News and Updates

Ron Jackson – DNW Podcast #237

Domain Name Wire - Mon, 2019-05-20 15:30

Ron Jackson of DNJournal tells us what he’s seeing in the aftermarket.

Ron Jackson keeps tabs on domain name sales at DNJournal. On today’s show he discusses what he is seeing in the market, comparing .com to non-.com TLDs and country code domains. Ron answers the question on if he sees opportunity for domain investors in new TLDs.

Also: Escrow.com numbers, Wix, web browsing security, .Blog and Super Nanny

This week’s sponsor: Name.com.

Subscribe via Apple Podcasts to listen to the Domain Name Wire podcast on your iPhone or iPad, view on Google Play Music, or click play above or download to begin listening. (Listen to previous podcasts here.)

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Jen Sale of Evergreen – DNW Podcast #185
  2. Brewing up Brew.com – DNW Podcast #210
  3. Why this company paid $600k for Carrot.com – DNW Podcast #231
Categories: News and Updates

Amazon might give new TLDs a boost

Domain Name Wire - Mon, 2019-05-20 15:23

The company could drive awareness by using .Amazon.

ICANN moved a big step closer to awarding the .Amazon top level domain name to Amazon.com Friday.

The non-profit domain overseer approved a resolution that moves the top level domain forward against the wishes of Amazon Cooperation Treaty Organization (ACTO). Two ACTO member states–Brazil and Peru–originally objected to Amazon’s 2012 application for the domain name. This kicked off a seven-year battle.

The Governmental Advisory Committee formally objected to .Amazon by unanimous consent even though the U.S. representative could have quashed the attempt.

Amazon.com challenged this decision with an Independent Review Process. It won the review in 2017 but it wasn’t over.

Since then it has tried to appease ACTO members to get the organization to drop its challenge. It offered them a $5 million gift card and lots of safeguards.

But ACTO has been stubborn. It often seemed as though it was fighting on principle rather than real concerns. This made it harder for Amazon to overcome objections that were difficult to define.

Amazon made a number of commitments to the member states as part of Public Interest Commitment. That will be open for public comment. Once the public comment period ends, .Amazon could see the light of day.

If Amazon.com uses .Amazon in a robust way it will give a shot in the arm to new top level domain name awareness. There’s a big ‘if’ there, though.

Amazon was one of the biggest applicants for new top level domains but hasn’t done much with the domains it acquired. But it has used .AWS in some advertising, and the thinking here is that it could do the same with .Amazon but at a bigger scale. It could go much bigger by putting products or categories on their own .Amazon pages. Millions of customers would then see a new top level domain.

Or maybe its seven-year battle was just a matter of securing an important piece of intellectual property.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. .Amazon top level domain taken off “Will not Proceed” status
  2. Amazon gets a win in .Amazon fight & IO found to have conflict of interest in case
  3. Amazon.com gets big win in domain battle, may yet get .Amazon domain
Categories: News and Updates

CentralNic buys rest of Melbourne IT’s reseller business for AUD $24 million

Domain Name Wire - Mon, 2019-05-20 13:30

CentralNic bulks up in Australia by acquiring carveout of what used to be Melbourne IT.

Domain name company CentralNic (London AIM: CNIC) is acquiring TPP Wholesale from ARQ Group Limited (ASX: ARQ), formerly known as Melbourne IT. The company will pay total consideration of AUD $24 million (USD $16.6 million). CentralNic will pay AUD $21.3 million up front and the transaction is expected to close by the end of next month pending financing.

ARQ Group Limited sold the other part of its domain name and hosting reseller business to Tucows in 2016 for AUD $8.1 million. That transaction included 1.6 million domains under management.

CentralNic’s acquisition includes the rest of the domain and hosting reseller business, which is primarily Australian accounts. It includes 840,000 domains under management and about 14,000 resellers. The domains include 19% of all .com.au domains.

This business delivered AUD $17.0 million in revenue to ARQ last year and, by CentralNic’s accounting, had AUD $3.9 million adjusted EBITDA for the year.

The purchase price is therefore about 6x adjusted EBITDA.

Tucows paid about 4.5x-4.7x EBITDA for its 2016 acquisition.

CentralNic already has a big presence in Australia. It acquired local registrar Instra for AUD $33 million in 2015.

CentralNic is now positioning itself as a roll-up play in the domain business.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. CentralNic reports 2016 earnings and growth driven by Instra
  2. Shareholders approve KeyDrive acquisition; deal to close tomorrow
  3. CentralNic revenue doubled in 2018
Categories: News and Updates

A Closer Look at the "Sovereign Runet" Law

Domain industry news - Fri, 2019-05-17 21:08

In December 2018, a bill on the "stable operation" of the Russian segment of the Internet was introduced and got the title "Sovereign Runet" in mass media and among the public. It was adopted after 5 months later, despite doubts about the technical feasibility of its implementation. The law is very ambitious in its intent to simultaneously control Internet traffic and protect Runet from some external threats, but legislators still have no idea how it would actually work.

This is not the first attempt of Russian legislators to take control of the Internet within the state borders. The previous bill was initiated by the Ministry of Communications (MoC) in 2014. Then it was proposed to describe the elements of the critical information infrastructure of the Runet, to establish control over traffic exchange points and cross-border communication lines. The main element of the first bill was the creation of a state information system that contains a copy of databases with traffic exchange points, autonomous system numbers (ASN), allocation of IP addresses and routing policies. The state information system should be used by the Russian telecom operators when routing national traffic. But this "national Internet" just means making a copy of the existing RIPE NCC databases. And that makes no technical sense because the data requires constant updates to keep the actual routing information (See my recent paper "Sovereign RUnet: What does it mean"?)

The discussion of the 2014 bill continued for 2 years; a lot of amendments were made to it. The latest activity on it was observed in January 2018, when the press referred to new edits that took into account the opinion of the telecom industry. Ultimately, a kind of compromise was reached but the bill was never submitted to the State Duma for debate and approval. Instead, a new bill was introduced in December 2018 by two senators and one deputy. None of them are directly connected to the Internet infrastructure issues. Obviously, such a move was chosen to launch the consideration of the bill in the State Duma as soon as possible, and to avoid additional coordination with other relevant ministries and the security service, as happened to the MoC bill.

According to anonymous sources (former MoC employees), the main interested party in the adoption of both bills is the Security Council. In 2014, after the start of anti-Russian sanctions and problems with the operation of Internet services in Crimea, the main task was to ensure the stability and security of the Russian segment of the Internet. Other interlocutors recalled even 2006-2007, when people in the Security Council and Administration of the President were preoccupied with the likelihood of an external Internet shutdown. They took seriously the prospect that the U.S. could unilaterally disable Russia's DNS. That is why Russia had been consistently taking initiatives to transfer ICANN's functions to the International Telecommunication Union (ITU), and still continues to criticize ICANN for being a US-based corporation.

Another concern was the circulation of Russian Internet traffic. Some high-ranking officials believed that a lot of Russian traffic loops through foreign networks. This did actually happen in the early 2000s, because of the low cost of such routes and competition between ISPs. But people from the Administration, inspired by several ideologues from Roskomnadzor (RKN, the communications supervisory agency) exploited this story: loop traffic is unacceptable because foreign intelligence can spy on our traffic or snatch it and replace it with something else. Exactly the same reasons were heard from the deputies and senators advocating for the new bill in 2019, as will be shown below.

Another interested party became RKN, since this supervisory agency got very broad powers to block prohibited Internet resources in 2012. In particular, the system of blocking built by RKN created DNS vulnerabilities that are regularly exploited.1 Finally, RKN's failure to block Telegram messenger became a reputational blow for the agency. As part of RKN's attempts to execute the law, on peak days in April 2018 entire subnets of IP addresses were blocked, reaching 18 million records in the blacklist. It negatively affected the work of many third-party services and Internet businesses. So RKN's interest in a new law that empowers it to control and filter all traffic, is obvious.

What's in the adopted law?

On May 1 2019 the new law was signed by President Putin. In total, only 5 months have passed since the first introduction of the bill and only 6 more months remain until its entry into force on November 1, 2019. Amazing speed! The content and focus of law, after all the debates, is not very different from its first December draft, except for several additions. Basically, the document contains amendments to two existing laws "on Communications" and "on Information", and these are summarized and commented upon in this document.

In brief, the law sets the following:

  • The main subjects responsible for stable operation of the Internet in Russia are telecom operators and owners and/or proprietors of: (1) technical communication networks (used for operations of transport/energy and other infrastructures, not connected to the public communication network), (2) traffic exchange points, (3)communication lines crossing the state border and (4) autonomous system numbers (ASN). RKN will keep registries for the last three categories. All subjects must participate in the regular exercises for the stable Runet.
  • RKN will execute the centralized management of communication networks in the event of threats to the stability and security of the Runet, by defining routing policies for telecom operators and other subjects and coordinating their connections.
  • Telecom operators are required to ensure the installation in their networks of technical means for countering threats to the stability, security and integrity of Internet operation on the territory of Russia. These technical means will also serve the purpose of traffic filtering and blocking access to prohibited Internet resources.
  • The law creates a Center for monitoring and control of public communication networks under the RKN supervision.
  • The law creates a national domain name system

The debate over the law

Based on the statements of deputies and senators during the readings of the bill (3 in the State Duma and 1 in the Federation Council), the motivation for its adoption can be summarized in several points. The main motive is that this law is a response to the latest US cybersecurity strategy, where the Russian lawmakers saw a direct threat to Russian networks in a statement to use offensive capabilities to protect US networks and interests in cyberspace. The speed of the law's adoption was justified by its critical meaning for implementation of the national program "Digital Economy" that highly depends on the Internet.

"Obviously, it is necessary to protect the digital lifestyle of Russians; in this regard, it is necessary to ensure the stability of the main services of Runet and the reliability of Russian Internet resources, and this requires a national infrastructure that can protect Runet in the event of a threat of blocking the connection to the root servers placed abroad." — Ms. Arshinova, Deputy from the United Russia party.

The co-author of the law Mr. Lugovoy, Deputy from the Liberal-Democratic Party of Russia, frightened his colleagues with the controversial case of an Internet shutdown in Syria in November 2012, which he attributed to the special operations of the US National Security Agency. Another argument to adopt the law was the analogy with sanctions by international payment systems in Crimea in 2014 when Russia had to elaborate its own national payment system "МИР" to avoid financial collapse. And finally, some deputies still believe that foreign loop traffic must be "reduced significantly" according to the "Digital Economy program."

"The bill has already been called the law on autonomous, sovereign Runet, but if you look closely at the proposed changes, there is no separation of Runet or turning it into a closed system that does not communicate with the global Internet. The bill is not aimed at isolation at all — it is about ensuring the smooth functioning of our economy and other spheres of society, and most importantly, protecting the rights of Russian citizens who adhere to the digital lifestyle” — Ms. Arshinova, Deputy from the United Russia party.

The other co-author of the law, Senator Mr. Klishas claimed that technically Russia can be disconnected from the Internet root servers. But he didn't take into account that the governance of critical Internet infrastructure requires trust and cooperation amongst all involved stakeholders. To say that American companies (namely ICANN and Verisign) can immediately "cut out" records of Russian domains by the order of the US government is a major misconception. If ICANN sets such a precedent, the credibility of this organization will be lost forever — and it threatens the resilience of the Internet as a whole if there is no authoritative center for the coordination of the domain name space. There could be a rollback to the 80-90s, when various large regional networks coexisted. If we talk in terms of American interests, this is the last thing the US government wants to do, because it directly contradicts its policy of globalization and the spread of the Internet around the globe.

Nevertheless, representatives from the opposition parties asked tricky questions and conveyed the concerns of society about the real censorship nature of the law. Firstly, they demanded that the bill's advocates name the threats from which the law is supposed to protect the Runet. The law should reflect all these threats because they directly relate to the constitutional right of our citizens to access reliable information.

"The list of threats, as the authors tell us, they will determine during the exercises — wow! Imagine, colleagues, if we were to report our bills in the following way: we do not know what will happen, we will say after the experiment, so you first pass the law, and then we will conduct exercises. Will you conduct exercises on people? You can't do that, colleagues” — Mr. Nilov, deputy form the Just Russia party.

Another point of critique was the absence of responsibility for network crashes that may happen during centralized management by RKN. The law removes responsibility from operators, but there is no transfer of it. Operators can only ask RKN about anomalies in their networks, that is all.

"Whatever this bill may be called, its main purpose is to control the cross-border information flows. What for? In order to restrict this very information, the flow of this very information — there can be no doubts or illusions. They say, all this is done exclusively for the public good — for the good it would be enough to duplicate domain infrastructure, it could be carried out even without making appropriate changes to the law, it could be done at the level of Roskomnadzor or the Ministry of Communications. So, the bill is extremely restrictive, and it is also an attempt to force the execution of those laws which we adopted earlier” — Mr. Kurinnyi, deputy from the Communist party of Russia.

By the last sentence, the deputy implied the complete failure of RKN to block Telegram messenger, as well as to compel foreign companies like Twitter and Facebook to localize the personal data of Russian citizens.

"Now we are asked to adopt in the first reading the draft law on the protection of "something from something". And where are the guarantees that the next step, which will determine the Government, will not be the transformation of the currently public Internet into such a corporate intranet, limited by the borders of the Russian Federation?" — Mr. Yushchenko, deputy from the Communist party of Russia.

Other deputies paid attention to the creation of a point of failure for the Runet — the Center for monitoring and control of public communication networks. If there is a single control center, it is easy to break it and disrupt Runet at once. Finally, deputies were angry about the budget issue. Initially, the financial justification of the bill claimed that "adoption and implementation of the Federal Law will not require expenditures from the federal budget." But then it became known that the money was already allocated to the budget of the national program Digital Economy — 20,8 billion rubles to purchase the equipment to counter threats, 4,5 billion rubles for national DNS and 5,5 billion rubles to develop necessary hard and software.

"You know, colleagues, I have not seen such a brazen and cynical bill, which you push forward, saying that it won't require even a ruble from the budget. We have a government like Nostradamus: the government, adopting the draft budget last year, already assumed that three cranks (two from the Federation Council and one from the State Duma) will introduce this year this bill, and has already saved some money for it!" — Mr. Ivanov, deputy from the Liberal-Democratic Party of Russia.

Even before the first reading happened in the State Duma in February, measures in the bill were greeted negatively by the technical community, while the broader IT industry took an ambiguous position supporting but slightly criticizing the bill. It is known that there was only one expert meeting, organized by the State Duma Committee on information policy, information technologies and communications in January. It gathered representatives from IT business and telecom, public organizations and authorities. Some transcripts of the conversations were leaked to social media. Together, of the 33 speakers, 13 were clearly against or had serious objections to the bill — the "Big 3" telecom operators MTS, VimpelCom, and MegaFon (with Rostelecom predictably supporting the bill), the Association of Computer and IT Enterprises (which represents participants of the digital economy in Russia), the Association of Documentary Telecommunication (in 2017 it conducted the study of loopback traffic in Russia and proved its insignificant share), the Technical Center of Internet, Coordination Center for TLD .RU, the Russian Association of Electronic Communications and Regional public organization "Center of Internet-technologies."

Industry was concerned with these issues:

  • The "black boxes" — the technical means to counter threats provided to telecom operators by RKN — will dramatically affect the quality of communication. It is obvious from the law because operators are even immunized from responsibility for future network crashes. Also, the law does not cover the cost of their installation and maintenance, nor take into consideration the development and growth of networks — operators will have to spend billions of rubles on that, which will slow down their development and growth.
  • Legislators mixed up technical and content-based threats. It is impossible to solve both problems with one "black box."
  • The issue of duplication of critical elements of the Internet infrastructure and domain names has already been agreed with the industry last year. Several representatives of telecom industry recalled the bill mentioned in the beginning of the post. They were curious why legislators decided not to push the adoption of the previous bill while there was a consensus with industry, but instead invented a new document and added an ambitious aim to filter all Runet traffic.

Anyway, despite the substantial criticism, the law was adopted. Legislators couldn't provide adequate answers on the resilience of the technical means and even lied that they won't degrade the quality of communication. The recent case with Yandex illustrates the argument. In March 2019, when attackers conducted a DNS attack on several large Russian Internet-resources, one of the main victims became Yandex. That was exactly that type of attack that exploits the vulnerability in the RKN blocking system which I explained above. As a result of the attack, a few small operators blocked access to some IP addresses of Yandex, and large operators who use DPI systems to block content were forced to pass all traffic to Yandex services through DPI. It significantly reduced the speed of access to Yandex services for users. Yandex repelled the attack for several days. "The blocking of sites was avoided, but the attack did not go unnoticed: active users of the company's services noticed a decrease in the speed of access to them," the company representative said. The case clearly illustrates the perspectives of traffic inspection on a large scale in future — the equipment won't cope with bandwidth.

What's now?

What will happen during the 5 months before the law comes into force? The MoC, the Government and RKN are required to prepare 30 by-laws (you can track their readiness here) which should fill in the blind spots in the text of the law. Specifically, they will need to:

  • Make a list of the threats to the Runet and the principles of centralized traffic management
  • Define the technical parameters and rules governing the "black boxes"
  • Define how the registry of traffic exchange points will be formed
  • Define rules for providing information from operators and owners of ASN for filling in various information systems,
  • Figure out how the national DNS will work
  • Establish a Center for monitoring and control of the public communications network. (It is noteworthy that the resolution on its creation was signed by the Government in February 2019, before the adoption of the law. The Center should start working by January 2020.)

Concluding thoughts

Analysis of the law leaves the impression that it was written by people who do not understand the way the Internet works and are relying on a mental model of telephone communications. Moreover, they appear to blindly believe in the omnipotence of "black boxes" that will filter traffic and protect Runet from unknown threats on a national scale.

With this first impression, it seems like the law is primarily aimed at censorship under the cover of national security. Companies who don't comply with laws that require decryption or localization of users' messages, and continue to operate in Russia, such as Twitter, Facebook and Telegram, have damaged the reputation of RKN. The government cannot allow these companies to continue to fail to execute its decisions anymore.

Of course, one can agree that the resiliency of the Internet in the country is a serious concern and should be addressed in some way, but the measures offered by this law don't solve those problems; on the contrary they can degrade the quality of access and make Runet more vulnerable than it is now by centralizing management of public networks.

More likely this law will share the fate of the anti-terrorist amendments known as the "Yarovaya package," which required service providers to store the content of voice calls, data, images and text messages for 6 months, and the metadata of communications for 3 years. It came into force in October 2018, but since then none of the service providers execute data retention, simply because they do not possess the necessary equipment needed to store such enormous amounts of data. Moreover, there is still no ready-made suitable solution on the market for this purpose. And government is still fighting to establish the requirement to use only national technological solutions.

One can imagine how much work will be needed to develop the traffic management equipment to support the RKN Center for monitoring and control of public networks, and the systems supporting a national DNS. It is therefore highly unlikely that those 30 by-laws needed to clarify the technical requirements will be issued by the 1st of November 2019. On the contrary, it will probably take several years to complete.

However, the upcoming field testing of DPI solutions by RKN will gradually reveal the insanity of its idea to fully control all traffic in the country. End users and especially businesses will need to be prepared for service interruptions; "without a declaration of war," access to some "legitimate" Internet services will be denied. Well, it's good, if such problems would be immediately acknowledged by RKN and rolled back, but who will compensate the businesses for the losses? That's why optimists simply crossed their fingers, held their breath and waited for telecom to sabotage the execution of the law or find a way to comply formally on paper, without actually doing so. Moreover, there is nothing to execute yet — practical steps are awaiting to be defined in future.

Originally published in the Internet Governance Project.

Written by Ilona Stadnik, Ph.D. candidate at the Saint-Petersburg State University

Follow CircleID on Twitter

More under: Censorship, Internet Governance, Law, Policy & Regulation

Categories: News and Updates

SpaceX Reports Significant Broadband Satellite Progress

Domain industry news - Fri, 2019-05-17 19:51

SpaceX may be approaching debris detection as a machine-learning problem in which the entire constellation, not individual satellites, is learning to avoid collisions.

SpaceX delayed last Wednesdays Starlink launch due to high winds and on Thursday they decided to do a software update and postpone the launch until next week, but they revealed significant progress in their Starlink mission press release and in tweets by and a media call with Elon Musk.

Starlink size comparison – novel packaging accommodates 60 satellites in a single launch. (Source)

The mission press release said SpaceX has significantly reduced the size and weight of their satellites. Their initial November 2016 FCC filing specified 386 kg satellites that measured 4 x 1.8 x 1.2 meters. In February 2018, they launched two Internet-service test satellites — TinTin A and B — that measured only 1.1 x .7 x .7 meters with a total mass of approximately 400 kg. The mass of the Starlink satellites will be only 227 kg, about 43% that of the test satellites. (They are still heavier than OneWeb's 147.4 kg test satellites)

As far as I know, SpaceX has not previously commented on the number of satellites that might be launched at once, but the number was generally estimated as 25-30 after considering constraints on mass, volume, and numbers of satellites per orbital plane. As shown here, they will be launching a surprising 60 flat-packed satellites. Launching 60 satellites also demonstrates continued progress in rocket capability — this will be the heaviest SpaceX payload ever.

The speed and density of satellites in
low-earth orbit increase the likelihood
of a cascading debris collision. (Source)The current and planned proliferation of low-earth orbit satellites increases the likelihood of a Kessler Syndrome event — a cascade of collisions between satellites and the ensuing debris. The press release alluded to what may be a significant advance in debris mitigation, stating that:

Each spacecraft is equipped with a Startracker navigation system that allows SpaceX to point the satellites with precision. Importantly, Starlink satellites are capable of tracking on-orbit debris and autonomously avoiding a collision.

That would be a breakthrough if feasible, but on first consideration, it seems impossible. Low-earth orbit satellites move very fast and even if a satellite had the resolution and pattern-recognition capability to "see" debris in its path, it would not be able to maneuver quickly enough to avoid a collision. That point was raised in this online discussion and a possible solution suggested — the entire constellation could dynamically pool and share data from each satellite as well as use NORAD tracking data, which Musk mentioned during the media call.

SpaceX may be approaching this as a machine-learning problem in which the entire constellation, not individual satellites, is learning to avoid collisions using its shared data as well as data from other sources like NORAD. One can imagine sharing such data with competitors like OneWeb and Telesat or even with Russia, China or India. (Elon Musk is known to read science fiction — this speculation is reminiscent of Azimov's Gaia or Teilhard de Chardin's noosphere).

The prospect of launching 60 satellites at once and a shared-data approach to collision avoidance have grabbed my attention, but Musk's tweets and media call were also highly informative — a few examples:

All that and they have yet to launch the satellites — stay tuned.

Written by Larry Press, Professor of Information Systems at California State University

Follow CircleID on Twitter

More under: Access Providers, Broadband, Wireless

Categories: News and Updates

WordPress ditches grammar checker

Domain Name Wire - Fri, 2019-05-17 14:35

Automattic drops Proofreading tool from latest JetPack release.

WordPress has sunset its Proofreading tool in JetPack.

WordPress creator Automattic has ditched a great feature in the latest update to its JetPack plugin.

As of the newly released JetPack 7.3, Proofreading is no longer supported.

The proofreading tool checked posts for grammar and spelling prior to publishing them. I found it to be a good tool that often caught stuff that other grammar checkers missed. It also made good word-choice suggestions.

WordPress engineer James Huff stated that the feature was dropped because other tools get the job done:

We removed the feature as it has become a bit redundant lately. Most major web browsers have some form of this already built-in, and free extensions like [Grammarly] are making huge strides in the field.

It felt like the right time to back out of that field and focus more on everything else we offer.

I imagine it took a lot of resources to keep this featuring working. It’s good news for Grammarly; I’ll probably upgrade to its paid version.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. VaultPress drops its price for WordPress security and backup
  2. CrowdSignal is PollDaddy’s new name
  3. How to reduce comment spam on your WordPress website
Categories: News and Updates

A Report on the ICANN DNS Symposium

Domain industry news - Fri, 2019-05-17 02:39

By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. When the IETF considered a proposal to explicitly withhold certain top-level domains from delegation in the DNS the ensuing discussion highlighted the distinction between the domain name system as a structured space of names and the domain name system as a resolution space where certain names are instantiated to be resolvable using the DNS protocol. It is always useful to remember that other name resolution protocols exist, and they may use other parts of the domain name space. Having said that, the recent ICANN DNS Symposium was almost exclusively devoted to the name space associated with the DNS resolution protocol, and this protocol.

The DNS protocol represents an inconsistent mix of information leakage and obscurity. When a name resolution query is passed through a forwarder or a recursive resolver, the identity of the original source of the query is not preserved. Name resolution is a hop-by-hop process that hides the end user's identity in address terms. At the same time, the full query name is used throughout the resolution process, which exposes the end user's DNS traffic in all kinds of unanticipated places. Oddly enough we've seen recent changes to the protocol specification that attempt to reverse the effect of both of these measures!

The anonymity of the end user in DNS queries was compromised with the adoption of the Client Subnet extension. The ostensible rationale was to improve the accuracy of DNS-based client steering, allowing an authoritative name server to respond with the content address that would optimize the user experience. However, when one looks at the number of Client Subnet enabled authoritative servers on a country-by-country basis the countries which feature at the top of this list include the United States, Turkey, Iran, China, Taiwan and the United Kingdom. Some 10% of users use recursive resolvers that will add effectively gratuitous client information to the query. It seems that use of the client subnet extension has gone far beyond the original objectives of using the DNS to perform content steerage, as David Dagon pointed out in his keynote presentation to the symposium.

At the same time, we've seen moves to seal up the gratuitous information leaks in the DNS. The use of full query names when performing name server discovery is a major problem in the DNS, and the operators of the root zone servers tend to see a wealth of information relating to terminal names as a result, as do the operators of the top-level domains. The adoption of query name minimization by recursive resolvers effectively plugs that leak point, and the resolver only exposes the precise extent of information that it needs to expose in order to complete the various steps in the iterative name server discovery process.

The EU NIS Directive

The introduction of the GDPR regulations in the EU and the adoption of similar measures in other national environments has gone a long way to illustrate that the Internet's actors are not beyond conventional regulatory purview. There is a relatively EU directive, concerning the operation of "essential services" and the imposition of various requirements on the operators of such essential services, with hefty fines for non-compliance with the measures and also for serious outages of the essential service, as Jim Reid pointed out. The usual suspects of transport, banking, health care, financial markets and similar services are all part of this measure, but there is the inclusion of digital infrastructure in this directive, which appears to sweep in top-level domain registries and DNS service providers. What makes a DNS service "essential" is an interesting question. How to measure such criticality when much of the information is provided in local caches is also an interesting question.

Working out a set of objective metrics to define an "essential" part of the DNS infrastructure seems like a rather odd requirement, but to implement this NIS directive we may see work in this area. In any case, the bottom line is very clear. The name space is part of a set of essential public services, and it demands far more than a "best available effort" response by DNS service providers.

Measuring "DNS Magnitude"

If parts of the DNS are considered to be an essential service, then we may want to have some kind of metric that measures the use or impact of a domain name, as compared to other domain names. This leads to efforts to measure what has been termed "DNS Magnitude".

The DNS name resolution infrastructure is basically a collection of caches. The whole approach is to ensure that as often as possible, your DNS queries are directly answered from a nearby cache. The queries that seen at the authoritative servers are essentially cache misses. This confounds various attempts to measure the use of any domain name. If the name uses an extended cache time (TTL) then the number of cache misses will drop. If the use pattern of a name is highly bursty again, the cache will be very effective, and the authoritative server will see a small cache miss rate. So how can one use the query data seen as an authoritative name server to measure some aspect of the popularity of a domain name if the effective query rate is so dependent on the name's TTL settings?

The work presented by Alex Mayrhofer of nic.at starts with the assumption that the number of queries is of less value than the number of discrete hosts. He cites the extreme example that 100,000 queries from the same host address are lesser indicators of domain impact than a single query from each of 100,000 hosts. The basic idea is that if the shared name server sees a certain number of hosts making queries, then the relative magnitude of any particular domain name is the ratio of the number of hosts performing a query for this name as compared to the size of the entire host set.

The work uses a log scale to capture details of the "long tail" that exist in such metrics, so the refined metric is the log of the host seen querying for a domain compared to the log to the size of the overall host set. The metric appears to be reasonably independent of TTL settings, but it does assume a wide distribution of DNS recursive resolvers, which appears to be an increasingly dubious assumption as the large open DNS resolvers gather more momentum. One can only guess what QNAME minimization will have on this work, as the query rate would be unaltered by the full domain name is occluded from the upper-level DNS servers.

Dark Deeds in the DNS

It is no secret to either the people who undertake dark deeds on the Internet or to those trying to catch them that the DNS is one of the few systems that is universally visible. So, it's no surprise that domain names are used to control botnets. Much time and effort has been spent studying DNS and how the DNS has been co-opted to control malware. Stewart Garrick of Shadowserver presented on the Avalanche investigation, a multi-year law enforcement effort that spanned several countries. Some 2.5M domain names were blocked or seized during the investigative process.

There are various forms of blacklists that are intended to help service providers in denying oxygen to digital miscreants. One of these, SURBL, was described at the symposium. It uses a DNS-based reputation database where a client can append the common surbl.org suffice to the name and query the DNS for an A record. If the query returns an address within the loopback address prefix, then this DNS name has been listed as blocked by the operators of this service.

As Paul Vixie explained, SURBL is a specific instance of a more general approach to Response Policy Zones in the DNS that have existed for many years as a standard for DNS firewall policies. The firewall operates via a DNS zone and firewall rules are published, subscribed to, and shared by normal DNS zone transfer protocol operations. A recursive resolver can be configured to subscribe to a response policy, and resolution operations for firewalled names result in a NXDOMAIN response being generated by the recursive resolver. Implementations of this approach exist for Bind, Knot, Unbound and PowerDNS. More information on this approach can be found at https://dnsrpz.info.

Domain Attacks

Much has been said in recent times about the weakest link in the secured name environment, namely the link between the registrar and the name holder. If this relationship can be breached and unauthorized instructions can be passed to the registrar, which in turn are passed to the registry and make their way into the zone file, then the resources that lie behind the name can be readily compromised by trusting applications. One service operator, PCH, was compromised in this manner, and Bill Woodcock shared some details of the attack process. The subversion of the name matched a local holiday shutdown window. An earlier attack had exposed a collection of EPP (Extensible Provisioning Protocol) credentials. The rogue instructions to change the target's name servers were passed into the system via a compromised EPP credential. With control of the domain, it was then possible to obtain a domain validated name certificate immediately, using a CA that did not perform DNSSEC validation, even though the domain was DNSSEC-signed. This then allowed a remote mail access server (IMAP) to be compromised and IMAP account credentials to be exposed, together with mailboxes, and all other material sitting in various mail stores. Because the DS records were not altered in this particular attack, other information that required a validation check on the domain name was not exfiltrated. If the attack had also changed the DS records, it might have exposed more assets.

The attack was a well-rehearsed and rapidly executed set of steps, so other defense mechanisms, such as certificate logs ("certificate transparency") offer little in the way of substantive defense here. In this particular case, the use of DANE to perform certificate pinning would've been of material assistance, particularly if the TLSA record in DANE referenced the zone's KSK public key, but this particular case was an NS delegation change without a DS record change. Had the attacker also changed the DS record then DANE would not have been helpful. A similar comment can be made about CAA records and other forms of in-band pinning.

More generally, if the registrar/customer relationship is vulnerable, then many other aspects of name security are also vulnerable. If the attacker can alter both the delegation records and the zone signing key data in the parent zone, then there is very little for applications to fall back on to detect the attack and correctly identify the new information as bogus. It seems that in today's name environment that registrar/customer relationship is not well protected in many cases, and minimum practices of two-factor authentication would be a necessary and practical minimum. The other aspect of such attacks is the speed of execution. Deliberately slowing down the process of change of records in the parent zone through registry lock practices does offer some tangible benefit.

As usual, there is no magic cure-all defense here, and careful selection of name registrars, coupled with constant monitoring, is an essential minimum these days.

DNS over HTTPS

Any DNS meeting would not be complete without extended mention of DNS over HTTPs and the Symposium was no exception. However, I have covered this topic in some detail in recent posts, so I'll skip making any further comment here!

Meeting Materials – The full agenda and presentation materials for the 2019 symposium can currently be found at https://www.icann.org/ids

Written by Geoff Huston, Author & Chief Scientist at APNIC

Follow CircleID on Twitter

More under: Cybersecurity, DNS, ICANN, Internet Protocol

Categories: News and Updates

Two Years Later WannaCry Continues to Spread to Vulnerable Devices, Nearly 5M Devices Affected

Domain industry news - Thu, 2019-05-16 22:49

A slide from a 2017 presentation by Sophos CTO Joe Levy depicting the timeline of events and how the WannaCry outbreak was able to spread so quickly. (Source: Sophos)

Two years after the initial wave of WannaCry attack in May of 2017, security researchers say the ransomware continues to spread to vulnerable devices. WannaCry infection has affected close to 5 million devices to date. InfoSecurity's Michael Hill writes: "Although WannaCry variants detections have been subdued since the global kill switch was activated, they have far from disappeared. Malwarebytes' research showed that Eastern countries are most at risk from WannaCry; the majority of detections since its initial spread landed in India (727,883), Indonesia (561,381), the US (430,643), Russia (356,146) and Malaysia (335,814). In the UK, there have been 17,185 detections since the initial attack took place, with just 41 incidents recorded since April 1, 2019. In contrast, other countries have continued to register large numbers of detections in the same period; India (19,777), Indonesia (19,192) and the US (3325), for instance."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity, Malware

Categories: News and Updates

WordPress Parent Company Automattic, and .Blog Operator Switches Registry From Nominet to CentralNic

Domain industry news - Thu, 2019-05-16 20:06

The operator of .blog top-level domain, Knock Knock WHOIS There, LLC, which is a subsidiary of Automattic, the parent company of WordPress.com and Jetpack, announced on Wednesday that it is "moving into the next phase of .blog," and has chosen to partner with CentralNic instead as its new TLD registry provider. Since its launch in 2015, the UK-based outfit Nominet had been the registry service provider.

"From a registrar perspective backend changes are, for lack of a better word, a pain," says Blacknight CEO, Michele Neylon. "We generally have to deal with a quite messy switchover process which requires a lot of extra work for our developers and other teams without any benefit." However, Automattic says the difficulty involved in the transition is justified as it will help in further advancing the .blog experience for its partners and domain end users via tools and services available through CentralNic's registry services.

The change is currently pending ICANN approval and the expected completion date for the migration is estimated to be in the late August/early September 2019.

Follow CircleID on Twitter

More under: Registry Services, New TLDs

Categories: News and Updates

12 end user domain name sales up to €29k

Domain Name Wire - Thu, 2019-05-16 17:31

A candy company, an escape room and an upscale hotel chain bought domain names last week.

This week’s list of end user sales at Sedo includes an eclectic mix such as Hero.eu, RedCircle.com and ModernAnimal.com.

Here’s the list of end user sales from the past week. You can view previous lists like this here.

Hero.eu €29,000 – Hero offers interim staffing company in the Netherlands.

RedCircle.com $17,000 – RedCircle, a podcast hosting service provider that also supplies users with analytics and promotional tools, upgraded its domain. It uses GetRedCircle.com.

Veridic.com €12,000 – Forwards to Veridic.co.uk, a mobile app developer based in London that now owns the .com version of its domain.

ModernAnimal.com €11,000 – In development by a Veterinarian in Los Angeles.

MyMontage.com $10,000 – Purchased by the Montage Management Group, a luxury international hotel chain with locations in California, Mexico and some ski destinations. It uses the domain MontageHotels.com.

WeeBeastie.com $6,118 – A creative agency in Ventura, CA. It forwards to WeeBeastie.tv. This was a SedoMLS sale.

BeanBagChairs.com $5,559 – This domain used to forward to a store that sold bean bag chairs. The new buyer is developing it.

SoccerGround.com $5,000 – SoccerGround is a German company specializing in the planning, installation and assembly of small walled soccer fields.

Rowingblazers.mx $5,000 – Rowing Blazers bought another ccTLD that matches its brand. It bought two other ccTLDs a couple of weeks ago.

BV-Auctions.com $3,559 – The best guess is the buyer is the high-end car collector auction site BV Collector Car Auctions GmbH, which uses BV-Auctions.de.

Indizio.de $2,600 – Indizio is an escape room style entertainment place with two locations in Germany. The German ccTLD forwards to Indizio.one.

Vanparys.com $2,000 – A Belgium confectionery company specializing in a Dragées, an M&M-like candy with a hard outer shell. They were established in 1889 and claim to be “The Original Chocolate Dragee”.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. 17 end user domain name sales including Hallmark
  2. 13 end user domain name sales from Sedo
  3. This week’s end user domain name sales
Categories: News and Updates

New Escrow.com Report Shows Domain Sales Rebounding - Up 10% in Q1-2019 From 4Q-2018

DN Journal - Thu, 2019-05-16 17:28
Escrow.com's new quarterly Domain Investment Index report covering Q1-2019 includes a lot of good news for domain investors.
Categories: News and Updates

Wix nets 180k paying subscribers in Q1

Domain Name Wire - Thu, 2019-05-16 15:53

Wix adds fewer paying customers in Q1 compared to a year ago.

Website builder Wix (NASDAQ: WIX) added a net 180,000 paying customers in Q1 2019, the company reported in its earnings release today. That brings the total to 4.2 million.

By comparison, it added 231,000 net paying customers in Q1 2018 and 147,000 in Q4 2018.

Wix added 6.6 million new registered users in the quarter, bringing the total to 148 million. Only about 3% of its registered users are paying customers.

Revenue for the quarter was $174.3 million, up 27% year-over-year. Collections (essentially billings) were up 26% to $200.4 million.

The company expects Q2 revenue in the $182 million – $184 million range.

Read the DNW Wix review.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Wix adds 177k paying customer in Q3, revenue up 40% YoY
  2. Catching Up with Weebly Cloud’s Chris Sheridan
  3. Wix adds 231K paid subscribers, 5.9M registered users in Q1
Categories: News and Updates

Don’t give your web developer access to your domain registrar account

Domain Name Wire - Thu, 2019-05-16 14:41

Another business says it lost its domain to a web developer.

I know I’ve written about this many times, but if these stories prevent just one legal issue then it’s worth it.

Please, don’t give your web developer full access to your domain name registrar account.

Yesterday, a web site owner in Nevada filed a lawsuit (pdf) against a contract developer alleging that the developer has taken over his domain name and business.

EB Publishing, Inc. publishes ApplianceRepair.net. It hired Adrian Bursill to do work on its website. Now it alleges that he abused his access to the registrar account and switched the ownership of the website to his name.

Historical Whois records for the domain show that it changed from EB Publishing to Bursill in 2016. The domain has not switched registrars.

EB Publishing has operated the website since 1998 but says it has now lost control of it.

Your web developer should not need access to your domain registrar account. If they want access to change nameservers (which I still recommend you do yourself), make sure the access limits what they can do in the account. They should not be able to change domain contacts or transfer the domain.

Greenberg & Lieberman is representing EB Publishing.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. ICANN files motion to dismiss Donuts’ .Web lawsuit
  2. Nat Cohen’s Telepathy sues for reverse domain name hijacking
  3. Breaking: Verisign loses appeal in .XYZ lawsuit
Categories: News and Updates

.Blog jumps from Nominet to CentralNic

Domain Name Wire - Thu, 2019-05-16 13:23

CentralNic wins another registry contract.

Automattic, the company behind WordPress, is switching backend registry providers for its .blog top level domain name.

The company has used Nominet since the launch but will switch to CentralNic (London AIM: CNIC) later this year.

Nominet is the registry for .uk domain names. CentralNic is a diversified domain name company that has won many registry contracts with its flexible pricing.

Michele Neylon, CEO of domain name registrar Blacknight, noted that many new TLD operators signed contracts before they knew how big their zones would be. Now that they have a better idea, they might get a better deal from another backend registry provider.

He also pointed out that registry provider switches are a pain for registrars. I suspect registrars are getting used to these changes as the original contracts come up for renewal.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. CentralNic reports results: revenue up 16%
  2. CentralNic reports earnings, numbers decline from last half
  3. A legitimate gripe about .blog, but really new TLDs in general
Categories: News and Updates

Mega Sale of Medidata.com Tops This Week's Domain Sales Chart and Ranks #3 Year to Date

DN Journal - Wed, 2019-05-15 23:51
George Kirikos has uncovered another high end domain sale that tops this week's sales chart and takes a place among the biggest of 2019 to date,
Categories: News and Updates

Escrow.com: Domain sales jumped in Q1

Domain Name Wire - Wed, 2019-05-15 16:44

Escrow provider reports robust domain name market in 2019.

Online escrow service Escrow.com released its Q1 market report (pdf) today, showing that domain sales were strong to start 2019.

Escrow.com handled $85 million of domain name and website transactions during Q1 2019. This was up both quarter-over-quarter and year-over-year:

The United States continues to be Escrow.com’s largest source of transactions. It represents over 70% of transactions. Canada was surprisingly the second largest source of transactions during Q1 (when you split China and Hong Kong):

In addition to domain names, Escrow.com handled $15.2 million of website sales (domain plus content) in the quarter with a median price of $9,800.

Domain names without content traded at a median price of $2,500, the same as the previous five quarters.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Escrow.com formally launches broker tool
  2. No surprise: Escrow.com is still your favorite escrow service
  3. GGRG short domains report bolstered with Escrow.com data
Categories: News and Updates

Google launches Safe.page to improve web security smarts

Domain Name Wire - Wed, 2019-05-15 14:25

Survey shows people still need help.

People still need help with web security.

Google Registry, the Alphabet division responsible for new top level domain names such as .dev and .app, has launched a website at Safe.page that helps people learn about phishing and secure websites. The company released survey results today showing that people still need security help.

The survey of over 2,000 adults shows:

  • 42% didn’t realize the difference between http and https in a web address
  • 69% didn’t realize that https could be used in a phishing attack
  • 64% used the same password on multiple websites

One interesting non-security datapoint in the survey is about Gen Z. 34% of those surveyed between 16-24 who have already created a website did it for a class project. This is an interesting opportunity for domain registries and registrars.

Safe.page includes a quiz for people to review URLs in emails to check which ones are safe and which aren’t. I admit to overlooking a double-s typo in one of the quiz questions. That puts me in the 97% of people who missed at least one question on the quiz.

Google suggests people double-check domains before entering sensitive information. I hope its search team that designs the search results pages follows the same guidelines, especially on mobile pages.

Google promotes three of its domains that require SSL on the site: .page, .app and .dev.

Listen to a podcast about the security of these namespaces in DNW Podcast episode #221.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. The secure padlock doesn’t mean a website is safe
  2. Phishing Scam Targets USAA
  3. Google Chrome will downgrade positive SSL designations
Categories: News and Updates

Mailchimp overhauls audience definition in new plans

Domain Name Wire - Wed, 2019-05-15 13:41

Company makes change as it introduces new features beyond email.

Popular email marketing platform Mailchimp is making a radical change to its pricing structure as it grows into a more-than-email marketing platform. The change goes into effect today for new customers. Existing customers are grandfathered into the existing structure unless they change their plan.

The big change is how Mailchimp defines an audience, which is how account tiers are priced. As an email marketing platform, Mailchimp charged a monthly fee based on how many current subscribers a customer had. Now Mailchimp offers more than email marketing so it is redefining the audience.

The audience used to calculate fees now includes people who have unsubscribed from mailing lists as well as people captured in the system that never subscribed, such as someone who signed up to attend a customer’s webinar.

That audience is part of what Mailchimp addresses with some of its new tools. For example, users can use Facebook retargeting based on audience email addresses. The targeting can include people who have unsubscribed from a list.

Customers can reduce the size of their audience by archiving contacts, which will no longer be addressed by the additional tools such as retargeting.

Mailchimp’s feature growth has been constrained somewhat by its name and reputation as an email provider. It ran a big marketing campaign a couple of years ago to show that it’s more than just an email company.

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. How to use Facebook Lead Ads to grow your email list
Categories: News and Updates

Supernanny wins domain name ahead of new season

Domain Name Wire - Wed, 2019-05-15 13:14

Show gets domain name after announcing new season on Lifetime.

The producer of Supernanny, a reality TV show featuring nanny Jo Frost, has won the rights to the domain name SuperNanny.com through a cybersquatting dispute.

The show debuted in 2004, so you might be surprised that the group waited until 2019 to file a UDRP cybersquatting case against the domain name. It turns out that at the end of March this year they announced a new season coming to the Lifetime network in 2020. They filed the cybersquatting dispute two weeks later.

Supernanny.com was originally registered in January 2000, well before the show debuted in Britain. Normally a domain name must be registered after trademark rights are established in order to win a UDRP. However, the show used historical Whois records to show that the domain name has changed hands multiple times since it was originally registered.

The owner of the domain name didn’t respond to the dispute, so the panelist gave the benefit of the doubt to the Complainant.

 

© DomainNameWire.com 2019. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Related posts:
  1. Allegedly Stolen Domain Names Resold on Flippa
  2. Baby Products Company Challenges “Working Mother of 5” Over Domain Name
  3. Apollo.com hit with UDRP
Categories: News and Updates

Close to 735K Fraudulently Obtained IP Addresses Have Been Uncovered and Revoked, ARIN Reveals

Domain industry news - Tue, 2019-05-14 20:27

The American Registry for Internet Numbers, Ltd. (ARIN) has won a legal case against an elaborate multi-year scheme to defraud the Internet community of approximately 735,000 IPv4 addresses, the organization has revealed. While the specifics of the findings are not released, John Curran, ARIN President and CEO said the fraud was detected as a result of an internal due diligence process.

ARIN is a nonprofit member-based organization responsible for distributing Internet number resources in the US, Canada, and parts of the Caribbean. The emerging IPv4 address transfer market and increasing demand have resulted in more attempts to obtain IPv4 addresses fraudulently.

This is the first arbitration ever brought under an ARIN Registration Services Agreement, and related proceedings in the U.S. District Court for the Eastern District of Virginia. ARIN was able to prove an intricate scheme to fraudulently obtained resources that included many falsely notarized officer attestations sent to ARIN. "A company in South Carolina obtained and utilized 11 shelf companies across the United States, and intentionally created false aliases purporting to be officers of those companies, to induce ARIN into issuing the fraudulently sought IPv4 resources and approving related transfers and reassignments of these addresses. The defrauding party was monetizing the assets obtained in the transfer market, and obtained resources under ARIN's waiting list process." (ARIN Press Release)

The defrauding entity adopted an aggressive posture after ARIN requested that it produce certain documents and explain its conduct. The suspected party filed a motion for a Temporary Restraining Order and Preliminary Injunction against ARIN in U.S. District Court, and demanded a hearing the following morning (the Friday just before Christmas). "The aggressive posture was taken after ARIN indicated its intent to revoke addresses, while permitting defrauding entity to renumber to allow existing bona fide customers not to have service interrupted," ARIN’s General Counsel told CircleID. "The litigation was filed against ARIN to seek an injunction to stop ARIN from revoking and enter arbitration. Some addresses were transferred for money prior to that demand, others were pending transfer and were never transferred due to ARIN investigation."

Some fraudulently obtained addresses were transferred to third parties; however ARIN made no effort to pursue the parties that received the completed transfer, ARIN’s General Counsel told CircleID. The reason being: "(a) addressed were in another RIR service region (e.g. RIPE NCC and APNIC) and (b) ARIN did not see any evidence they knew of or participated in the fraud. In other words, they appeared to be bona fide 3rd parties."

ARIN obtained the arbitration award on May 1, 2019, which included revocation of all resources issued pursuant to fraud and $350,000 to ARIN for its legal fees.

UPDATE May 15, 2019: "Charleston Man and Business Indicted in Federal Court in Over $9M Fraud" – United States Department of Justice issues a statement annoucing Amir Golestan, 36, of Charleston, and Micfo, LLC, were charged in federal court in a twenty-count indictment. The indictment charges twenty counts of wire fraud, with each count punishable by up to 20 years imprisonment.

"The indictment alleges that since February 2014, Golestan and Micfo created and utilized 'Channel Partners,' which purported to consist of several individual businesses, all of whom acquired the right to IP addresses from the American Registry of Internet Numbers (ARIN). The indictment alleges that Golestan and Micfo fabricated the true nature of the Channel Partners, including creating false officers and deceptive websites for the businesses, which were in turn used to deceive ARIN and to fraudulently obtain IP address rights from ARIN. The indictment charges that, through this scheme, Golestan and Micfo obtained the rights to approximately 757,760 IP addresses, with a market value between $9,850,880.00 and $14,397,440.00." (DOJ / May 15, 2019)

Follow CircleID on Twitter

More under: IP Addressing

Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer