ICANN prepares for more gTLDs... has enough been done to mitigate threats?

Report: Criminal Abuse of Domain Names, Bulk Registration and Contact Information Access

My Interisle Consulting Group colleague, Dr. Colin Strutt and I have published a report,
 
Criminal Abuse of Domain Names:
Bulk Registration and Contact Information Access
 
In this report, we study "bulk registration misuse" by criminal actors. Bulk registrations refers to the practice of rapidly acquiring domain names, using these in an attack, and abandoning them as if they were throw-away ("burner") phones. These domains are a critical resource for cyber criminals. 
 
We use reputation block list (RBL) data to reveal how the use of bulk registrations, coupled with the crippling of registration data access by the ICANN Temp Spec for Whois, presents cybercrime investigators with the dual impediments of harder-to-pursue criminal activity and harder-to-obtain information about the criminals. From our analyses of sample RBL data for five Top-level Domains we:
  1. confirm that cyber criminals take advantage of bulk registration services to "weaponize" large numbers of domains for their attacks,
  2. identify four specific registrars at which abusive registration activity appears to be concentrated, 
  3. profile registrants that misuse bulk registrations to acquire and weaponize thousands of domains,
  4. confirm that ICANN's Temp Spec policy of redacting Whois point of contact information to comply with the GDPR significantly encumbers and delays cybercrime investigation.
Based on these findings, we recommend that the ICANN organization and community consider several Consensus Policies which, if adopted and incorporated into contracts, would contribute to reducing cybercrime and mitigating its effects on victims.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)