Blog for hpHosts, and whatever else I feel like writing about ....

Sunday, 1 July 2012

ICANN’ failure

One of the biggest issues facing those that fight cybercrime, and perhaps “fight” sounds wrong, but it’s what we do, is arguing with hosts, registrars and AS’s, to get domains and servers, taken offline, whether it’s a single IP/server/domain or hundreds of thousands of them, as was the case with a fake meds case last year.

Usually, all we have to do, is send a report with the evidence, to a host/registrar/AS, to get action taken, but in cases where those attempts fail, we first go to the upstream, and if that fails, we then go to the registries or in the case of domains, ICANN.

It’s ICANN I want to talk about today, and the reason for this, is because they have ultimate control over EVERY SINGLE DOMAIN, regardless of it’s TLD, and this is very important. In one fell swoop, they could taken down malicious domains, and I don’t mean compromised domains, those MUST be treat completely separately (i.e. in cases of compromise, you contact those in charge of the domain/server, to get those resolved, which is usually successful, though sometimes takes alot of emails/phone calls).

ICANN however, has other ideas. They want overall control, with none of the responsibilities that go with that control, and it’s that that I have a problem with.

I’m rubbish with the examples and euphemisms, so bear with me, but let’s look at parenting as it’s the only other thing I know about (and don’t get me wrong, I screwed up my first chance at that – still no idea how I screwed it up, but I’m guessing I did, anyway, I’m getting off track), but in the case of parenting, you have a child – you’re responsible for the actions of that child, it’s as simple as that, you buy a car, you’re responsible if the car knocks someone over.

In ICANN’ case, they don’t believe they should have to do anything if a domain is involved in malicious activity, whether it’s directly infecting/phishing, or involved in other malicious/criminal activity.

The question is, why? Why are they getting away with this? This is something I’ve always had problems figuring out. I’m guessing it’s to do with money or politics, it usually is, but it’s troubling all the same, and is something that needs to change if we’re to do so much as make a difference. I personally get domains/IPs/servers taken offline every single day, and I know I’m just one person doing it, there’s thousands of others doing the same thing. However, for every one of us, there’s likely hundreds of criminals involved in malicious activity. Whether it’s “skiddies”, opportunists, or dedicated gangs, which means, if we’re to actually make a difference, then the first thing that needs to change, is for those in control, to start taking responsibility and taking action (and this also applies to the registries, as all they tend to do in most cases, is tell you to reach out to the AS – which is what’s been tried already, and led to contacting the registry in the first place).

I know this blog isn’t going to be read by them. Hell, it’s not exactly well known, so what I’d like to see done, is for people to start either asking their MPs to do something, or write to ICANN and the various registries (in the case of IPs as ICANN has no control over IP addresses), to get their stance to change, and start getting action taken.

I suppose this begs the question, of whether this is ICANN' failure, or ours (for letting things get to this point in the first place)? Either way, in the case of domains at least, ICANN are the only ones with the power to make a real difference.

And if you've got this far, thank you. I'll end my rant now.


Conrad Longmore said...

ICANN are too busy finding new and novel ways of extracting money from businesses. The .anything TLD? Sheer greed.

Anonymous said...

Over the last many months, I've been leaning towards noting the rogue registrars and rogue network hosters, rogue autonomous systems, not individual domains.

Seems to me too many anti-unscrupulous "fighters" are chasing and reporting ones-, twos-, tens-, hundreds- (or whatever the number is) of low-level domain names when the rogue registrars and network hosters perpetually are doing a lousy job foisting their unscrupulous operations on the world.

Sort of jokingly: Whois
Sponsoring Registrar: /'s complaint department.

Not at all jokingly: The real rogue registrars and network operations that are being reported.

david and mary grace said...

Sorry to hear about the DoS attack. As for ICANN, I send all of my spam to knujon and spamcop. I know of several large "collectors" of spam that funnel to knujon,as well. They've been taking this directly to ICANN for years, and while I don't always agree with their tone or every little thing they do, I think they're part of the solution. It may be worth your time looking into what they're doing and see if you can help them improve, etc.