Today morning I couldn’t help noticing this article by Garth Bruen. This article essentially speaks about ICANN and its WHOIS policy related to data verification. At the end of the article you will find the whois record of a Fake Pharma Domain which is empty.
For the sake of preserving the content you may view the snapshot of the Whois Record for nobledrugstore.com over here . And displayed below is the screenshot of the record.
Empty Whois
It is immaterial at this point of time to discuss about the emptiness of this record, however, considering the fact that ICANN is the central authority for all the domain-names and the over all distrust amongst all the security researchers and Law enforcement agencies over the authenticity of WHOIS records , shouldn’t this be taken as a cue by the authorities at ICANN about its own authority over Internet Domains?
A few blogs ago I had mentioned about WHOIS data and also had spoken about the data verification , you may read the entire article over here.
The Solution
Even though ICANN had mulled over the idea of data verification, however for some unearthly reason of cost constraints they decided against this.
8. Regarding the WHOIS verification goals for the 2013 RAA, while it is true that ICANN initially sought more expansive WHOIS validation/verification requirements, questions were raised related to the costs associated with implementing them on a global basis. For this reason, the final 2013 RAA did not include them.
This doesn’t end here. Every malware domain will never be registered using correct credentials , however, bad guys would rather register via the domain reseller mode. Every Domain registrar in order to garner more business provides easy access and platforms for resellers to join their programs and allow them to register domains for various entities.
There are two reasons for the bad guys to use this route:
1: Cost of domains is relatively cheaper for resellers
2: Anonymity.
LAW Enforcement or security researchers have always found the WHOIS data related to malware domains laughable, moreover, in order to find the reseller who has been registering these malware domains is a herculean task as it requires a court order.
Bad guys know this and have been using it very effectively to their advantage. So where is the problem?
1: WHOIS data cannot be relied upon when it comes to malware domains
2: Clean domain users wouldnt mind getting verified
3: Malware guys are behind the curtain of “Domain Reseller”
ICANN as a central authority needs to rethink their strategy about the correctness of WHOIS data but also needs to create a central repository of all the resellers. Secondly, Empty WHOIS Data is a BIG NO. If malware guys start using these tactics then there is nothing left in ICANN to speak about. Lastly, it is surprising to know that ICANN finds these solutions to be a costly proposition considering the fact that almost 215 million domains existed in 2011.
Would it be inappropriate to say that WHOIS is a nightmare not for ICANN, but for everyone else?
1 Comments
R Sachin
Registrants are always bogus , however, the new MO is based on registrations via the reseller mode.