Latest news of the domain name industry

Recent Posts

.berlin CEO prime suspect in ICANN data breach

Kevin Murphy, May 28, 2015, 19:02:01 (UTC), Domain Registries

dotBerlin CEO Dirk Krischenowski is suspected of using a bug in ICANN’s new gTLD portal to access hundreds of confidential documents, some containing sensitive financial planning data, belonging to competing gTLD applicants.

That’s according to ICANN documents sent by a source to DI today.

Krischenowski, who has through his lawyer “denied acting improperly or unlawfully”, seems to be the only person ICANN thinks abused its portal’s misconfigured search feature to deliberately access rivals’ secret data.

ICANN said last night that “over 60 searches, resulting in the unauthorized access of more than 200 records, were conducted using a limited set of user credentials”.

But ICANN, in private letters to victims, has been pinning all 60 searches and all 200 access incidents on Krischenowski’s user credentials.

Some of the incidents of unauthorized access were against applicants Krischenowski-run companies were competing against in new gTLD contention sets.

The search terms used to find the private documents included the name of the rival applicant on more than one occasion.

In more than once instance, the data accessed using his credentials was a confidential portion of a rival application explaining the applicant’s “worst case scenario” financial planning, the ICANN letters show.

I’ve reached out to Krischenowski for comment, but ICANN said in its letters to victims:

[Krischenowski] has responded through legal counsel and has denied acting improperly or unlawfully. The user has stated that he is unable to confirm whether he performed the searches or whether the user’s account was used by unauthorized person(s). The user stated that he did not record any information pertaining to other users and that he has not used and will not use the information for any purpose.

Krischenowski is a long-time proponent of the new gTLD program who founded dotBerlin in 2005, many years before it was possible to apply.

Since .berlin launched last year it has added 151,000 domains to its zone file, making it the seventh-largest new gTLD.

The bug in the ICANN portal was discovered in February.

The results on an audit completed last month showed that over the last two years, 19 users used the glitch to access data belonging to 96 applicants and 21 registry operators.

There were 330 incidents of unauthorized access in total, but ICANN seems to have dismissed the non-“Krischenowski” ones as inadvertent.

An ICANN spokesperson declined to confirm or deny Krischenowski is the prime suspect.

Its investigation continues…

Tagged: , , , , , ,

Comments (7)

  1. Acro says:

    First, we take Manhattan. Then, we take .Berlin.

  2. kd says:

    Did this guy do anything wrong? If there was a bug in the system, that issue lies on ICANN. Unless ICANN put terms in the TLD contracts that says “If we produce a bug in our system, you explicitly will not look at other people’s private data.” A bug in the system sounds to me like this guy did not “hack in”, but ran some searches and got access to interesting data. While most probably won’t admit it, most people that might have noticed this would probably have done the same thing.

    I’m not a lawyer, so I really don’t know what laws would apply. But it sounds like ICANN wants to point the finger instead of take the blame for not protecting applicant’s data properly.

    • Kevin Murphy says:

      To the best of my knowledge, nobody’s claimed anyone has done anything illegal. Nor has the word “hack” been used.

  3. CarlosM says:

    If you leave your home’s door open and someone enters and steals your TV set, it is still a crime.

  4. Richard Funden says:

    Shame, shame, shame!

  5. Dirk Jessel says:

    So is there something new with this issue? Did anyone get additional infos? Will this all be lost in space?

Add Your Comment