No objections from my side to add some more folks Justine. Another option is, if after the demo you think this is something for a larger ALAC setting then it is no problem to setup a demo for a broader ALAC audience. Best, Theo On Tue, Apr 18, 2023, at 10:13 AM, Justine Chew wrote:
Hi Theo,
Thanks for sharing here and on the last small team call.
I (too) am very keen to take you up on your offer of a demonstration made during the call (even though I didn't verbalize my interest then). In fact I would like to ask a select handful of my ALAC/At-Large colleagues to attend the call as observers when you present your demonstration, and hope there will be no objections to this request from the small team.
Kind regards, Justine **
On Tue, 18 Apr 2023 at 17:35, Theo Geurts <gnso@dcx.nl> wrote:
__ Hi all,
As mentioned on the call, an outline of a registrar who tried to fix the issue of malicious bulk registrations at somewhat the back of the process rather than in the front.
Again, most bulk registrations are legit; a small percentage turns malicious/criminal and is usually expensive for registrars and resellers. Good KYC controls, and more are vital in combatting such criminals.
The registrar got hit earlier this year with 1000 domain name registrations from a registrant whose country code was from Thailand. So the registrar blocked the country code and registrants who used the country code from Thailand could no longer register domain names.
So the criminals started to switch to other countries. Long story short, the registrar started to block almost all country codes.
So the criminals now only use country codes from the EU. Then the registrar started to use limits. New registrants could only register up to 100 domain names each day. Later that limit got set to 10, and a few weeks later, the limit became 1.
The criminals started to create new accounts in bulk. They registered one domain name per account and used unique data for each account. Detection became much more complicated.
At some point, the criminals became aware that established accounts of existing customers had no limits. So they started to hack into those accounts, and the registrar was back to square one. Hacking into those accounts is relatively easy. The dark web contains many combo lists with millions of records of people, including passwords, which usually still works. Most of the combo lists are free to download.
In summary, the registrar lost around 300.000$ in registrations. The dissatisfaction of new and current customers was significant, and the registrar lost a good chunk of business.
The lesson here is that you need to invest in anti-fraud controls if you want legit registrations in bulk or not. Utilize the info from a payment provider; https://docs.adyen.com/risk-management Block unwanted traffic https://www.blocked.com/; it's inexpensive and can be easily integrated into an account sign-up form.
Do we want to codify this into policy? Cybercrime is a moving target, and you must constantly deploy new solutions. https://www.theguardian.com/technology/2023/apr/05/international-sting-takes... Stolen identities gained more traction over the last 12 months and are pretty hard to detect.
Best, Theo _______________________________________________ gnso-dnsabuse-smallteam mailing list gnso-dnsabuse-smallteam@icann.org https://mm.icann.org/mailman/listinfo/gnso-dnsabuse-smallteam
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.