HOME | ABOUT US | INSIGHTS | WHITE PAPERS | CLIENT SERVICES | OUR ASSOCIATES | CONTACT US

HOME

ABOUT US

INSIGHTS

WHITE PAPERS

Cybercrime Supply Chain 2023

Phishing Landscape 2023

Malware Landscape 2023

Phishing Landscape 2022

Malware Landscape 2022

Malware Landscape 2021

Phishing Landscape 2021

Domain Security 2021

Contact Data Study 2021

Phishing Landscape 2020

Domain Registration Data

Criminal Abuse of Domain Names

It's Not About the Internet

Protecting and Promoting the Open Internet

Interconnection and Peering among ISPs

Authentication Issues for Financial Services

Fostering Business Resilience

CLIENT SERVICES

OUR ASSOCIATES

CONTACT US

Insights | White Papers

Criminal Abuse of Domain Names:
Bulk Registration and Contact Information Access

Domain names that can be rapidly acquired, used in an attack, and abandoned before they can be traced are a critical resource for cybercriminals. Some attacks, including spam and ransomware campaigns and criminal infrastructure operation (e.g., “botnets”), benefit particularly from the ability to rapidly and cheaply acquire very large numbers of domain names-a tactic known as bulk registration.

The use of bulk registration to distribute attacks across hundreds or thousands of domain names in matters of minutes, coupled with the crippling of registration data access by the Temp Spec, presents cybercrime investigators with the dual impediments of harder-to-pursue criminal activity and harder-to-obtain information about the criminals.

For this report, Interisle researchers studied both aspects of this impediment:

  • We studied samples of security events during which many thousands of domains were blocklisted in relatively short time frames.
  • We identified registrars that offer bulk registration services and have large concentrations of blocklisted domains.
  • We characterized the behavior of domain name registrants who engage in bulk registrations that are detected and blocklisted as criminal activities.
  • We studied the way in which domain name registrants' use of privacy protection services or the redaction of Whois point-of-contact information inhibits or delays cybercrime investigation.

Our study confirms the hypothesis that cybercriminals take advantage of bulk registration services to “weaponize” large numbers of domain names for their attacks.

The study identifies four specific registrars at which abusive registration activity appears to be concentrated.

Our study also confirms that ICANN's Temp Spec policy of redacting Whois point of contact information to comply with the GDPR significantly encumbers and delays cybercrime investigation.

Based on these findings, we recommend that the ICANN organization and community consider several Consensus Policies which, if adopted and incorporated into contracts, would contribute to reducing cybercrime and mitigating its effects on victims.

An Executive Summary of the Report can be downloaded here
The complete report, with Executive Summary, can be downloaded here

Comments can be submitted to feedback@interisle.net

The opinions, findings, and conclusions or recommendations expressed in this report are the product of independent work conducted by Interisle Consulting Group, without direction or other influence from any outside party, including parties that may have provided funding to support the work.
 

World class expertise
in Internet technology
and network strategy




Privacy Statement

© Interisle Consulting Group