how-to block ads
|
Comments on news posted 2007-10-30 18:20:36: ICANN will vote tomorrow on whether or not to trash the WHOIS database, in response to complaints from privacy advocates who say that the database is frequently abused by scammers and spammers. ..
| |
 ChicagoCPA
join:2001-12-02
Mokena, IL
| Business should be public all others verified Here is my viewpoint on the WhoIs Database
Commercial - If you are engaged in any activity where money or other value is exchanged your WhoIs Data must be public, verified and current. If your data does not meet that criteria, zap your website and email go away. You don't fix it, you can not renew your registration
Non-Commercial - All Registration companies are responsible for collecting valid Whois data on all their clients, you won't provide valid information your technical contact (eg Web Host), becomes legally responsible for legal and administrative issues. If you are engaged in a business activity and you have registered as non-commercial, you forfeit your registration.
For all, you can designate a third party agent (just like a US corporation) to act an intermediary and contact for your website. This must be a Legal Resident in the country where the Domain is registered, have a fixed address and phone, be of Good Character. Agents are responsible for verifying the identity of their clients in person (think public notary)and maintaining current records of address and ownership. (Registrars can never be agents) | |
| | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| Re: Business should be public all others verified said by ChicagoCPA  :Here is my viewpoint on the WhoIs Database ..... Excellent, however based on ICANN's history your ideal proposal will remain just that.
If ICANN votes to trash the WHOIS database it will lead to a massive increase in cyberfraud. The Anti-Phishing Working Group (APWG) reports that the Whois data base is an invaluable resource in shutting down over 1,000 phishing sites a day:
»www.antiphishing.org/reports/APW···owns.pdf
The whois data base is an absolute necessity in fighting cyber fraud. It has become a valuable tool only because registrars have totally abandoned any vetting procedures in the domain registration process. Cyber Criminals have free reign when it comes to registering fraud domains and the valuable DNS control of them.
To underscore how rampant this issue is, and the malfeasance of ICANN's proposal to do away with the Whois database, here is a small example of what takes place thousands of times a day.
This is a snippet of the domain activities of a Moroccan Cyber Criminal who has been shadowed on »/phishtrack . This criminal has registered hundreds of fraudulent domains within a few months. All are registered with obvious fake registration data, and all are charged to previously phished credit cards.
Here he is registering a Paypal Phishing domain onlinepaypalus.com with bogus data:
Note the obvious and total bogus data
Now he pays for it with a phish victims's card:
This was his third attempt at entering a card number. Bear in mind and as noted on the pic he is making this purchase from a French IP using a US issued credit card and bogus us data. Not even a cursory check for a valid zip code or area code match, nothing.
All good to go, within minutes the Paypal phishing site was up and running, and a million phish spam mails were on their way.
Is this an isolated incident, no, it is repeated over and over. Even when the domains get cancelled after a few days, long after the phish run is over, he just re registers the same domains over again:
Having this whois data public, at least shortens some of time that it takes to track these and shut them down. The registrar does not care, no vetting process at all. So it is up to netizens to bang on the door and try and close them.
ICANN has their collecteive heads in the sand. | |
| | | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| Re: Business should be public all others verified Correction, that second graphic listed as the registration for onlinepaypalus.com is incorrect. That pic is his registration of another bogus PayPal phishing domain paypal-contact.com. SInce that is relevant to this story, I will leave it and add the correct pic for the onlinepaypalus.com below:
| |
| | | |
|
