The FBI and UK Serious Organised Crime Agency have seized 36 domain names that were allegedly being used to sell compromised credit card information.
As well as seizing the domains and a number of computers, SOCA said it has arrested two men “suspected of making large scale purchases of compromised data” from the sites.
The sites all used what SOCA calls “automated vending cart” software to process the sale of credit card information. Judging by the video below, some of the operations were fairly professional.
One of the seized domains was cvvplaza.com. SOCA provided the following video which really has to be seen to be believed.
I wonder if the spokesmodel had any idea what she was getting into when she accepted this gig.
While the full list of domains was not released, a SOCA spokesperson said the breakdown by TLD was as follows:
.name – 2
.net – 11
.biz – 4
.us – 5
.com – 11
.org – 3
These are all TLDs whose registries are based in the United States, so I’m guessing the US authorities did the actual seizing.
Never one to miss the chance for a bit of trouble-making, the Association of National Advertisers has demanded a full independent probe into ICANN’s TLD Application System bug.
Writing to ICANN today, ANA president Bob Liodice has pointed to the TAS outage – now in its 13th day – as an example of why the new gTLD program needs to be scaled back.
“Doesn’t this situation demonstrate the need for a pilot project/test roll-out of the new Top Level Domain process to resolve any such problems before a major roll-out?” he asks.
In a press release, he added:
We are urgently requesting that the Department of Commerce and its National Telecommunications and Information Administration (NTIA) exercise their oversight of ICANN and encourage ICANN to engage an independent IT expert to fully investigate this serious and inadequately explained vulnerability.
The ANA has of course been the loudest objector to the program, forming the Coalition For Responsible Internet Domain Oversight last year to lobby against the gTLD expansion.
Liodice’s latest letter puts 10 questions to ICANN, several quite sensible and precisely the kinds of things I plan to ask just as soon as ICANN changes its mind about doing media interviews.
But it also asks for the release of information ICANN has already provided or has said it intends to provide, such as the number of affected TAS users or the date of the first reported incident.
The ANA also does not appear to be aware that the ICANN board new gTLD subcommittee recently passed a resolution calling for more work on the defensive registration problem.
Liodice notes that ICANN has not responded to its demands for a “Do Not Sell” list that would enable brand owners to block others from registering their trademarks in the DNS.
You can read the letter in PDF format here.
ICANN currently plans to provide its next big update on the TAS outage before the end of Friday.
ICANN chief security officer Jeff Moss has pledged to fully disclose what new gTLD application data was leaked to which users via the TLD Application System security bug.
Talking to ICANN media chief Brad White in a video interview, Moss said:
We’re putting everyone on notice: we know what file names and user names were displayed to what people who were logged in and when. We want to do this very publicly because we want to prevent any monkey business. We are able to reconstruct what file names and user names were displayed.
ICANN has been going through its logs and will know “very specifically” what data was visible to which TAS users, he said.
The bug, he confirmed, was related to file deletions:
Under certain circumstances that were hard to replicate users that had previously deleted files could end up seeing file names of users that had uploaded a file… Certain data was being revealed to users that were not seeking data, it was just showing up on their screen.
The actual contents of the files uploaded to TAS were not visible to unauthorized users, he confirmed. There are also no reasons to believe any outside attacks occurred, he said.
He refused to reveal how many applicants were affected by the vulnerability, saying that ICANN has to first double-check its data in order to verify the full extent of the problem.
The interview reveals that the bug could manifest itself in a number of different ways. Moss said:
The problem has several ways it can express itself… we would solve it one way and it would appear another way, we would solve it another way and it would appear a third way. At some point we were just uncomfortable that we understood the core issue and that’s when we took the system offline.
TAS was taken down April 12, just 12 hours before the new gTLD application window closed.
ICANN has been providing daily updates ever since, and has promised to reveal tonight when TAS will reopen for business, for how long, and whether April 30 Big Reveal day has been postponed.
Applicants first reported the bug March 19, but ICANN did not realize the extent of the problem until later, Moss said.
In hindsight now we realized the 19th was the first expression of this problem, but at the time the information displayed made no sense to the applicant, it was just random numbers… at that point there were no dots to connect.
Here’s the video:
ICANN’s key contract with the US government is open for proposals again, a month after ICANN was told its first bid wasn’t up to the expected standards.
The US National Telecommunications and Information Administration yesterday posted a revised request for proposals, looking for a new IANA contractor.
The IANA contract is what gives ICANN its operational powers over the domain name system root database.
Based on a quick comparison of the new RFP with the old, there have been few notable, substantial changes, giving little indication of why ICANN’s previous response fell short.
The RFP has a strong emphasis on accountability, transparency, separation of ICANN/IANA powers, conflicts of interest and the “global public interest”, as before.
While many of the requirements have been edited, clarified or shifted around, I haven’t been able to spot any major additions or subtractions.
The RFP now envisages a contract running from October 1, 2012 until September 30, 2015, with two two-year renewal options, bringing the expiry date to September 30, 2019.
The deadline for responses is May 31.
The current contract had been due to expire at the end of March but the NTIA unexpected extended it by six months just before ICANN’s meeting in Costa Rica kicked off last month.
The NTIA said it canceled the first RFP “because we received no proposals that met the requirements” but neither it nor ICANN has yet provided any specifics.
Over a month ago, at an ICANN press conference in Costa Rica, CEO Rod Beckstrom said: “We were invited to have a debriefing with [the NTIA] to learn more about this. Following that discussion we will share any information we are allowed to share.”
Since then, no additional information has been forthcoming.
ICANN’s board of directors wants more policy work done on the problem of defensive domain name registrations.
directs staff to provide a briefing paper on the topic of defensive registrations at the second level and requests the GNSO to consider whether additional work on defensive registrations at the second level should be undertaken
That in turn followed the two Congressional hearings in December, lobbied for and won by the Association of National Advertisers and its Coalition for Responsible Internet Domain Oversight.
So this week’s decision is a pretty big win for the intellectual property lobby. It’s managed to keep the issue of stronger second-level trademark protection in new gTLDs alive despite ICANN essentially putting it to bed when it approved the new gTLD program last June.
The GNSO could of course decide that no further work needs to be done, so the champagne corks should probably stay in place for the time being.
At the same meeting on Tuesday, the ICANN board committee voted to disregard the GNSO Council’s recent decision to grand extra protections to the International Olympic Committee, Red Cross and Red Crescent movements. The rationale for this decision has not yet been published.