abuse data and continualreview of the structure and its compliance mechanisms. We sincerely support ICANN’scommitment the principles of openness, transparency, and accountability. In the interests ofassisting ICANN in reaching its goals we respectfully submit this security assessment to theBoard of Directors, ICANN Staff, the Government Advisory Committee, and all of the supportingcommittees. This report is un-sponsored and unsolicited in an attempt to avoid any untowardinfluence. The intent is to purely represent the frustrated and confused Internet user. The ultimategoal is to assist in securing our Internet for the future.Much of cyber-security’s focus has been on intrusions, mass data theft, phishing, privacyviolations, ID-theft, and malware. For the most part these are incidents. They differ from the focusof this document - illicit Internet product traffic. Illicit product traffic is an ongoing cybercrime thatrequires the continuity and stability that other threats do not. Another major difference is thatservice providers generally do not profit from phishing, intrusions, and data theft. However, illicitproduct traffic presents an opportunity for Registrars to earn significant amounts money throughillicit domain registrations and related domain product services.There are many types of threats on the Internet but our research reveals the heavy influence ofdiverted, altered, and counterfeit prescription drugs. In our estimation this is the number onethreat to consumers and the Internet structure. Additional security threats like malwaredeployment, denial of service attacks, trademark hijacking, botnets, spam, WHOIS fraud, networkintrusions, domain hijacking, Registrar corruption, and electronic money laundering are all tools ofthe global network of illicit drug traffic. Beyond the Internet this traffic impacts the health of thepublic while funding organized crime and terrorist groups.There is no question that underground pharmaceutical traffic is illegal and kills people. Thetraffickers may paint themselves as virtual Robin Hoods who defy the greedy hands ofgovernment and “big pharma”, but in reality they deliver tainted products and cruelly prey on thesick, elderly, and addicted. In contrast with the popular perception, the underground pharmacymarket is far beyond lifestyle drugs like Viagra and Cialis. Tainted and completely fake drugs soldon the Internet include heart, blood-pressure, cancer, diabetes, and AIDS medications. There aremultiple documented cases of chalk pressed into painted pills, HIV test kits that give falseKnujOn.com, LLCUpdated: 6/20/2010 Page 2
 
negatives, “anti-aging” cocktails, and an array of other “snake oils” that give false hope and makethe sick sicker.While Internet illicit drug traffic uses various tools it relies one critical resource to make money,online transaction platforms. Without a secure space to accept electronic payments the expenseof registering domains, deploying malware, and sending spam is wasted. It is important tounderstand that, as Moses Naim of Foreign Policy Magazine states, illicit traffic is abouttransactions, not products
1
. Replace drugs with pirated software and consumer knockoff productsand the problem still exists. While the emphasis of this report is drug traffic, many other issuesare discussed.The transaction platforms in question are domain names. To acquire domain names illicitnetworks need access to another critical resource, Registrars. All businesses need a supportstructure, in this case an illicit support structure. Online drug traffickers have built an array ofonline shops, content/image servers, NameServers, customer service sites, mail servers,newsletter/blog sites, transaction sites, and click-through advertisement processing. Each portionof the structure requires a domain name. Our research shows that the number of domainsregistered for a single drug-related spam campaign is in the thousands. The domains are oftenregistered with false WHOIS or WHOIS shielded by invalid privacy services. The spammeddomains are often terminated quickly but, as we demonstrate, the transaction domains remainintact, the NameServers receive a fresh crop of front-end shop sites and the Registrars rarelyrespond to inquires about this.This all may seem obvious, but what is not obvious is why the illicit transaction structure endures.The answer is weak policy, improper oversight, ineffective enforcement tools, and missingdemand for accountability among service providers.This is why we are focused on the Registrars. Without their sponsorship of the illicit transactionstructure, the problem would not exist. Registrars may claim this is not their responsibility orproblem but we will explain why it is and why a weak policy structure governing the Registrarscreates an atmosphere of permissiveness.
1
Moises Naim, Illicit (Anchor October 10, 2006)
 
KnujOn.com, LLCUpdated: 6/20/2010 Page 3

Activity (23)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
ahendra143 liked this
Rizaldi Djamil liked this
3woosha liked this
Said Benadir liked this
Phuc Thai liked this
Disha Joshi liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->