Re: KnojOn: Phantom Registrars, Fake Pharmacies, and the Secret Infrastruc ture

[Dragos Ruiu <dr () kyx net>]

Solar, I'm forwarding your message to another discussion of that report.

(As an editorial aside, here is another example to would be internet  
"protectors" that you should be _very_ careful
before you shoot from the hip and declare anything on the internet  
"scum" and start hunting it down. Or else
it becomes very easy for someone else to start declaring you "scum"  
and do the same. I agree with whomever
stated that the  definition of what is "criminal" is best left to  
professionals in law enforcement and the judicial
system - issues are often complicated, and ramifications of decisions  
based on subjective codifications of morals
are not always clearly evident. As technology professionals we have to  
think about this, and should certainly consider
such before embarking on any vigilante pogrom.)

cheers,
--dr

Begin forwarded message:

> From: Solar Designer <solar () openwall com>
> Date: September 2, 2008 7:01:39 AM PDT
> To: Dragos Ruiu <dr () kyx net>
> Subject: Re: kyxspam: the slippery web of penis mightiers and  
> phantom registrars
>
> On Sun, Aug 31, 2008 at 10:43:47AM -0700, Dragos Ruiu wrote:
> > url: http://www.knujon.com/news.html#directi
>
> I was reading this with (moderate) interest and believed most of  
> what I
> read until I got to this place:
>
> > EstDomains is incorporated through the VALIS GROUP INC., also in
> > Delaware, also difficult to track.
>
> We, at Openwall, are using some business services of VALIS for  
> almost 5
> years now.  Just like Delaware is a business-friendly state, VALIS  
> is a
> company that is good at what they do - providing business services in
> Delaware.  They are in no way difficult to track - there are specific
> people and specific locations behind them (in Wilmington, DE and
> Vancouver, Canada).  When I read this news story yesterday (thank you,
> Dragos), I e-mailed David Gendron, founder and President of VALIS  
> Group
> Inc. and VALIS International, who in turn e-mailed KnujOn (I was  
> Bcc'ed).
> As a result, the mentions of VALIS have been removed from the KnujOn
> story.  Yes, VALIS incorporated EstDomains - but that's just a service
> they provide.  It does not imply any affiliation.
>
> Clearly, KnujOn did not even try to "track" VALIS, yet they claimed  
> that
> VALIS was "difficult to track".  With this in mind, even though  
> they've
> corrected the story now, I am concerned that other information being
> presented as facts may in fact be hype.  For example, they  
> consistently
> say that EstDomains (a company I had not even heard of until  
> yesterday,
> if that matters) "sponsors" certain domains - but in reality they may
> simply be an easy-to-use and cheap registrar.  They are not  
> necessarily
> affiliated with the scammers, nor do they necessarily receive a  
> premium
> for the services they provide.  The "due diligence" for registrars is
> not well-defined, and in fact they might not have the legal grounds to
> suspend a domain registration based on website content without a court
> order or whatever (IANAL, I am just thinking aloud).  Based on  
> KnujOn's
> own data, the percentage of "problematic" domains at Directi/PDR is  
> not
> that bad (13 thousand of 1.75 million, or 0.74%).  Clearly, EstDomains
> does offer services to the general public, they have low prices and  
> bulk
> discounts (I just visited their website), so it is not surprising that
> they seem to be in the registrar business for real, not just as a  
> decoy
> for the scammers.
>
> Maybe it simply became easy to start new registrar businesses - so  
> easy
> that some registrars are run by individuals who don't bother to
> establish a "real" business infrastructure (yes, some may even use  
> fake
> company names) nor deal with abuse complaints.  I am not saying that  
> all
> of this is fine, but rather I am saying that the KnujOn story might be
> overstating things.  I really don't know.  I just don't find some  
> parts
> of the story convincing enough (the claims regarding affiliations).
>
> Also, I am concerned about the war on privacy-protected domain
> registrations.  Clearly, this is a useful service not only to the
> scammers, but also to us, mere mortals.
>
> Perhaps something needs to change - because it is true that the best
> place to shutdown scam websites may be at the domain registrars -  
> but I
> am not sure that KnujOn has the right goals now.  Maybe they should
> focus on development of established and enforced due diligence,
> acceptable use, and complaint handling policies for the registrars, as
> well as for registrar accreditation - but not on forcing the  
> registrars
> to not offer privacy protection.  Disclaimer: I am not very familiar
> with the current registrar accreditation requirements or the like,  
> so I
> am clearly not an expert in this area and I can't really recommend a
> course of action.
>
> > Interestingly, VALIS is the name of
> > massive network of mind-controlling alien satellites from a Philip K.
> > Dick novel of the same name (http://en.wikipedia.org/wiki/VALIS).
>
> While VALIS the company is in fact named after the book, the above
> description is incorrect, according to David.  (I have not read the  
> book.)
>
> > So, we have a business registration company with undisclosed  
> > ownership
> > incorporating an ICANN Registrar with undisclosed ownership who
>
> Why are privately-held companies supposed to disclose their ownership?
> Even if they're providing incorporation or domain registration  
> services.
> And who would be next?  ISPs, perhaps.  Then maybe companies providing
> IT security services.  "How can they be held accountable if we don't
> know who the owners are?"
>
> Is this story about the need to give up our privacy in order to stop
> spam?  I doubt that spam would stop.
>
> -- 
> /sd

--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Buenos Aires, Argentina   Sept. 30 / Oct. 1 - 2008    http://ba-con.com.ar
Tokyo, Japan  November 12/13 2008  http://pacsec.jp
Vancouver, Canada  March 16-20 2009  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.