Status of ongoing projects after ICANN64

A month ago, ICANN held its first annual meeting with the Internet community in Kobe, Japan. At this summit, ICANN presented the major projects of the year and those of the coming years. Let’s look back at the main topics.

The implicitely constraint of the GDPR

While in May 2018, Europe adopted ambitious legislation to protect users’ personal data, ICANN imposed a regulatory framework on domain name players to bring the industry into line with the constraints of the GDPR.

In the absence of consensus, this framework was imposed when the GDPR came into force on May 25, 2018. It contains non-consensual provisions such as no longer publishing in the registry’s registration directory service, which currently operates via the Whois protocol, data that can be assimilated to personal data for contacts associated with domain names: registrant contacts, administrative contacts, technical contacts. Exit therefore the names, first names, postal addresses, telephone numbers and anonymization of email addresses or hidding via a contact form.

However, as provided for in the Bylaws, the rules governing the role and operation of ICANN, non-consensual rules may not be imposed beyond one year. ICANN therefore had the May 2019 deadline in mind throughout the Kobe meeting.

To build on this, last year ICANN initiated an expedited policy development process (ePDP) whose delicate mission was to develop consensus rules to replace the temporary provisions currently in place.

Shortly before ICANN64, this working group, in which Nameshield participates, submitted its proposals to the GNSO, the ICANN body that manages policy development for generic domain names. This report, which is currently open for comments, is expected to result in a final framework that will be submitted to the ICANN Board in early May for voting and promulgation.

The proposals outline a target date for implementation by 29 February 2020. ICANN has therefore focused its efforts on managing the transition period between May 2019 and this still distant deadline of February 2020. The prevailing approach is rather pragmatic as it consists in keeping the provisions currently in place such as the masking of personal data in the Whois until all the new provisions can be implemented by actors such as registrars and registries by the above-mentioned deadline.

Access to hidden data subject to tensions

Launched in 2012 during the last round of openings of new domain name extensions but quickly relegated to the boxes, the RDAP (Registration Data Access Protocol), an alternative to the aging Whois protocol, has resurfaced with the GDPR because of its modularity, which allows, unlike Whois, to filter access to certain data according to the user’s profile.

ICANN confirmed in Kobe that this protocol will be widely deployed by this summer. First, this protocol will coexist alongside the Whois protocol. Registrars will therefore provide access to domain name data through both protocols.

The stakeholders present at ICANN64 also learnt about the project submitted by a technical study group mandated by ICANN on the operational way envisaged through the RDAP protocol for access to hidden domain name data. It has been the subject of tensions because it is not the result of a consensual process and ICANN suggested it could play a central role in collecting all requests to validate their authorization, with authentication of requests being carried out upstream by agents accredited by data protection authorities. This topic is also part of the new mission of the Policy Development Working Group (ePDP) in the coming months. Things can therefore evolve on this subject in the future.

Status of ongoing projects after ICANN64
Goran Marby, ICANN CEO, speaking on the proposed functioning of access to hidden data for domain names through the future RDAP

A multi-year strategic plan

At ICANN64, ICANN also presented progress on the implementation of a strategic operating plan for the organization for the period 2021-2025.

The adoption of a five-year plan is new for this organization, which has always operated on an annual basis. This plan must determine the priorities for the coming years, which is also a novelty in a context where multiple projects have always been carried out simultaneously without any real prioritization.

We already know that DNS security is one of the major issues of the coming period. Among the priorities identified are the reinforced fight against malware and the increased security of the DNS, in particular through a faster deployment of DNSSEC.

For the next round of new domain names extensions openings also mentioned, ICANN has also indicated that it will take into account the lessons learned from the previous round. Among them, new extensions are ten times more targeted than historical generic extensions (like .COM,.NET,.ORG,.BIZ,.INFO) by malicious practices such as typosquatting and dotsquatting on which phishing and pharming practices proliferate.

Feel free to contact your Nameshield consultant, who is very knowledgeable on all these subjects.

15 websites proposing DDoS attacks closed by the FBI

15 websites proposing DDoS attacks closed by the FBI
Image source: typographyimages via Pixabay

In its last quarterly report, Nexusguard stated that after the FBI closed 15 websites providing cyberattacks services, a decrease of 85% of the DDoS attacks’ scale and 24% of big attacks were observed.

In the same way, these closings would lead to the decrease of 11% of the attacks’ volume comparing to the same period in 2018 and at an international level.

Indeed, it was in December 2018 that the FBI successfully shut down 15 websites proposing DDoS attacks services, called “booters” or “booters services” in the business.

To achieve their goals, these booters use IP stresser, which originally are tools allowing to test the server or the network’s resilience. The cybercriminals hijack these IP stresser and send through them a large volume of requests towards the servers until they are overloaded and unable to respond anymore.

The Nexusguard report also indicates that the 15 websites closed by the FBI would be the technical source of about 11% of the global DDoS attacks of various sizes since 2014. Of course, this decrease might only be temporary, the multiplication of bot networks being the real plague of our decade in terms of cybercriminality.

Cybersquatting: Increase of UDRP complaints filed with WIPO in 2018

Cybersquatting: Increase of UDRP complaints filed with WIPO in 2018
Image source: janjf93 via Pixabay

In the domain names’ world, the rules applied by many registries of “first come, first served” often lead to many cases of abusive registrations and of cybersquatting in particular. This is a practice that consists in taking a domain name by registering it, using or mentioning a trademark, a business name, a patronym or any name on which the applicant has any right, in order to make material or moral profit from its current or future notoriety.

In order to fight against these fraudulent actions and to assert their rights, brands’ owners can implement a targeted action to recuperate or suppress the cybersquatted domain name, called UDRP procedure (Uniform Domain Name Dispute Resolution Policy). This procedure is administered by an Arbitration Center like the one of the WIPO, the World Intellectual Property Organization.

According to the WIPO’s General Director, Francis Gurry: “Domain names involving fraud and phishing or counterfeit goods pose the most obvious threats, but all forms of cybersquatting affect consumers. WIPO’s UDRP caseload reflects the continuing need for vigilance on the part of trademark owners around the world.

UDRP complaints filed with WIPO in 2018*

On March 15, 2019, the WIPO published its last annual report on domain names’ disputes.

In 2018, the WIPO’s Arbitration and Mediation Center received a record of 3447 UDRP cases filed by brands’ owners, i.e a rise of 12% compared to the previous year.

Cybersquatting: Increase of UDRP complaints filed with WIPO in 2018
Source: WIPO Statistics Database

However these disputes concerned 5655 domain names, a decrease comparing to 2017 which counted 6371 names.

The main gTLDs in the cases filed with WIPO are unsurprisingly, the .COM (far ahead with 72.88%), the .NET (4.62%), the .ORG (3.50%) and the .INFO (2.23%).

Regarding the disputes on the domain names registered in the new extensions, they represent nearly 13% of the disputes, mostly in .ONLINE, .LIFE and .APP domains.

And lastly, nearly 500 complaints regarding names registered in ccTLDs have been filed, nearly 15% of all the disputes administered by the WIPO in 2018.

The 3 main sectors of complainant activity are the sectors of banking and finance, biotechnology and pharmaceuticals, and Internet and IT.

Geographically, France is placed second with 553 cases filed with the WIPO, just behind the United States (976 complaints) and is one the most reactive countries on this subject.

Note that on all the UDRP cases filed in 2018, Nameshield ranks second in the filing world complaints with 343 cases filed and 66 represented customers**.

Our teams are of course at your disposal to inform you on the possibilities of contentious domain names recovery actions.

*Source: WIPO Statistics Database

**Source: Nameshield’s report on UDRP procedures, 2018

Brexit and .EU domain names: EURid’s action plan on hold

Brexit and .EU domain names: EURid’s action plan on hold
Image source : Tumisu via Pixabay

On the article dated from February 22, 2019, we discussed about the Brexit’s consequences on the .EU domain names and the publication of the action plan by EURid, the .EU registry, following two scenarios, in case of no deal or in case of a withdrawal agreement between the United Kingdom and the European Union.

In short, as a result of the Brexit, companies and individuals, holders of a .EU will no longer be able to renew or register names in .EU if they are not residing in the European Union.

In case of no deal, .EU domain names’ holders will have 2 months from March 30, 2019 to demonstrate their eligibility or to transfer their name to an eligible registrant (whose country code isn’t either GB/GI). All registrants who did not demonstrate their eligibility will be deemed ineligible and their domain names will be withdrawn.

In case there is a withdrawal agreement, this plan of actions will be implemented as of January 1, 2021.

Due to ongoing uncertainties over the United Kingdom’s withdrawal from the European Union, EURid announced on March 22, 2019, that this plan would be placed on hold while waiting for an official update from the European Commission.

To be continued.

The .UK soon available to all: .CO.UK’s holders, don’t miss the end of the priority period!

The .UK soon available to all: .CO.UK’s holders, don’t miss the end of the priority period!
Image source: 12019 via Pixabay

Remember, in June 2014, Nominet, the registry of .CO.UK, launched the opening of the .UK registrations. At the time of the extension’s launch, the registry applied a 5 years restriction during which the .UK registration rights were restricted to the holders of the corresponding names in .CO.UK, .ORG.UK, .ME.UK, .NET.UK, .LTD.UK or .PLC.UK.

The 1st of July 2019 will mark the end of the period when .UK extensions were blocked from registration if the .CO.UK was not already registered. The names will then be opened to all! If you are already a .CO.UK domain name’s holder, don’t hesitate to contact your Nameshield’s consultant before the end of the priority period to reserve your corresponding name in .UK and thus prevent a third party to do it on the general availability period.

The .DEV available to all

The .DEV available to all
Image source: mohamed_hassan via Pixabay

After the launches of the .APP and .PAGE, Google launched .DEV on January 16, its new extension dedicated to developers and technology, following the calendar below:

  • Sunrise period: from 2019/01/16 to 2019/02/19
  • EAP (Early Access Program): from 2019/02/19 to 2019/02/28
  • General availability: from 2019/02/28

Since February 28, 2019, the .DEV is in general availability and already has more than 64 000 domain names’ registrations according to Domain Name Wire.

To promote this new extension and for the Google I/O 2019 , its annual event for developers (which will be held on May 7-9, 2019 at the Shoreline Amphitheatre in Mountain View), Google proposes the free registration for 1 year of a .DEV domain name for all ticket booked. But the registrations resulting of this promotional campaign only represent a small part of the 64 000 .DEV domain names registered.

During the last months, Google itself has launched or relaunched many of its websites in .DEV: web.dev, opensource.dev, flutter.dev…

Other companies have also chosen to register their domain names in .DEV like Mozilla with mdn.dev, Salesforce with crm.dev and Level Access with accessibility.dev.

The HTTPS mandatory for all .DEV domain names

As mentioned in a previous article by Christophe GERARD, Nameshield’s Security Product Manager, as reminder, Google in its goal of a more secure Internet, makes HTTPS encryption mandatory for all its new extensions: .APP, .PAGE, .HOW, .DEV… (More details in this article).

Thus, .DEV extension is included on the HSTS pre-upload list, requiring HTTPS protocol on all .DEV domain names.

Therefore, in order to use a .DEV domain name, you will need to acquire a SSL certificate and deploy HTTPS.

From tools to platforms, programming languages to blogs, this extension will allow you to present your projects. Don’t hesitate to contact a Nameshield’s consultant for any questions regarding the conditions for the registration of your .DEV.

19 years after: UDRP in few figures

19 years after: UDRP in few figures
Image source : Nick Youngson CC BY-SA 3.0 Alpha Stock Images

Launched in 1999, the UDRP process (Uniform Domain Name Policy) is today the fastest and the most affordable solution for resolving clear cases of cybersquatting.

Indeed, UDRP offers to brands owners a transparent process, carried out by independent experts allowing them to retrieve or delete a domain name infringing their brands. It is important to note that the expert cannot allocate the damages and interests to the requester.

MARQUES, a European association representing brand owners’ interests, raised, on the 1st of February 2019 in a letter addressed to ICANN, the issue of the costs supported by the brands owners for the defense of their brands in case of cybersquatting.

The association collected several information regarding UDRP complaints registered with seven Arbitrage Centers providing or having provided this process, and in particular the ones concerning the number of UDRP complaints filed and the associated costs.

In particular, between 1999 and December 2018, the WIPO (World Intellectual Property Organization) registered 42 535 complaints filings. Knowing that the cost of the arbitration fees of the WIPO (besides the representation fees) is at least $1,500 USD, WIPO then collected at least $63,802,500 USD from administrative fees over nearly 20 years.

Furthermore, MARQUES proceeded to an estimation of the costs regarding complaint filings by taking into account the fees of the representation by a legal consultation and concluded that the cost of a UDRP complaint filing would be $5,000 USD. Knowing the arbitration fees, the representation fees by a legal consultation would then be $3,500 USD.

Thus MARQUES estimates the costs (which regroup administrative fees and legal consultation fees) supported by the trademarks owners are $360,190,000 USD for the period 1999 to the end of 2018.

However, some members of the association, think that this is a low estimation and that it would not take into account other expenses related to the protection of their rights (revenue loss, monitoring costs, defensive registration, lifting anonymity, research, etc).

Attack on the domain name system: the priority is to protect your access

Cyberattack - DNS Hijacking - cyber espionage
Image source : Geralt via Pixabay

Last weekend, the media has widely communicated on the consequences of an unprecedented attack that targeted the domain names.

Indeed, during the night of 22-23 February ICANN reported the large-scale attacks on the domain names: it is DNS hijacking. These attacks consist in “replacing the authorized servers addresses” with “addresses of machines controlled by the attackers”, as explained by the organization, allowing the attackers to examine the data in order to find passwords, email addresses etc., even to completely capture the traffic towards their servers.

A wave of attacks that began in November 2018

Actually, this is not an attack but a wave of attacks that the domain names system has endured for several weeks now.

Since the end of November 2018, an attack has targeted Lebanon and the United Arab Emirates and affected .GOV domain names. In this attack, the cybercriminals have proceeded with DNS hijacking.

At the beginning of January 2019, the company FireEye reported in an article, a wave of DNS hijacking that has affected domain names belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.

If the attackers were then not identified, the initial research suggested the attacks could be conducted by persons based in Iran.

Important fact regarding the attack of February 22: this time, it struck, sometimes successfully, important actors of the Internet.

What are these attacks?

The method used is the DNS hijacking deployed on a large scale. This is a malicious attack, also called DNS redirection. Its aim: overwrite the TCP/IP parameters of a computer in order to redirect it towards a fraudulent DNS server instead of the configured official DNS server. To do this, the attacker takes control of the targeted machine through different techniques to alter the DNS configurations.

The American government, among others, recently warned about these series of highly sophisticated attacks of which the aim would be to siphon a large volume of passwords. These attacks would target more specifically governments and private companies.

Between DNS hijacking and cyber espionage

According to Talos’ article of November 2018, the attackers behind these attacks would have collected emails and connection information (login credentials – passwords) by hijacking the DNS, so that the traffic of the emails and the VPN (Virtual Private Networking) of the targeted institutions would be redirected to a server controlled by the cybercriminals.

Once the connectors collected, other attacks can be launched for espionage purposes, like the Man-In-The-Middle.

Then how to effectively protect yourself?

You must be aware that if these attacks essentially aim the domain names system, we can never say it enough, the first entry point of your domain names portfolio for an attacker is your access to the management platform.

The first and utmost recommendation is to protect your access

For many years, Nameshield has developed securing measures for the access to the domain names management platform (IP filter, ACL, HTTPS) and in addition proposes the 2 factors authentication and the SSO.

If these complementary solutions are still not implemented, Nameshield strongly recommends to implement them, in particular the 2 factors authentication in order to fight against passwords thefts.

To implement the DNSSEC protocol

The implementation of DNSSEC, if it was more widely deployed, would prevent or at least lessen the impact of these attacks by limiting their consequences.

It’s becoming increasingly urgent that DNSSEC is adopted on a massive scale, for both resolvers and authoritative servers.

To protect your domain names

The implementation of a registry lock on your strategic names will prevent their fraudulent modifications.

Although no perfect solution exists today to fully protect the infrastructures from cyberattacks, it is the implementation of several preventive measures combined that will allow to reduce the vulnerabilities (so) easily exploited by the pirates.

Can Russia disconnect from the global Internet?

Can Russia disconnect from the global Internet?
Image source : bernswaelz via Pixabay

On February 13, 2019, the Duma (lower Chamber of the Russian Parliament) has begun to study a draft legislation with the aim to create a “sovereign Internet” in Russia, meaning an ability to function in total independence if Russia was cut from the major global servers. To achieve this, it will be necessary to create an “infrastructure allowing to ensure the functioning of the Russian Internet resources in case of the impossibility for the Russian operators to connect to the foreign sources Internet servers”.

The Internet providers will have to implement systems allowing a “centralized control of the traffic” on their networks.

The measures proposed would allow the Russian Internet (RuNet) to ensure that the Russian part of the Internet functions efficiently. In other words, the test will allow Russia to ensure that its domestic networks can operate in full autonomy.

A response to the penalty threats? 

If Russia talks about an assurance for a maintained local availability, particularly in case of a large-scale cyberattack, this draft legislation is also and clearly presented as a response to the “aggressive nature of the new American cybersecurity strategy adopted in September 2018” [mentioning Russia as a threat]. Indeed, Russia is the object of many accusations regarding cyberattacks and cyber espionage (disruptions of the American presidential elections in 2016 -exhortation of Stuart Peach, Chief of the UK Defence staff in NATO, to take measures against Russia in December 2017, after the Russian submarines were detected near the Atlantic submarine cables, which carry the communications between Europe and the USA – in January 2018, the Minister of UK Defence, Gavin Williamson, also accuses Russia of spying the critical infrastructure of his country with the aim to create a “total chaos” which could “result in thousands and thousands of deaths”, etc). NATO and its allies have then threatened to punish Russia for these cyberattacks.

It’s in this context that Russia is planning a full-scale test of disconnection of the global Internet network.

A full-scale test

For several years, this test has been prepared by Russian authorities, who planned a DNS local backup (tested in 2014 and in 2018).

Indeed, the law plans the creation of Russia’s internal DNS system, which would ensure the link between web address and IP address of the corresponding web servers, without resting on the root servers of the global Internet.

Validated by president Poutine, the draft legislation has all its chances to be quickly adopted despite the reluctance of some branches of the government because of the potential expenses entailed. On the Russian Internet providers’ side, they seem to agree with the draft legislation, as mentioned in the Russian press, but to this date, they do not validate its technical implementation, which could create important disturbances and other traffic disruptions in Russia.

Of course, it is easy to see that this experience will simultaneously test the Internet providers‘ ability to direct data towards routing points controlled by the Russian government, since a filter would be implemented to stop the flow of data towards foreign servers.

Would Russia move towards a system of traffic filtering, beyond ensuring a national intranet that maintains an operational connection inside the borders even in case of a massive cyberattack? It is reminiscent of the significant Chinese firewall (Internet monitoring and censorship project managed by the Ministry of Public Security of the People’s Republic of China, initiated in 1998 and of which activities began in November 2003).

The Russian test could happen on the 1st of April 2019. To be continued.

Brexit’s consequences on .eu domain names : EURid’s action plan

Brexit’s consequences on .eu domain names : EURid’s action plan
Image source : Tumisu via Pixabay

In a previous article, we discussed the Brexit’s consequences on .EU domain names, the European Commission announced on 28 March 2018 that companies and individuals, holders of a .EU will no longer be able to renew or register names in .EU if they are not residing in the European Union.

With the Brexit’s date approaching, EURid, .EU registry, has recently published its action plan that has two scenarios depending on the case there is no deal or the case there is a withdrawal agreement between the United Kingdom and the European Union. In the second case, it will be the same actions but they will be implemented on different dates (from December 2020).

Scenario 1: The United Kingdom leaves the European Union with no deal on 30 March 2019 

New registrations

  • From 30 March 2019: EURid will not allow the registration of any new domain name from registrant declaring an address in Great Britain (country code GB) or in Gibraltar (country code GI).

.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

  • On 23 March 2019: EURid will notify by email both GB/GI registrants and their registrars about the forthcoming non-compliance of the data associated to their domain name within the .EU regulatory framework.
  • On 30 March 2019: EURid will again notify by email both GB/GI registrants and their registrars that their domain name is not in compliance with the .EU regulatory framework.
  • Before 30 May 2019: Registrants will be given the possibility to demonstrate their compliance with the .EU regulatory framework by updating their contact data.

During this two months period, the domain names in question will remain active and the following actions are possible:

-Contact data changes including updates to existing contact details pertaining to phone number, email address, postal address and country code;

-Updating a contact or linking a new contact;

-Name server and DNSSEC changes;

-Transfer the domain name to a non GB/GI registrant.

During this two months period, the following actions are not possible:

-Transfer the domain name to a GB/GI registrant;

-Term extension, unless accompanied by a transfer request to an eligible registrant;

-Automatic renewal for domain names that expire in the period between 30 March 2019 and 30 May 2019.

  • As of 30 May 2019: All registrants who did not demonstrate their eligibility will be deemed ineligible and their domain names will be withdrawn.
  • On 30 March 2020, i.e. twelve months after the UK withdrawal: All the affected domain names will become available for general registration.
  • For. EU domain names that are in the ON-HOLD status at the time of UK withdrawal: They will remain registered until there is an outcome of the court case. However, they will be suspended and will cease to function as of 30 May 2019.

-If a court ruling establishes a transfer to an eligible party, that decision will be implemented in the usual way.

-If the domain name stays with the GB/GI registrant, the domain name will be withdrawn.

  • For .EU domain names that are in the SUSPENDED status at the time of UK withdrawal: Evaluation by the registry on a case-by-case basis, moving forward if appropriate, with the withdrawal of the domain name.
  • For .EU domain names that are in the QUARANTINE status at the time of UK withdrawal:

-No transfer to GB/GI registrants from quarantine will be possible during the two months period.

-Transfer to a non-GB/GI registrant will be possible.

Scenario 2: The United Kingdom leaves the European Union with a planned transitional period on 31 December 2020

It will be the same actions but they will be implemented on different dates.

New registrations

  • From 1 January 2021: EURid will not allow the registration of any new domain name from registrant whose country code is either GB/GI.

 .EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal

  • 23 December 2020: First email sent about the non-compliance of the data associated to the domain name.
  • 1 January 2021: Second email sent about the non-compliance.
  • Before 2 March 2021: Possibility for the registrants to demonstrate their compliance with the .EU regulatory framework by updating their contact data.
  • As of 2 March 2021: All registrants who did not demonstrate their eligibility will be deemed ineligible and their domain names will be withdrawn.
  • On 1 January 2022: All the affected domain names will become available for general registration.

The actions planned in the first scenario regarding the different status « ON HOLD », « SUSPENDED » and « QUARANTINE », will also be applied in the second scenario.

The Brexit’s consequences thus force the British to rethink their domain names strategy. Indeed, the loss of their .EU domain names will be an opportunity for cybersquatters who reside in the E.U. and meet the eligibility criteria, they would then have the rights to register these .EU domain names. Nameshield’s team is at your disposal to reply to all your questions and to propose you the best recommendations regarding your domain names’ portfolio management.