A much awaited first report on DNS abuse in the new extensions

A much awaited first report on DNS abuse in the new extensions

While the fate of 25 not yet delegated new extensions remains to seal, which represents approximately 2 % of all the accepted extensions during the current opening round, ICANN has just published a study on the proportion of DNS abuse in the new extensions launched after 2012.

The study was requested by the Competition, Consumer Trust and Consumer Choice Review Team ( CCTRT), which is mandated by ICANN to examine the extent to which the introduction or expansion of generic extensions has promoted competition, consumer trust and consumer choice. By defining the parameters of the study, the CCTRT tried to measure the rates of the common forms of unfair activities in the system of domain names, such as spamming, phishing and distribution of malware.

As a reminder, phishing is a technique used by swindlers to obtain personal information with the aim of committing identity thefts.

What is the report based on?

The study was led by SIDN, the registry of the extension of the Netherlands, as well as the University of Technology of Delft also located in the Netherlands. It was realized over a period going from 2014 to 2016, thanks to an access to the zone files granted by ICANN to these two entities.

More than 40 million names were analyzed, among which 24 million names registered in the new extensions and 16 million in the historic generic extensions: .com, .net, .org, .biz and .info. For the new extensions, it targeted the extensions which proposed a Sunrise phase for brand owners. Thus, this study ultimately concerned few .BRAND registries, since they are not required to make Sunrise phases.

Both entities made their own measures to detect abuse and the data were cross-checked with eleven heterogeneous lists referencing domains and URLS identified as hostile, which were supplied by five specialized organizations.

What are the study’s conclusions?

Regarding phishing and malware distribution, the study shows a convergence of the proportions observed within the new extensions and those in the historic generic extensions. However, in the historic generic extensions, the rates tend to remain stable while those of the new extensions increase.

On the other hand, a strong disparity appears on the spamming. At the end of 2016, the proportions of affected domains are almost ten times higher on the new generic extensions: 526 on 10000 names against 56 on 10000 names. Trends show a shift of the cybercriminals towards the new extensions.

The analysis also shows that near half of the deposits identified in activities of spamming on the three most concerned new extensions, come from known cybercriminals and from blacklisted users by Spamhaus. Spamhaus is a non-governmental international organization, its purpose is to trace spammers.

However, these phenomena do not concern all the new extensions because 36% did not encounter any abuses during the last quarter of 2016.

The study also shows that the operators which compete by lowering their prices in order to sell volume, are the ones which are the most used by the cybercriminals. Besides competitive registration prices, not restrictive registration requirements, a variety of other registration options such as the wide range of the available methods of payment, inclusive services such as DNS hosting or services of WHOIS masks, are so many other factors looked for by the cybercriminals.

What is the impact of the DNSSEC on abuses?

While the DNSSEC protocol is rapidly expanding, the entities appointed by ICANN to conduct this study also analyzed how the structural properties and the security measures implemented by the operators of new extensions influence domain abuses. As expected, the DNSSEC plays a statistically significant role and thus incites to deploy more widely the protocol on more extensions. The extensions supporting DNSSEC are indeed less of a target of such practices.

What’s happening next?

The study is now open to public comments until September the 19th. The entities which led it, also intend to analyze more in detail the possible correlations between the registration policies and abuses.

The CCTRT is then going to make recommendations to ICANN to stem the increase of DNS abuse that ICANN can then transform into new obligations for the registry operators. This time, however, all the registry operators may be concerned, thus also the .BRAND registries. NAMESHIELD is going to follow this subject closely.

Some movement in the SSL’s world: Digicert acquires Symantec’s certificates activity

Digicert acquires Symantec’s certificates activity

On Wednesday, August 2nd, Digicert announced the acquisition of Symantec’s Website Security Business branch (including SSL business, and some other services). It’s the direct consequence of the conflict opposing Symantec to Google for a few months.

Digicert acquires Symantec’s certificates activity
DigiCert’s Twitter account

You have certainly already heard about this disagreement opposing two companies on a certain number of certificates issued by Symantec and the possible loss of trust towards these certificates in the next versions of Chrome. Many information and dates have been flowing on this subject, sometimes contradictory, it can be sensitive to evaluate the impact on your own certificates.

Nameshield as a Symantec’s Platinum partner, has followed very closely the development of this case to ensure that its customers and partners don’t risk to be impacted and suffer from a loss of trust within their browsers. The very latest developments of this case lead us to communicate the following important information:

What happened?

Google and Symantec had a dispute in 2015, Symantec’s teams taking for example certificates often based on the CN google.com, by really issuing them to delete them afterwards. It was objectively a mistake and Google has sanctioned Symantec by making compulsory the subscription of all certificates within the Certificate Transparency base, which since became the market standard and a mandatory for all Certification Authorities. This decision was effective on June 1st, 2016.

At the beginning of 2017, Google and Mozilla announced the discovery of 127 Symantec certificates with irregularities, leading to a thorough investigation from Google, which would have found nearly 30 000 impacted certificates. Google decided to severely sanction Symantec by reducing the certificates’ duration to 9 months and by deleting the EV status for Symantec certificates in a very short period. Symantec has immediately reacted by sanctioning 4 partners who were at the roots of the errors. Many discussions between the two groups, and with many important actors of the industry, took place since March 2017. A part of these publications, proposals and counter-proposals has created confusion.

These different discussions have led Google and Symantec to an agreement on a method and a transition calendar towards a new PKI infrastructure for Symantec. Google officially communicated on this subject on Friday, July 28th. This communication can be consulted here.

Symantec is committed to create a new PKI infrastructure in collaboration with a third party to prove its good faith, answer to the transparency requirements of Google and maintain the high degree of trust which has always benefited the group from the web users. This infrastructure change will take place on December 1st, 2017 and will require the replacement (or if any, the renewal) of all the existing certificates for Symantec brands, Thawte, Geotrust and RapidSSL. This extended deadline will allow a smooth transition, without impact on web users.

Since August 2nd, we know that this trusted third party will thus be Digicert.

What Calendar?

Google distinguishes Symantec certificates issued before June 1st, 2016 from those issued after this date (Mandatory subscription in Certificate Transparency). The loss of trust in these two categories of certificates will arrive through two different versions of Chrome, hence the following calendar:

– Category 1: Certificates issued before June 1st, 2016, will have to be replaced (or renewed*) between December 1st, 2017 and March 15th, 2018 (arrival of the beta Chrome 66)

– Category 2: Certificates issued between June 1st, 2016 and November 30th, 2017, will have to be replaced (or renewed*) between December 1st, 2017 and September 13th, 2018 (beta Chrome 70 arrival).

The eventual emergency communicated by the different market actors is therefore not relevant.

*anticipated renewal: a renewal can be done until 90 days before the expiration date of a certificate, without penalizing the duration of the new issued certificate.

Are you impacted?

Yes you are, if you dispose of certificates issued with one of Symantec brands (Symantec, Thawte, Geotrust, RapidSSL) through Nameshield or other providers with whom you would be working. All that remains is to distribute them in the two mentioned categories. We could help you identify the eventual impacted certificates and their distribution in the right categories, in order to plan the actions to carry out from December 1st, 2017.

And Digicert in all this?

Digicert is an American company, of which the actual market share represents 2.2% of the world market, based on the last report of W3tech. It’s a company renowned for the work quality of its authentication team and its conformity with the CAB forum’s Baseline Requirements. Digicert is regularly growing for several years on serious values and manages certificates portfolios of very important companies and websites around the World.

Digicert will become a major actor of the certificates market, by taking the 14% of the global market shares of Symantec. More interesting, the 40% of market shares on EV certificates and 30% on OV certificates which represents Symantec.

On paper, this acquisition is good news for all the Symantec customers. It’s a guarantee of continuity in the quality of provided services. It’s the guarantee of a successful transition towards a new PKI infrastructure requested by Google. It remains to monitor Digicert capacity to respect the calendar imposed by Google, we will closely monitor this.

What does Nameshield think of this?

Nameshield trusts Symantec and its teams for several years. On one hand, for its quality of service, which allows us to provide you a service of first level and on the other hand for the brand image and the trust created by this group to the web users. The management of this Google/Symantec crisis doesn’t question the trust we have in this partner, and whose support remains irreproachable.

Furthermore, we were for a few months, in relation with Digicert to extend our solutions portfolio, we welcome this acquisition announcement like a positive news for our customers and partners, by being confident on the continuity of the services we could offer you. It means that the trust you place in us is primordial and if you want to move in a different direction, Nameshield remains at your service to propose alternatives to you.

.BRAND : 4 episodes, for this summer

.BRAND : 4 episodes, for this summer
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/

Act 3: Depression

 

Five years ago, the number of domain name extensions was alright: less than 500. It was still possible to register its trademark and its company’s name in the extension of its choice and to act against fraudulent deposits. Attacks were unusual and you defended yourselves when smart little ones made contentious deposits. Some extensions only accepted subdomains registrations, such as Australia and the United Kingdom. Impossible to save at the root and impossible to register without having any rights: .CO.UK for companies, .AC.UK for the academic world,…

But that was before.

 

Domain names - Number of delegated TLDs

 

Then arrived several generic extensions and if the rare extensions created, caused only few problems (.MUSEUM, .MOBI, .AERO,…), this was not the case for the thousand new delegated extensions following the new gTLD program, opened on January 12, 2012. Although brands have filed .BRAND or .COMPANY to protect their territories, many extensions were open and the registration race allowed smart little ones to create big damage. The registration of BLOOMBERG.MARKET and VINCI.GROUP are two particularly well-known examples.

Today, the management of domain names is managed by people dedicated to this activity, mostly within marketing, legal and IT departments.

But what do you have to do? Register your brand in all TLDs? Spend an important amount in domain name retrieval procedures? An in-between?

Interesting alternatives are born from the opening of the new gTLDs:

  • Create a closed extension with subdomains to find the identification-trust link, such as the .FX project I presented a few days ago to NetWare2017 ;
  • Create your own extension: some already do this well, like .BNPPARIBAS or .LECLERC ;
  • Help the end user and this is the project of the Nameshield’s CEO, through Brandsays, a browser extension.

If the brands continue to rightfully submit domain names, they will also develop other means of access, such as SEO or social networks.

While INTA, in its recent study, highlighted impressive figures regarding defensive actions, to get the right answer, you have to ask the right question. We will see in the fourth and last episode of this summer saga, how to understand the .BRAND strategy.

 

Read act 1: Denial (and Anger)

Read act 2: Expression

Read act 4: Reconstruction

Have you heard of Esperancia?

Esperancia_logo - Nameshield

Surely, you have already noticed the Esperancia logo in the email signature of your Nameshield partner. But do you know how it works?

Esperancia is an endowment fund with an innovative and ingenious concept: the search for long lasting funding. This system ensures to maintain its purpose: a long-term action to the associations it supports.

Esperancia - Nameshield

 

If Esperancia owns 15% of our company’s shares, Nameshield also transfers 1% of its annual revenue to Esperancia.

Therefore, as a Nameshield customer, you also participate to the development of Esperancia.

This endowment fund works in a unique way. In that regard, Nameshield and the other sponsoring companies are pioneer companies.

Thanks to the funds collected by donations in euros or in capital, Esperancia assists and supports existing associative projects aimed to protect and help children and underprivileged youth to become self-sufficient adults able to take their place in society.

Esperancia intends to be a “purveyor of hope” to young people in difficulty. At the same time, Esperancia brings a complementary meaning to the commitment of our collaborators and to their involvement in our company: we commit ourselves to social projects at their side.

 

Last July, Nameshield hosted an event for the project “Réussir Angers”, created to help vulnerable 18-30 years old young people, who have for example, the common point of disregarding professional codes.

One of the purposes of this day was to educate those young adults, to initiate them to the corporate world, and make them feel more confident about themselves.

Over a convivial meal, the young people could listen to four Nameshield collaborators discussing about their personal and professional background.

In this favorable context, reassuring and free of pretense, the young people integrated to the project, could explore the doubts, obstacles and difficulties experienced by our fellow volunteers as well as their achievements, their successes, small and big.

A moment of exchange and sharing, enriching for every participants on each side of the stage.

.BRAND : 4 episodes, for this summer

.BRAND : 4 episodes, for this summer
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/

Act 2: Expression

 

We left off on the time when the brands did not feel the Internet revolution, the techniques evolving and the registered domain names. (Read act 1: Denial (and anger))

The example of McDonald’s is interesting. In 1994, Wired, an American magazine created a year earlier, communicates about the case of mcdonalds.com. Joshua Quittner, a journalist at Newsday, contacted McDonald’s and asked if they would be interested in registering mcdonalds.com. There was little to no answer. He registers the name, contacts McDonald’s which does not answer. Then he publishes his article on Wired, putting the contact address ronald@mcdonalds.com.

McDonald’s complains and Quittner asks for a donation for charities: it will be 3500USD for the computer equipment of a school in New York.

McDonalds - .brand domain name example

 

In analogy, we can remember when a Russian worker asked for a gift from Vladimir Putin, who could not refuse in front to the camera. Putin offered him his watch worth a year’s salary.

The virulent attacks of trademarks are legion in order to recover the domain names from little jokers, some of them could be part of the company, such was the case for mtv.com.

Brands federate among themselves, contact ICANN to develop simplified procedures, even if, according to the famous trademark dilemna, the American organization had known the risk of cybersquatting for a long time.

On the side of lawyers, training courses are launched on each side of the Atlantic and the UDRP, SYRELI, URS and others, are created in order to defend the digital territories.

France, known for a long time as a country supporter of trademarks, will not remain passive and is today, the second country in the world in the disputes resolutions concerning domain names.

Thus, in the virtual territory, and in contrast to the reality, the police is financed by trademarks. The holders of a territory, similar to countries, are doing nothing or almost nothing: recovering a .Fr can be possible using a SYRELI procedure, while for our friends from the outside of Rhine, no alternative procedure exists: to apply for its .DE, it is the court or nothing.

Nevertheless, an economy of defense of brands is organized and thus, an ecosystem is developed.

Everything seems to be going well, until the arrival of the new extensions, as called in the field, the first round…

 

Read act 3: Depression

The acquisition of Rightside Group by Donuts becomes a reality

new gTLDs - The acquisition of Rightside Group by Donuts

It’s at mid-July that ICANN has given its consent regarding the merge of Rightside Group, the registry behind the 40 new gTLDs (.ATTORNEY, .NINJA, .PUB, .DENTIST, .NEWS, .ROCKS, .LIVE, etc.) and the other well-known registry in the new gTLDs’ world, Donuts Inc (more than 200 TLDs: .LIFE, .LOANS, .MEDIA, .SOLUTIONS, .WORLD, etc.).

Donuts will then acquire Rightside at the price of 10.60$ per action, in the context of a takeover offer, i.e. an operation of approximatively 213 million in total.

Donuts, already largely dominant with its hundred extensions, continues to reinforce its position and benefits from difficulties faced by some registries suffering from deficit of commercial success.

This new operation highlights a fact: many new extensions didn’t obtain the expected enthusiasm and the registries which created them are in difficulties.

Are we heading slowly but surely towards a retrieval by Donuts of unsuccessful registries seeking to limit the losses?

 

Black July for the .xyz

.XYZ - new gTLD

The volume leader of the new gTLDs has seen its zone file cut by more than half.

While it started its July month with more than 5.2 million of registered domain names in its zone, it had only 2.5 million on Monday 17, letting the .top get its way back to the top in the meantime.

How to explain such a phenomenon?

First of all, the multigenerational extension doesn’t escape the non-renewal law.

A year after having massively registered at the derisory price of 0.01$ or even received for free their domain names in .xyz, the acquirers simply don’t renew these latter, hence a considerably reduced zone file.

Last but not least, a big part of the non-renewals comes from the ban done to registries by the China Ministry of Industry and Information Technology to sell .xyz.

Yet, half of the registered domain names in .xyz were owned by people in China.

The case is currently in the process of being resolved, so the .xyz has yet to type its final point.

Nameshield: The first French registrar certified ISO 27001 on all its registrar activity

Nameshield's ISO 27001 certification

 

 

Nameshield is proud to announce its ISO 27001 certification on all its registrar activity, the product of many months of work.

Why the ISO 27001 certification?

Since its creation, 23 years ago, Nameshield has taken to heart to provide to its customers the best services under conditions of optimal security. By choosing the ISO 27001 standard, this constant care given to all our services is now certified by a competent authority.

The impressive rise of the occurrence and the force of the cybercriminal attacks has comforted the founder and CEO of Nameshield, Jean-Paul Béchu, in his determination to propose to all our users an ISO 27001 certification on all our registrar activity.

Today, it’s frequent that cybercriminals attack services providers in order to reach indirectly their final targets. And if our Security Officer of Information System monitored already the security of our infrastructure, the ISO 27001 reinforces the requirements.

If Nameshield has engaged in this process, the result of an important investment, human and financial, it’s because it’s essential for us to demonstrate and certify the dimension of our engagement in term of security.

To be certified ISO 27001 is to ensure our customers and partners that the security of the Information systems is completely integrated and that Nameshield is committed to a process of constant improvement requiring specific resources, which we have chosen to deploy.

The certification confirms the competence of Nameshield’s employees and their expertise in the protection of critical information.

 

What is the ISO 27001 certification?

ISO 27001 is an international standard which describes the requirements for the establishment of an Information security Management System. This one is intended to choose the security measures to set up in order to ensure the protection of sensitive goods of a company on a defined perimeter. In the case of Nameshield, it covers all of its registrar activity.

At a higher level, the ISO 27001 standard requires that the managers of the company are involved in the cyber defense. In parallel, a steering committee follows the implementation of the new arrangements respecting the standard.

An audit carried out by LRQA, the World Leader of the certification of value added Management systems, allows us to deploy our security measures and to become the first French registration office to be certified on the complete perimeter of its registrar activity.

Nameshield, your trusted partner.

 

.BRAND : 4 episodes, for this summer

.BRAND : 4 episodes, for this summer
Photo : CC BY-SA 3.0 Nick Youngson – source : http://nyphotographic.com/

Act 1: Denial (and Anger)

 

The brand, a forbidden territory. Everything is played out by attacks, complaints, courts. A ruthless world. Since the 23rd of June 1857 and the creation of the first system of trademarks by France, it is possible to benefit from an exclusive right of use for a term on different applications. Otherwise the law is coming. The arrival of the Internet will shake up this foundation.

If one remembers the Milka conflict with Kraft foods, which led to the famous opposition between Milka Budimir, a seamstress in Bourg-lès-Valence, and the American giant Kraft Foods about the domain name milka.fr, we can keep in mind the case of many domain names holders who succeeded in winning attacks against those bigger than them.

The expression of David vs Goliath is illustrated in France with leclerc.fr, domain name registered by a fan of the Leclerc tank. In spite of an attempt at recovery of SYRELI type, the tradesmen never succeeded in obtaining this famous domain name. For posterity, the justification of the individual will be retained in his argument: “… in life there are not only shopping centers and consumption, France is above all, a country of history, a strong history of which we can be proud!”

 

.BRAND - Leclerc.fr website
Leclerc.fr website

 

In the United States, the case of Nissan Computers is interesting. The little known IT company was registered after the name of its owner, Uzi Nissan. The eponymous Japanese company Nissan Motors evidently pouted at the deposit of nissan.com and tried to recover the domain name in question. Despite an incessant media campaign and numerous attacks, today nissan.com remains the property of Nissan Computers. Nissan Motors now uses nissanusa.com for its US business. In this case, the Nissan.com website only reflects Nissan Computers’ computer sales activity. We can instead find a strong attack against Nissan Motors. A bad buzz in action!

 

.BRAND - nissan.com website
Nissan.com website

 

What can we keep in mind through these two experiences? A relatively interesting bone marrow: the domain name, this intangible asset representing the image of a company, has not been sufficiently monitored by multinationals.

Schmidt launches its new website in dot brand: Home-design.schmidt

Schmidt is one of the first French brands of kitchens, but also the first kitchen furniture export company in France.

Schmidt group has decided to launch its new website in « .brand » (dot brand), .schmidt and thus has joined many big companies which have made this bet, like BNP Paribas (mabanque.bnpparibas), MAIF (voyagepro.maif), Club Med (corporate.clubmed) or the latest, SNCF (oui.sncf).

Schmidt chose to regroup its activity under the « home design » designation which describes well its industry. The company is not only dedicated to the kitchen world but also proposes bathrooms and “custom-made” furniture for the entire house: dressing, TV furnitures… all with a design touch.

The domain name home-design.schmidt allows on the one hand, to optimize the SEO and on the other hand, to facilitate its development and its international communication. After its launch in Great Britain at the end of April, the website arrives in Belgium, and will continue with Spain, Italia and Switzerland by July the 4th.

The domain name home-design.schmidt is easy to recognize and to remember for general public.

dot brand - Home-design.schmidt website
Home-design.schmidt website

But what is the benefit for brands to have their own extension?

In 2013, some companies (including some thirty French companies) wished to have their own « .brand » extension, in order to capitalize on their leading brand. Most of them wanted to secure and protect their naming spaces (to limit intermediaries in the chain of actors involved on a domain name registration). The purpose is also to have a domain name really distinctive and reassuring for the final consumer. The brands fight against cybersquatting, but this is an endless war. It represents an important annual budget and doesn’t limit the damages enough. The message of the brands owners of a « .brand » (dot brand) is the following: If you’re not on my « .brand » website, then you don’t buy the products or services of my brand.

This practice to communicate in « .brand » isn’t known enough by the general public. Of course, the consumers’ awareness should be increased in order to use extra caution during their navigation, and that means the domain name verification.

So having its « .brand » is a differentiating factor and will be more and more used for marketing purposes.

.brand - ma.cuisinella website
ma.cuisinella website