funsec mailing list archives
Re: KnojOn: Phantom Registrars, Fake Pharmacies, and the Secret Infrastruc ture
From: Dragos Ruiu <dr () kyx net>
Date: Tue, 2 Sep 2008 12:05:53 -0700
Solar, I'm forwarding your message to another discussion of that report. (As an editorial aside, here is another example to would be internet "protectors" that you should be _very_ careful before you shoot from the hip and declare anything on the internet "scum" and start hunting it down. Or else it becomes very easy for someone else to start declaring you "scum" and do the same. I agree with whomever stated that the definition of what is "criminal" is best left to professionals in law enforcement and the judicial system - issues are often complicated, and ramifications of decisions based on subjective codifications of morals are not always clearly evident. As technology professionals we have to think about this, and should certainly consider such before embarking on any vigilante pogrom.) cheers, --dr Begin forwarded message:
From: Solar Designer <solar () openwall com> Date: September 2, 2008 7:01:39 AM PDT To: Dragos Ruiu <dr () kyx net> Subject: Re: kyxspam: the slippery web of penis mightiers and phantom registrars On Sun, Aug 31, 2008 at 10:43:47AM -0700, Dragos Ruiu wrote:url: http://www.knujon.com/news.html#directiI was reading this with (moderate) interest and believed most of what I read until I got to this place:EstDomains is incorporated through the VALIS GROUP INC., also in Delaware, also difficult to track.We, at Openwall, are using some business services of VALIS for almost 5 years now. Just like Delaware is a business-friendly state, VALIS is a company that is good at what they do - providing business services in Delaware. They are in no way difficult to track - there are specific people and specific locations behind them (in Wilmington, DE and Vancouver, Canada). When I read this news story yesterday (thank you, Dragos), I e-mailed David Gendron, founder and President of VALIS Group Inc. and VALIS International, who in turn e-mailed KnujOn (I was Bcc'ed). As a result, the mentions of VALIS have been removed from the KnujOn story. Yes, VALIS incorporated EstDomains - but that's just a service they provide. It does not imply any affiliation. Clearly, KnujOn did not even try to "track" VALIS, yet they claimed that VALIS was "difficult to track". With this in mind, even though they've corrected the story now, I am concerned that other information being presented as facts may in fact be hype. For example, they consistently say that EstDomains (a company I had not even heard of until yesterday, if that matters) "sponsors" certain domains - but in reality they may simply be an easy-to-use and cheap registrar. They are not necessarily affiliated with the scammers, nor do they necessarily receive a premium for the services they provide. The "due diligence" for registrars is not well-defined, and in fact they might not have the legal grounds to suspend a domain registration based on website content without a court order or whatever (IANAL, I am just thinking aloud). Based on KnujOn's own data, the percentage of "problematic" domains at Directi/PDR is not that bad (13 thousand of 1.75 million, or 0.74%). Clearly, EstDomains does offer services to the general public, they have low prices and bulk discounts (I just visited their website), so it is not surprising that they seem to be in the registrar business for real, not just as a decoy for the scammers. Maybe it simply became easy to start new registrar businesses - so easy that some registrars are run by individuals who don't bother to establish a "real" business infrastructure (yes, some may even use fake company names) nor deal with abuse complaints. I am not saying that all of this is fine, but rather I am saying that the KnujOn story might be overstating things. I really don't know. I just don't find some parts of the story convincing enough (the claims regarding affiliations). Also, I am concerned about the war on privacy-protected domain registrations. Clearly, this is a useful service not only to the scammers, but also to us, mere mortals. Perhaps something needs to change - because it is true that the best place to shutdown scam websites may be at the domain registrars - but I am not sure that KnujOn has the right goals now. Maybe they should focus on development of established and enforced due diligence, acceptable use, and complaint handling policies for the registrars, as well as for registrar accreditation - but not on forcing the registrars to not offer privacy protection. Disclaimer: I am not very familiar with the current registrar accreditation requirements or the like, so I am clearly not an expert in this area and I can't really recommend a course of action.Interestingly, VALIS is the name of massive network of mind-controlling alien satellites from a Philip K. Dick novel of the same name (http://en.wikipedia.org/wiki/VALIS).While VALIS the company is in fact named after the book, the above description is incorrect, according to David. (I have not read the book.)So, we have a business registration company with undisclosed ownership incorporating an ICANN Registrar with undisclosed ownership whoWhy are privately-held companies supposed to disclose their ownership? Even if they're providing incorporation or domain registration services. And who would be next? ISPs, perhaps. Then maybe companies providing IT security services. "How can they be held accountable if we don't know who the owners are?" Is this story about the need to give up our privacy in order to stop spam? I doubt that spam would stop. -- /sd
-- World Security Pros. Cutting Edge Training, Tools, and Techniques Buenos Aires, Argentina Sept. 30 / Oct. 1 - 2008 http://ba-con.com.ar Tokyo, Japan November 12/13 2008 http://pacsec.jp Vancouver, Canada March 16-20 2009 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- KnojOn: Phantom Registrars, Fake Pharmacies, and the Secret Infrastruc ture Paul Ferguson (Aug 29)
- Re: KnojOn: Phantom Registrars, Fake Pharmacies, and the Secret Infrastruc ture Dragos Ruiu (Sep 02)
- Re: KnojOn: Phantom Registrars, Fake Pharmacies, and the Secret Infrastructure Jim Murray (Sep 02)
- Re: KnojOn: Phantom Registrars, Fake Pharmacies, and the Secret Infrastruc ture Dragos Ruiu (Sep 02)