- The Washington Times - Saturday, May 31, 2008

The nonprofit association that oversees Internet addresses is trying to crack down on shady Web pages used by spammers and hackers.

The Internet Corporation for Assigned Names and Numbers, or ICANN, sent letters this week to some of the biggest sellers of Internet real estate, warning that those who failed to fulfill their obligations under the rules could be shut down.

“This is about transparency,” said Stacy Burnette, ICANN’s director of compliance. “It is an effort to improve the accuracy of information related to who controls” Internet addresses, known as domain names.

Domain names are leased out by companies called registrars, which are accredited by ICANN. As part of the registration process, those leasing domain names - the registrants - are required to identify themselves and provide contact information in a huge Internet database known as WHOIS.

But spammers and other criminals who use Web pages to sell counterfeit goods, steal identities or propagate malicious software rarely provide accurate WHOIS information and sometimes do not provide any at all, say Web security specialists.

“It’s a huge problem,” said Ms. Burnette, declining to give more detailed figures on the numbers of registrants reported to have submitted inaccurate or incomplete information.

Ms. Burnette said that ICANN has no authority to directly target spammers and other criminals who register domain names and that the registrars it accredits are not required to ensure the accuracy of their registrants’ WHOIS information. But they are obliged to follow up reports from ICANN or from the public about missing or incorrect WHOIS data.

“If we find that registrars are not investigating reports [of inaccurate or nonexistent WHOIS data] as they are required to, our escalation procedure can ultimately result in their accreditation being terminated,” effectively shutting them down, she said.

She said the letters sent this week, known as enforcement notices, required the registrars to detail what steps they had taken to investigate and, if necessary, correct inaccuracies reported to them regarding specific, named domains. The letters set a deadline by which the registrars must respond.

“Each case is different,” Ms. Burnette said. “We try to give registrars a reasonable amount of time to respond.”

If the registrars fail to respond satisfactorily by the deadline, they could be sent breach notices giving them 15 days to fix the problem or lose their ICANN accreditation.

Ms. Burnette said the notices were the latest step in an enforcement campaign that ICANN began at the end of last year. “We’re working aggressively to address the problem,” she said, adding that no breach notices have been issued.

Many of the domain names at issue are those hosting Web pages advertised in spam e-mail - billions of unsolicited messages sent every year, mostly by so-called botnets of personal computers that, unbeknown to their owners, have been taken over by hackers and other cyber-criminals.

The messages contain links to Web pages selling discounted (and often counterfeit) pharmaceuticals, jewelry and other products, or - in the case of so-called phishing e-mails - to pages purporting to belong to banks or other financial institutions and where customers are asked to enter personal data which can be used to steal their identity and their money.



Click to Read More

Click to Hide