While not often talked about, the malicious use of domain names is becoming a serious problem. Domain names provide a means to an end for criminals attempting all kinds of scams and online fraud. In phishing attacks, for example, a hacker-controlled domain name serves as the redirection point for a fake or infected site. In the case of botnet operations, a domain name replaces a unique IP address as the point of command and control, allowing fraudsters access to a much larger set of data with less risk of detection.

An article in Network World this month focuses on the importance of domain-name abuse and details the current efforts to stop it. While this problem isn’t exactly new, it is now becoming an increasingly appealing method for fraudsters to carry out attacks. In phishing attacks, for example, the use of hard-coded IP addresses has steadily declined as fraudsters are beginning to favor the use of domain names instead. According to a study done by the Anti-Phishing Working Group, in one six-month period, there were 56,959 phishing attacks occurring on 30,454 unique domain names.

Domain names play an equally important part in botnet attacks, like the highly discussed Conficker worm. Unfortunately, as the article details, disrupting Conficker’s use of domain names isn’t proving to be an easy task:

Attempts by industry to cut off criminal access to domain names is proving difficult. The first globally organized effort to attempt that — Conficker Working Group — sought to disable domains targeted by the Conficker worm for use in its command-and-control system. But after six months of trying, there’s not much to show for it.

Even with the help of many key players in the realm of domain names and internet security—including Neustar, VeriSign, Afilias, Public Internet Registry, Global Domains International, ICANN, Symantec—the Conficker worm is still at large, inhabiting millions of computers around the globe. So what makes it such a complex problem?

One of the most glaring problems is in the domain-name registration process and the lack of sufficient oversight. First, there’s the ease with which an attacker can simply use false information to register the domain—this is the same basic authentication problem that all other online businesses face. Then there’s the fact that the registration and use of domain names happens all over the world, under different rules and regulations depending on the country. Especially with the use of country-code Top Level Domains (ccTLDs such as .fr, or .uk), each individual country controls its own, meaning that in order to combat domain-name abuse, cooperation on a global scale would need to take place.

“There are many language and jurisdictional legal issues that make tackling domain-name abuse problems extremely hard,” says Ram Mohan, CTO at Dublin-based registry services provider Afilias and a liaison for the ICANN Security and Stability Advisory Committee (SSAC) on the ICANN Board of Directors… “Some rules in ICANN are just broken,” Mohan says. The overall domain-name registration system “was created at a time of a benign Internet. Today we have no burden of validation and that can be fixed.” He also says it might be a wise move to require some sort of security audit of the registrars and registries.

In the article, GoDaddy was used as an example of a domain-name registrar with one of the better anti-fraud practices. But not without effort: in order to responsibly oversee the 36 million domain names that GoDaddy manages, its fraud team is constantly at work. Once a domain name is identified as being used maliciously, it is shut down. Unfortunately, like many businesses, shutting down bad accounts is an inherently cyclical process when the underlying problem often consists of one criminal opening endless accounts using false information.

It will undoubtedly take a global effort to develop a sufficient system of regulation and oversight, but individual registrars can bear a certain amount of the burden by implementing more thorough security measures. Techniques that complement their existing efforts, like device reputation and stronger authentication, would allow them to put a large dent in this illegal activity and set a standard for their peers in the industry.

Tags: botnet, fraud as a service, Online Fraud, Phishing

This entry was posted on Monday, October 5th, 2009 at 12:23 pm and is filed under Financial Services, Online Communities, Online Gambling, Online Gaming, Online Retail, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.