Cybersquatting: Increase of UDRP complaints filed with WIPO in 2018

Image source: janjf93 via Pixabay

In the domain names’ world, the rules applied by many registries of “first come, first served” often lead to many cases of abusive registrations and of cybersquatting in particular. This is a practice that consists in taking a domain name by registering it, using or mentioning a trademark, a business name, a patronym or any name on which the applicant has any right, in order to make material or moral profit from its current or future notoriety.

In order to fight against these fraudulent actions and to assert their rights, brands’ owners can implement a targeted action to recuperate or suppress the cybersquatted domain name, called UDRP procedure (Uniform Domain Name Dispute Resolution Policy). This procedure is administered by an Arbitration Center like the one of the WIPO, the World Intellectual Property Organization.

According to the WIPO’s General Director, Francis Gurry: “Domain names involving fraud and phishing or counterfeit goods pose the most obvious threats, but all forms of cybersquatting affect consumers. WIPO’s UDRP caseload reflects the continuing need for vigilance on the part of trademark owners around the world.”

UDRP complaints filed with WIPO in 2018*

On March 15, 2019, the WIPO published its last annual report on domain names’ disputes.

In 2018, the WIPO’s Arbitration and Mediation Center received a record of 3447 UDRP cases filed by brands’ owners, i.e a rise of 12% compared to the previous year.

Source: WIPO Statistics Database

However these disputes concerned 5655 domain names, a decrease comparing to 2017 which counted 6371 names.

The main gTLDs in the cases filed with WIPO are unsurprisingly, the .COM (far ahead with 72.88%), the .NET (4.62%), the .ORG (3.50%) and the .INFO (2.23%).

Regarding the disputes on the domain names registered in the new extensions, they represent nearly 13% of the disputes, mostly in .ONLINE, .LIFE and .APP domains.

And lastly, nearly 500 complaints regarding names registered in ccTLDs have been filed, nearly 15% of all the disputes administered by the WIPO in 2018.

The 3 main sectors of complainant activity are the sectors of banking and finance, biotechnology and pharmaceuticals, and Internet and IT.

Geographically, France is placed second with 553 cases filed with the WIPO, just behind the United States (976 complaints) and is one the most reactive countries on this subject.

Note that on all the UDRP cases filed in 2018, Nameshield ranks second in the filing world complaints with 343 cases filed and 66 represented customers**.

Our teams are of course at your disposal to inform you on the possibilities of contentious domain names recovery actions.

*Source: WIPO Statistics Database

**Source: Nameshield’s report on UDRP procedures, 2018

Brexit and .EU domain names: EURid’s action plan on hold

On the article dated from February 22, 2019, we discussed about the Brexit’s consequences on the .EU domain names and the publication of the action plan by EURid, the .EU registry, following two scenarios, in case of no deal or in case of a withdrawal agreement between the United Kingdom and the European Union.

In short, as a result of the Brexit, companies and individuals, holders of a .EU will no longer be able to renew or register names in .EU if they are not residing in the European Union.

In case of no deal, .EU domain names’ holders will have 2 months from March 30, 2019 to demonstrate their eligibility or to transfer their name to an eligible registrant (whose country code isn’t either GB/GI). All registrants who did not demonstrate their eligibility will be deemed ineligible and their domain names will be withdrawn.

In case there is a withdrawal agreement, this plan of actions will be implemented as of January 1, 2021.

Due to ongoing uncertainties over the United Kingdom’s withdrawal from the European Union, EURid announced on March 22, 2019, that this plan would be placed on hold while waiting for an official update from the European Commission.

To be continued.

The .UK soon available to all: .CO.UK’s holders, don’t miss the end of the priority period!

Remember, in June 2014, Nominet, the registry of .CO.UK, launched the opening of the .UK registrations. At the time of the extension’s launch, the registry applied a 5 years restriction during which the .UK registration rights were restricted to the holders of the corresponding names in .CO.UK, .ORG.UK, .ME.UK, .NET.UK, .LTD.UK or .PLC.UK.

The 1^st of July 2019 will mark the end of the period when .UK extensions were blocked from registration if the .CO.UK was not already registered. The names will then be opened to all! If you are already a .CO.UK domain name’s holder, don’t hesitate to contact your Nameshield’s consultant before the end of the priority period to reserve your corresponding name in .UK and thus prevent a third party to do it on the general availability period.

The .DEV available to all

After the launches of the .APP and .PAGE, Google launched .DEV on January 16, its new extension dedicated to developers and technology, following the calendar below:

Sunrise period: from 2019/01/16 to 2019/02/19
EAP (Early Access Program): from 2019/02/19 to 2019/02/28
General availability: from 2019/02/28

Since February 28, 2019, the .DEV is in general availability and already has more than 64 000 domain names’ registrations according to Domain Name Wire.

To promote this new extension and for the Google I/O 2019 , its annual event for developers (which will be held on May 7-9, 2019 at the Shoreline Amphitheatre in Mountain View), Google proposes the free registration for 1 year of a .DEV domain name for all ticket booked. But the registrations resulting of this promotional campaign only represent a small part of the 64 000 .DEV domain names registered.

During the last months, Google itself has launched or relaunched many of its websites in .DEV: web.dev, opensource.dev, flutter.dev…

Other companies have also chosen to register their domain names in .DEV like Mozilla with mdn.dev, Salesforce with crm.dev and Level Access with accessibility.dev.

The HTTPS mandatory for all .DEV domain names

As mentioned in a previous article by Christophe GERARD, Nameshield’s Security Product Manager, as reminder, Google in its goal of a more secure Internet, makes HTTPS encryption mandatory for all its new extensions: .APP, .PAGE, .HOW, .DEV… (More details in this article).

Thus, .DEV extension is included on the HSTS pre-upload list, requiring HTTPS protocol on all .DEV domain names.

Therefore, in order to use a .DEV domain name, you will need to acquire a SSL certificate and deploy HTTPS.

From tools to platforms, programming languages to blogs, this extension will allow you to present your projects. Don’t hesitate to contact a Nameshield’s consultant for any questions regarding the conditions for the registration of your .DEV.

Attack on the domain name system: the priority is to protect your access

Cyberattack - DNS Hijacking - cyber espionage — Image source : Geralt via Pixabay

Last weekend, the media has widely communicated on the consequences of an unprecedented attack that targeted the domain names.

Indeed, during the night of 22-23 February ICANN reported the large-scale attacks on the domain names: it is DNS hijacking. These attacks consist in “replacing the authorized servers addresses” with “addresses of machines controlled by the attackers”, as explained by the organization, allowing the attackers to examine the data in order to find passwords, email addresses etc., even to completely capture the traffic towards their servers.

A wave of attacks that began in November 2018

Actually, this is not an attack but a wave of attacks that the domain names system has endured for several weeks now.

Since the end of November 2018, an attack has targeted Lebanon and the United Arab Emirates and affected .GOV domain names. In this attack, the cybercriminals have proceeded with DNS hijacking.

At the beginning of January 2019, the company FireEye reported in an article, a wave of DNS hijacking that has affected domain names belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.

If the attackers were then not identified, the initial research suggested the attacks could be conducted by persons based in Iran.

Important fact regarding the attack of February 22: this time, it struck, sometimes successfully, important actors of the Internet.

What are these attacks?

The method used is the DNS hijacking deployed on a large scale. This is a malicious attack, also called DNS redirection. Its aim: overwrite the TCP/IP parameters of a computer in order to redirect it towards a fraudulent DNS server instead of the configured official DNS server. To do this, the attacker takes control of the targeted machine through different techniques to alter the DNS configurations.

The American government, among others, recently warned about these series of highly sophisticated attacks of which the aim would be to siphon a large volume of passwords. These attacks would target more specifically governments and private companies.

Between DNS hijacking and cyber espionage

According to Talos’ article of November 2018, the attackers behind these attacks would have collected emails and connection information (login credentials – passwords) by hijacking the DNS, so that the traffic of the emails and the VPN (Virtual Private Networking) of the targeted institutions would be redirected to a server controlled by the cybercriminals.

Once the connectors collected, other attacks can be launched for espionage purposes, like the Man-In-The-Middle.

Then how to effectively protect yourself?

You must be aware that if these attacks essentially aim the domain names system, we can never say it enough, the first entry point of your domain names portfolio for an attacker is your access to the management platform.

The first and utmost recommendation is to protect your access

For many years, Nameshield has developed securing measures for the access to the domain names management platform (IP filter, ACL, HTTPS) and in addition proposes the 2 factors authentication and the SSO.

If these complementary solutions are still not implemented, Nameshield strongly recommends to implement them, in particular the 2 factors authentication in order to fight against passwords thefts.

To implement the DNSSEC protocol

The implementation of DNSSEC, if it was more widely deployed, would prevent or at least lessen the impact of these attacks by limiting their consequences.

It’s becoming increasingly urgent that DNSSEC is adopted on a massive scale, for both resolvers and authoritative servers.

To protect your domain names

The implementation of a registry lock on your strategic names will prevent their fraudulent modifications.

Although no perfect solution exists today to fully protect the infrastructures from cyberattacks, it is the implementation of several preventive measures combined that will allow to reduce the vulnerabilities (so) easily exploited by the pirates.

Brexit’s consequences on .eu domain names : EURid’s action plan

In a previous article, we discussed the Brexit’s consequences on .EU domain names, the European Commission announced on 28 March 2018 that companies and individuals, holders of a .EU will no longer be able to renew or register names in .EU if they are not residing in the European Union.

With the Brexit’s date approaching, EURid, .EU registry, has recently published its action plan that has two scenarios depending on the case there is no deal or the case there is a withdrawal agreement between the United Kingdom and the European Union. In the second case, it will be the same actions but they will be implemented on different dates (from December 2020).

Scenario 1: The United Kingdom leaves the European Union with no deal on 30 March 2019

New registrations

From 30 March 2019: EURid will not allow the registration of any new domain name from registrant declaring an address in Great Britain (country code GB) or in Gibraltar (country code GI).

.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

On 23 March 2019: EURid will notify by email both GB/GI registrants and their registrars about the forthcoming non-compliance of the data associated to their domain name within the .EU regulatory framework.

On 30 March 2019: EURid will again notify by email both GB/GI registrants and their registrars that their domain name is not in compliance with the .EU regulatory framework.

Before 30 May 2019: Registrants will be given the possibility to demonstrate their compliance with the .EU regulatory framework by updating their contact data.

During this two months period, the domain names in question will remain active and the following actions are possible:

-Contact data changes including updates to existing contact details pertaining to phone number, email address, postal address and country code;

-Updating a contact or linking a new contact;

-Name server and DNSSEC changes;

-Transfer the domain name to a non GB/GI registrant.

During this two months period, the following actions are not possible:

-Transfer the domain name to a GB/GI registrant;

-Term extension, unless accompanied by a transfer request to an eligible registrant;

-Automatic renewal for domain names that expire in the period between 30 March 2019 and 30 May 2019.

As of 30 May 2019: All registrants who did not demonstrate their eligibility will be deemed ineligible and their domain names will be withdrawn.

On 30 March 2020, i.e. twelve months after the UK withdrawal: All the affected domain names will become available for general registration.

For. EU domain names that are in the ON-HOLD status at the time of UK withdrawal: They will remain registered until there is an outcome of the court case. However, they will be suspended and will cease to function as of 30 May 2019.

-If a court ruling establishes a transfer to an eligible party, that decision will be implemented in the usual way.

-If the domain name stays with the GB/GI registrant, the domain name will be withdrawn.

For .EU domain names that are in the SUSPENDED status at the time of UK withdrawal: Evaluation by the registry on a case-by-case basis, moving forward if appropriate, with the withdrawal of the domain name.

For .EU domain names that are in the QUARANTINE status at the time of UK withdrawal:

-No transfer to GB/GI registrants from quarantine will be possible during the two months period.

-Transfer to a non-GB/GI registrant will be possible.

Scenario 2: The United Kingdom leaves the European Union with a planned transitional period on 31 December 2020

It will be the same actions but they will be implemented on different dates.

New registrations

From 1 January 2021: EURid will not allow the registration of any new domain name from registrant whose country code is either GB/GI.

.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

23 December 2020: First email sent about the non-compliance of the data associated to the domain name.

1 January 2021: Second email sent about the non-compliance.

Before 2 March 2021: Possibility for the registrants to demonstrate their compliance with the .EU regulatory framework by updating their contact data.

As of 2 March 2021: All registrants who did not demonstrate their eligibility will be deemed ineligible and their domain names will be withdrawn.

On 1 January 2022: All the affected domain names will become available for general registration.

The actions planned in the first scenario regarding the different status « ON HOLD », « SUSPENDED » and « QUARANTINE », will also be applied in the second scenario.

The Brexit’s consequences thus force the British to rethink their domain names strategy. Indeed, the loss of their .EU domain names will be an opportunity for cybersquatters who reside in the E.U. and meet the eligibility criteria, they would then have the rights to register these .EU domain names. Nameshield’s team is at your disposal to reply to all your questions and to propose you the best recommendations regarding your domain names’ portfolio management.

GDPR and consequences: DomainTools appeals injunction decision in .NZ whois case

DomainTools sued by DNCL

In June 2018, .NZ registry, DNCL (Domain Name Commission Limited) sued the American company specialized in tools of monitoring and investigation, on the ground that it violated the registry’s terms of use.

The DNCL was successful and the Federal Court in the State of Washington granted a preliminary injunction that banned DomainTools to collect the whois data of .NZ and ordered the suppression of the data used in the existing publications, while the lawsuit proceeded.

Indeed, since June 2016, .NZ registry has indicated in its terms that it was now forbidden to copy the domain names holders’ data.

DomainTools appeals the injunction decision

Without surprise, DomainTools, that first indicated that the use of these data was also of general interest, these data being used by its customers in the context of the fight for cybersecurity, appealed the preliminary injunction.

Of course, this trial reflects the terms of the debate which took place at ICANN regarding the General data protection regulation (GDPR).

DomainTools is mentioned in the American draft legislation unveiled by the Internet Governance Project, which indicates as such, that this attempt would be led by different lobbies. The Transparent, Open and Secure Internet Act of 2018, dated from August 16, 2018 mentions these two possibilities of evolution:

The first called “large” proposes keeping a whois with a wide enough spectrum of information (more or less the same as our old fashioned whois)
The second, more limited, would keep this obligation to publish the data to the American residents or to the actors targeting a business activity on the US market.

An intense debate about the GDPR

This trial reminds us how the debates regarding the GDPR implementation are intense within ICANN, opposing actors using the now so precious data and the privacy advocates, supported by the WP29 (Article 29 Data Protection Working Party) that mentions in particular the applicable sanctions.

Finally, it should be reminded that the GAC attempts to minimize the consequences of the European regulation. After being dismissed by the German Court from their attack in May 2018, which aimed a registrar that stopped to provide customers data under the GDPR, the GAC aims to obtain from the EU’s Court of Justice a favorable decision on this subject. The debate about the DomainTools case deserves to be followed closely!

Communication, governance and opening: what we can wish for 2019

As 2019 begins, we make three wishes corresponding to an eventful year.

1.A better awareness of the Internet governance.

The main project at the time of international relations, fake news and voluntary disconnection from the Internet: the Internet governance should be at the table of the diplomats, political decision makers and strategic decision makers. France, which shines in the embassies’ world, should be able to take part in the digital decisions. The appointment of Henri Verdier as Digital Ambassador is a good thing, hoping that his knowledge in the private sector will be an absolute strength in his projects for France. France should be interested in the functioning of ICANN, the authority of world regulation of the IP addresses and the domain names. ICANN is recently the subject of strong criticisms regarding potential insider trading. The American desire to entirely privatize ICANN by suppressing its links with NTIA needs everyone’s attention.

2. ICANN decided it: a new opening of the root will soon be done. What temporality? That is a mystery. In the meantime, and so as to prevent that the list of the abandoned extensions does not cease to develop, new uses of the new extensions, whether they are opened (.PARIS, .FOOTBALL, .ICU…) or closed (.MMA, .LECLERC, .BCG…) should be found. Today (and tomorrow) the brand protection through a TLD’s possession is a definite advantage in front of the large number of opened extensions. A TLD’s possession can also allow the opening of the scope of possibilities, like .BEST will announce at Namescon at the end of the month (surprise!).

3. The third and last wish, to anticipate the new uses of domain names. While the progress curve of the domain names’ volume increases less than previously, the focus should be on the issue of communication on the Internet. It appears as necessary to propose the registration of all possible domain names one can imagine. This is the consortium Unicode, an American entity which decides which character can be integrated in the IT standards. Let’s follow the evolution of the integration of the characters integrated in the Unicode to identify the future domain names trends. The internationalized domain names were a real positive evolution for web users around the world, myself the first concerned, having an accented first name.

Thus it’s very likely that emojis and other special characters will become the stars of the upcoming extensions. Soon the .♥.

These three wishes are part of our work at this time.

For example, our participation in the updating of the methods regarding intangible assets’ financial and extra-financial valuation of the Thesaurus Capital Immatériel by the “Institut de comptabilité de l’immatériel” (Intangible accounting Institute), aims to answer to the need to acknowledge the domain names’ value by financial managers.

Domain names are the first assets held by web users. We are fully aware of the responsibility associated to their management, and our recent developments in terms of operational excellence (ISO 27100) are the new guarantors.

The shutting down of Incels.me, the “involuntary single” website

As a result of the violation of the anti-abuse policy, the .me registry decided to suspend the Incels.me website for an indefinite period. For reminder, the website possesses a forum that regroups members claiming to be single despite themselves, or “incels”, and who exchange on their daily lives through this mean.

Disturbing comments, the source of the suspension

It is not without surprise that the administrators of the incels.me website saw their forum become inaccessible. The investigations done by the registry have allowed to discover hate speeches, threats of rape and even murder in the comments exchanged between the participants. The decision to shut down the website was promptly made on October 15^th, 2018, due to the content that violated the anti-abuse policy. According to the registry, this measure was taken to force the Incels.me administrators to take down the inappropriate contents and to prevent hate speech from appearing on the forum again.

Incels.me website associated to attacks?

Last April, Toronto was the scene of a bloody attack, where a man murdered 10 persons by a vehicle-ramming attack. Before attacking, the man posted a message on social networks, where he declared himself “incel”. This is only after the investigation that the police discovered that the murderer was inspired by some violent contents from the forum of Incels.me. The link is quickly made between the individual and the content inciting hatred, but also rape, exchanged on the forum.

Incels.me financed by a Chinese giant with suspicious activities

The inquiries launched on the website allow to trace back to its main financier. Thanks to these investigations, we know today that the incels.me website is financially supported by a big Chinese entity that in parallel owns more than 54 000 other domain names. The investigators were shocked by the potential of illicit nature of this company’s activities, ZhuHai NaiSiNike Information Technology Co. Indeed, on the thousands of domain names registered, the major part is involved in websites hosting of prescription drugs’ illegal sale.

Despite the suppression requests of the abusive comments present on the incels.me forum, the Chinese company didn’t proceed to the removing. The website will thus remain suspended until the removing of the litigious contents.

DNS Belgium will now take offline fraudulent websites within 24 hours

In the context of the fight against insecurity on the web, DNS Belgium, the .BE registry, decided to intensify its action by cooperating with the FPS Economy [The FPS Economy, SMEs, Middle Classes and Energy is a Federal Public Service of Belgium which is responsible for contributing to the development, competitiveness and sustainability of the goods and services market in Belgium] in order to shut down fraudulent websites within 24 hours.

Philip Du Bois, general manager of DNS Belgium indicates: “This protocol will enable us to take even more targeted action, together with the FPS Economy, against possible abuses where .be domain names are involved. It underscores our ambition for a high quality and safe .be zone which serves as suitable environment for the further development of the Internet.”

The aim: to ensure consumers a completely safe Internet browsing on .BE websites.

This procedure will ensure a much higher reactivity. Indeed, until now, FPS Economy couldn’t request a blocking from the registry regarding the content, moreover fraudulent websites with correct identification data (at least of which the forgery couldn’t be proven), were untouchable. The blocking required a request from the Prosecution, i.e. a two weeks long procedure, which left plenty of time for the fraudulent website to create important damages to the consumers. Several hundreds of such websites per year were concerned!

From December, the 1^st 2018, the protocol will then allow at the request of FPS Economy, the DNS Belgium registry to block .BE domain names which:

Are used for fraudulent websites
Host phishing websites

Of course, this procedure will be applied in the case of serious crimes.

The blocked domain name’s owner will have two weeks to react against the blocking. Without action of their part within 6 months, the blocked name will expire.

This still too rare initiative is to be welcomed in a context of the fierce fight against cybercriminality!

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
ppwp_wp_session	30 minutes	No description
visit	30 minutes	No description

UDRP complaints filed with WIPO in 2018*

The HTTPS mandatory for all .DEV domain names

A wave of attacks that began in November 2018

What are these attacks?

Between DNS hijacking and cyber espionage

Then how to effectively protect yourself?

The first and utmost recommendation is to protect your access

To implement the DNSSEC protocol

To protect your domain names

Scenario 1: The United Kingdom leaves the European Union with no deal on 30 March 2019

New registrations

.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

Scenario 2: The United Kingdom leaves the European Union with a planned transitional period on 31 December 2020

New registrations

.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

DomainTools sued by DNCL

DomainTools appeals the injunction decision

An intense debate about the GDPR

Disturbing comments, the source of the suspension

Incels.me website associated to attacks?

Incels.me financed by a Chinese giant with suspicious activities

Nameshield uses cookies