Latest news of the domain name industry

Recent Posts

Afilias takes over .hotel, sidelines Krischenowski over hacking claims

Afilias has sought to distance itself from DotBerlin CEO Dirk Krischenowski, due to ongoing claims that he improperly accessed secret data on rival .hotel applicants.

The company revealed in a recent letter to ICANN that it has bought out Krischenowski’s 48.8% stake in successful .hotel applicant Hotel Top Level Domain Sarl and that Afilias will become the sole shareholder of HTLD.

The move is linked to claims that Krischenowski exploited a glitch in ICANN’s new gTLD applicants’ portal to access confidential financial and technical information belonging to rival .hotel applicants.

These competing applicants have ganged up to demand that HTLD should lose its rights to .hotel, which it obtained by winning a controversial Community Priority Evaluation.

Afilias chairman Philipp Grabensee, now “sole managing director” of HTLD, wrote ICANN last month (pdf) to explain the nature of the HTLD’s relationship with Krischenowski and deny that HTLD had benefited from the alleged data compromise.

He said that, at the time of the incidents, Krischenowski was the 50% owner and managing director of a German company that in turn was a 48.8% owner of HTLD. He was also an HTLD consultant, though Grabensee played down that role.

He was responding to a March ICANN letter (pdf) which claimed that Krischenowski’s portal credentials were used at least eight times to access confidential data on .hotel bids. It said:

It appears that Mr Krischenowski accessed and downloaded, at minimum, the financial projections for Despegar’s applications for .HOTEL, .HOTEIS and .HOTELES, and the technical overview for Despegar’s applications for .HOTEIS and .HOTEL. Mr Krischenowski appears to have specifically searched for terms and question types related to financial or technical portions of the application.

Krischenowski has denied any wrongdoing and told DI last month that he simply used the portal assuming it was functioning as intended.

Grabensee said in his letter that any data Krischenowski may have obtained was not given to HTLD, and that his alleged actions were not done with HTLD’s knowledge or consent.

He added that obtaining the data would not have helped HTLD’s application anyway, given that the incident took place after HTLD had already submitted its application. HTLD did not substantially alter its application after the incident, he said.

HTLD’s rival .hotel applicants do not seem to have alleged that HTLD won the contention set due to the confidential data.

Rather, they’ve said via their lawyer that HTLD should be disqualified on the grounds that new gTLD program rules disqualify people who have been convicted of computer crime.

Even that’s a bit tenuous, however, given that Krischenowski has not been convicted of, or even charged with, a computer crime.

The other .hotel applicants are Travel Reservations, Famous Four Media, Radix, Minds + Machines, Donuts and Fegistry.

ICANN is now pressing HTLD for more specific information about Krischenowski’s relationship with HTLD at specific times over the last few years, in a letter (pdf) published last night, so it appears that its overdue investigation is not yet complete.

.hotel fight gets nasty with “criminal” hacking claims

Kevin Murphy, April 19, 2016, Domain Registries

A group of would-be .hotel gTLD registries have called on ICANN to reject the winning applicant’s bid or be complicit in “criminal acts”.

The group, which includes Travel Reservations, Famous Four Media, Radix, Minds + Machines, Donuts and Fegistry is threatening to file a second Independent Review Process complaint unless ICANN complies with its demands.

Six applicants, represented by Flip Petillion of Crowell & Moring, claim that Hotel Top Level Domain Sarl should forfeit its application because one of its representatives gained unauthorized access to their trade secrets.

That’s a reference to a story we covered extensively last year, where an ICANN audit found that DotBerlin CEO Dirk Krischenowski, or at least somebody using his credentials, had accessed hundreds of supposedly confidential gTLD application documents on ICANN’s web site.

Krischenowski, who has denied any wrongdoing, is also involved with HTLD, though in what capacity appears to be a matter of dispute between ICANN and the rival .hotel applicants.

In a month-old letter (pdf) to ICANN, only published at the weekend, Petillion doesn’t pull many punches.

The letter alleges:

Allowing HTLD’s application to proceed would go agaist everthing that ICANN stands for. It would amount to an acquiescence in criminal acts that were committed with the obvious intent to obtain an unfair advantage over direct competitors.

ICANN caught a representative of HTLD stealing trade secrets of competing applicants via the use of computers and the internet. The situation is even more critical as the crime was committed with the obvious intent of obtaining sensitive business information concerning a competing applicant.

It points out that ICANN’s Applicant Guidebook disqualifies people from applying for a new gTLD if they’ve been convicted of a computer crime.

To the best of my knowledge Krischenowski has not been convicted of, or even charged with, any computer crime.

What ICANN says he did was use its new gTLD applicants’ customer service portal to search for documents which, due to a dumb misconfiguration by ICANN, were visible to users other than their owners.

Krischenowski told DI in an emailed statement today:

According to ICANN, the failure in ICANN’s CSC and GDD portals was the result of a misconfiguration by ICANN of the software used (as mentioned at https://www.icann.org/news/announcement-2-2015-11-19-en). As a user, I relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.

HTLD’s application for .hotel is currently “On Hold”, though it is technically the winner of the seven-application contention set.

It prevailed after winning a controversial Community Priority Evaluation in 2014, which was then challenged in an Independent Review Process case by the applicants Petillion represents.

They lost the IRP, but the IRP panelists said that ICANN’s failure to be transparent about its investigation into Krischenowski could amount to a breach of its bylaws.

In its February ruling, the IRP panel wrote:

It is not clear if ICANN has properly investigated the allegation of association between HTLD and D. Krischenowski and, if it has, what conclusions it has reached. Openness and transparency, in the light of such serious allegations, require that it should, and that it should make public the fact of the investigation and the result thereof.

The ruling seems to envisage the possibility of a follow-up IRP.

ICANN had told the panel that its investigation was not complete, so its failure to act to date could not be considered inaction.

The ICANN board resolved in March, two days after Petillion’s letter was sent, to “complete the investigation” and “provide a report to the Board for consideration”.

While the complaining applicants want information about this investigation, their clear preference appears to be that the HTLD application be thrown out.

ICANN reveals 12 more data breaches

Kevin Murphy, November 20, 2015, Domain Registries

Twelve more new gTLD applicants have been found to have exploited a glitch in ICANN’s new gTLD portal to view fellow applicants’ data.

ICANN said last night that it has determined that all 12 access incidents were “inadvertent” and did not disclose personally identifiable information.

The revelation follows an investigation that started in April this year.

ICANN said in a statement:

in addition to the previous disclosures, 12 user credentials were used to access contact information from eight registry operators. Based on the information collected during the investigation it appears that contact information for registry operators was accessed inadvertently. ICANN also concluded that the exposed registry contact information does not appear to contain sensitive personally identifiable information. Each of the affected parties has been notified of the data exposure.

The glitch in question was a misconfiguration of a portal used by gTLD applicants to file and view their documents.

It was possible to use the portal’s search function to view attachments belonging to other applicants, including competing applicants for the same string.

Donuts said in June that the prices it was willing to pay at auction for gTLD string could have been inferred from the compromised data.

ICANN told compromised users in May that the only incidents of non-accidental data access could be traced to the account of Dirk Krischenowski, CEO of dotBerlin.

Krischenowski has denied any wrongdoing.

ICANN said last night that its investigation is now over.

Donuts: glitch revealed price we would pay for gTLDs

The recently discovered security vulnerability in one of ICANN’s web sites revealed how much Donuts was willing to pay for contested gTLDs at auction.

This worrying claim emerged during a meeting between registries and the ICANN board of directors at ICANN 53 in Buenos Aires yesterday.

“We were probably the largest victim of the data breach,” Donuts veep Jon Nevett told the board. “We had our financial data reviewed numerous times, dozens of times. We had our relative net worth of our TLDs reviewed, so it was very damaging information.”

He was referring to the misconfiguration in the new gTLD applicants’ portal, which allowed any user to view confidential application attachments belonging to any applicant.

ICANN discovered the problem in February, two years after the portal launched. The results of a security audit were revealed in late April.

But it was not until late May that it emerged that only one person, dotBerlin CEO Dirk Krischenowski, was suspected by ICANN of having deliberately viewed data belonging to others.

Nevett said communication should have been faster.

“We were in the dark for a number of weeks about who saw the data,” he told the board. “That was troubling, as we were going to auctions in that interim period as well.”

Donuts, which applied for over 300 new gTLDs, is known to have taken a strictly numbers-driven approach to string selection and auction strategy.

If a rival in a contention set had known how much Donuts was prepared to pay for a string, it would have had a significant advantage in an auction.

In response to Nevett’s concerns, ICANN CEO Fadi Chehade said that ICANN had to do a thorough investigation before it could be sure who saw what when.

.berlin zone drops off a cliff

The number of domains in the .berlin zone file appears to have stabilized after falling off a cliff late last week.

The new gTLD, which was an early leader in the space, peaked at 151,295 names on June 10.

It was down by 68,841 to 82,481 domains on June 12 and has been relatively flat, down by just a dozen or so domains per day, ever since.

A possible explanation for the decrease is the expiration of domains that were given away for free a year ago, but the dates don’t quite tally.

On June 16 2014, the zone file rocketed by over 67,000 names, most of which were registered via InternetX.

The promotion was yanked just a few days later, with the dotBerlin registry citing unexpectedly high demand.

One of dotBerlin’s registration policies requires .berlin names to be “put to use” within 12 months of registration, in such a way that demonstrates the nexus with the Berlin community.

Given that most of the free domains were registered by a handful of speculators, it seems unlikely that there’s been a whole lot of development of those names.

.berlin CEO prime suspect in ICANN data breach

dotBerlin CEO Dirk Krischenowski is suspected of using a bug in ICANN’s new gTLD portal to access hundreds of confidential documents, some containing sensitive financial planning data, belonging to competing gTLD applicants.

That’s according to ICANN documents sent by a source to DI today.

Krischenowski, who has through his lawyer “denied acting improperly or unlawfully”, seems to be the only person ICANN thinks abused its portal’s misconfigured search feature to deliberately access rivals’ secret data.

ICANN said last night that “over 60 searches, resulting in the unauthorized access of more than 200 records, were conducted using a limited set of user credentials”.

But ICANN, in private letters to victims, has been pinning all 60 searches and all 200 access incidents on Krischenowski’s user credentials.

Some of the incidents of unauthorized access were against applicants Krischenowski-run companies were competing against in new gTLD contention sets.

The search terms used to find the private documents included the name of the rival applicant on more than one occasion.

In more than once instance, the data accessed using his credentials was a confidential portion of a rival application explaining the applicant’s “worst case scenario” financial planning, the ICANN letters show.

I’ve reached out to Krischenowski for comment, but ICANN said in its letters to victims:

[Krischenowski] has responded through legal counsel and has denied acting improperly or unlawfully. The user has stated that he is unable to confirm whether he performed the searches or whether the user’s account was used by unauthorized person(s). The user stated that he did not record any information pertaining to other users and that he has not used and will not use the information for any purpose.

Krischenowski is a long-time proponent of the new gTLD program who founded dotBerlin in 2005, many years before it was possible to apply.

Since .berlin launched last year it has added 151,000 domains to its zone file, making it the seventh-largest new gTLD.

The bug in the ICANN portal was discovered in February.

The results on an audit completed last month showed that over the last two years, 19 users used the glitch to access data belonging to 96 applicants and 21 registry operators.

There were 330 incidents of unauthorized access in total, but ICANN seems to have dismissed the non-“Krischenowski” ones as inadvertent.

An ICANN spokesperson declined to confirm or deny Krischenowski is the prime suspect.

Its investigation continues…

dotBERLIN pulls plug on free domain giveaway

The .berlin registry has apparently halted the promotion that has given away tens of thousands of free domain names, citing unexpectedly high demand.

According to 101domain, a registrar that started giving away .berlin domains for free yesterday:

As of 1pm PST today, June 18th, the free .BERLIN promotion will unfortunately come to an end.

According to the dotBERLIN registry, demand was exceedingly above their anticipated volumes, so they have decided to pull the plug early.

The promotion, which led to domainers registered tens of thousands of names, was due to end on Friday.

Why has dotBERLIN pulled the plug? I have to wonder whether it is related to the company’s own registration policies, which are not particularly domainer-friendly.

The .berlin TLD started today at 121,193 names, according to its zone file, up 5,227 on the day.

Over 70,000 of those names were registered in the last two days, and most of those are believed to be freebies handed out by InternetX and, as of yesterday, 101domain.

As we reported yesterday, one domainer, DomainProfi, is responsible for over 23,000 of these registrations.

Another massive registrant, as DNW reported today, is Sedo-affiliated DomCollect, part of the same group (United Internet) as InternetX. It has over 30,000 .berlin names.

It’s difficult to see any of these names being developed or used in any meaningful way — they seem to be currently parked — yet the dotBERLIN registration policy may require it.

The English translation of the policy (pdf) states:

5.2. Conditions for the content and use of domain names

As the gTLD .BERLIN is a so-called “community based” gTLD, where the registration of domain names is subject to restrictions, a domain name must be put into use within 12 months of registration.

If the registrant sets up a web site which can be reached via the registered domain name, the content of this site must have be directly related to the authorisation to register

The first part of that seems simple: you have to “use” the domain within a year or risk losing it.

The “authorisation to register” appears to be the registrant’s self-declared “economic, cultural, historical, social or other connection to the German capital, Berlin”.

I interpret the two paragraphs together to read: “You must use the name in a manner that reflects your connection to Berlin”.

Does this mean parking is prohibited? There’s nothing explicit banning it, but I’d say it’s definitely a grey area. It seems to be down to the decision of the registry.

I asked dotBERLIN for clarification this morning but have not yet received one.

For the registrants, there seems to be little risk, however. They haven’t paid for their names and probably don’t intend to renew any that they can’t sell before renewal time.

.berlin rockets to 116k on free domain offer

A promotion from dotBERLIN saw .berlin more than double its registration count yesterday, as speculators (apparently) swooped to claim over 61,000 free domain names.

The new gTLD ended the day with 115,966 domains in its zone, up 67,347 or 138% on the day.

That makes it the number two new gTLD again, snipping at the heels of .xyz, which has 144,474 names.

But, like .xyz, the numbers are not an accurate reflection of demand.

Giving away free domains seems to be the way to go if you want to quickly rack up your registration count with scant regard for actual end user purchases or renewal rates.

dotBERLIN said yesterday that it was celebrating 50,000 registrations with a five-day offer seeing registrars sell the names for no more than €5.55 ($7.53).

But some registrars are actually offering them for free.

InternetX is one such registrar, and it appears to have taken the vast, vast majority of all the new .berlin registrations yesterday.

Digging into name server records, it appears that at least 61,000 names were registered via InternetX-owned registrars. Of those, over 23,000 appear to have been registered to a single domainer.

InternetX, to the best of my knowledge, wasn’t forcing the domains on its customers, which is what Network Solutions did with .xyz.

According to its web site, the offer was limited to 50 domains per customer, though there appears to be an option to purchase obtain more.

The domainer with the cache of 23,000 names appears to be an InternetX reseller.

The numbers are big, and they may well convert into revenue-generating renewals for dotBERLIN, but right now I don’t think they’re especially reflective of demand among end user registrants.

Full TMCH database published by registry?

Kevin Murphy, March 17, 2014, Domain Policy

DotBerlin seems to have published the full list of trademarks and other strings protected by the Trademark Clearinghouse.

The list, published openly on nic.berlin as the .berlin new gTLD went through its sunrise period, contains 49,989 .berlin domain names that the registry says are protected.

Neither the TMCH nor DotBerlin have yet responded to a request for comment, so I can’t be 100% certain it’s the TMCH list, but it certainly appears to be. You can judge for yourself here (pdf).

UPDATE: DotBerlin told DI that it is “not the full list but part of a registry-reserved names list” that was published “accidentally” and has now been removed from its web site.

The DotBerlin web site calls the list “MarkenSchutzEngel-Domains” which I believe translates to something like “Trademark Guardian Angel Domains”.

While the TMCH says it has 26,802 listed marks, the document published by DotBerlin seems to also include thousands of strings that are protected under the “Trademark +50” rule.

That allows companies that have won UDRP complaints to have those domains’ second-level strings added to their TMCH records. I see plenty of UDRP’d domains on this list.

The list also seems to include hundreds, possibly thousands, of variant strings that put hyphens between different words. For example, Santander appears to have registered:

a-bank-for-your-ideas
a-bank-for-yourideas
a-bank-foryour-ideas
a-bank-foryourideas
a-bankfor-your-ideas
a-bankfor-yourideas
a-bankforyour-ideas
a-bankforyourideas

I spotted dozens of examples of this, which is permitted under ICANN’s TMCH rules.

There are 2,462 internationalized domain names on the list.

I gather that the full TMCH list today is over 50,000 strings, a little larger than the DotBerlin document.

I took the liberty of comparing the list to a dictionary of 110,000 English words and found 1,941 matches. Strings such as “fish”, “vision”, “open”, “jump” and “mothers” are all protected.

A listing in the TMCH means you get the right to buy a domain matching your mark during new gTLD sunrise periods. Anyone else trying to register a matching name will also generate a Trademark Claims notice.

According to some registries I’ve spoken to today, the TMCH forbids the publication of the full database under the contract that all new gTLD registries must sign.

I’ve no idea whether the publication of a list of .berlin names means that DotBerlin broke its contract.

While the TMCH rules were being developed, trademark owners were adamant that the full database should not be published and should not be easily reverse engineered.

They were worried that to publish the list would reveal their trademark enforcement strategies, which may leave them open to abuse.

(Hat tip to Bart Mortelmans of bNamed.net for the link.)

Four more new gTLD contracts signed, including .email

Kevin Murphy, November 1, 2013, Domain Registries

Four new gTLD registries signed their contracts with ICANN yesterday.

Donuts added Registry Agreements for .email and .codes to its portfolio, bringing its total up to 43.

CORE Association signed for بازار., which means “bazaar”. It’s CORE’s third and final RA as an applicant and its only Arabic application. It’s already live with two Cyrillic strings.

Finally, DotBerlin signed its contract for the city TLD .berlin, apparently confirming the rumor that the one it signed on stage alongside .wien at the newdomains.org conference earlier this week was in fact a prop.

According to the DI PRO database, ICANN now has contracts with 80 new gTLDs and 18 legacy gTLDs.

  • Page 1 of 2
  • 1
  • 2
  • >