One of ICANN’s Seven Secret Key-Holders To The Internet got taken out as part of an elaborate heist or something on American TV this week.
In tense scenes, a couple of secret agents or something with guns were forced to break into one of ICANN’s quarterly root zone key signing ceremonies to prevent a hacker or terrorist or something from something something, something something.
The stand-off came after the secret agents or whatever discovered that a hacker called Mayhew had poisoned a guy named Adler, causing a heart attack, in order to secure his position as a replacement ICANN key-holder and hijack the ceremony.
This all happened on a TV show called Blacklist: Redemption that aired in the US March 16.
I’d be lying if I said I fully understood what was supposed to be going on in the episode, not being a regular viewer of the series, but here’s the exposition from the beginning of the second act.
Botox Boss Lady: Seven keys control the internet? That can’t be possible.
Neck Beard Exposition Guy: They don’t control what’s on it, just how to secure it. All domain names have an assigned number. But who assigns the numbers?
Soap Opera Secret Agent: Key holders?
Neck Beard Exposition Guy: Seven security experts randomly selected by ICANN, the Internet Corporation for Assigned Names and Numbers.
Bored Secret Agent: Max Adler’s wife mentioned a key ceremony.
Neck Beard Exposition Guy: Yeah, four times a year the key holders meet to generate a master key and to assign new numbers, to make life difficult for hackers who want to direct folks to malicious sites or steal their credit card information.
Botox Boss Lady: But by being at the ceremony, Mayhew gets around those precautions?
Neck Beard Exposition Guy: Oh, he does more than that. He can route any domain name to him.
That’s the genuine dialogue. ICANN, jarringly, isn’t fictionalized in the way one might usually expect from US TV drama.
The scene carries on to explain the elaborate security precautions ICANN has put in place around its key-signing ceremonies, including biometrics, smart cards and the like.
The fast-moving show then cuts to the aforementioned heist situation, in which our villain of the week takes an ICANN staffer hostage before using the root’s DNSSEC keys to somehow compromise a government data drop and download a McGuffin.
Earlier this week I begged Matt Larson, ICANN’s VP of research and a regular participant in the ceremonies (which are real) to watch the show and explain to me what bits reflect reality and what was plainly bogus.
“There are some points about it that are quite close to how the how the root KSK administration works,” he said, describing the depiction as “kind of surreal”.
“But then they take it not one but two steps further. The way the ceremony happens is not accurate, the consequences of what happens at the ceremony are not accurate,” he added.
“They talk about how at the ceremony we generate a key, well that’s not true. It’s used for signing a new key. And then they talk about how as a result of the ceremony anyone can intercept any domain name anywhere and of course that’s not true.”
The ceremonies are used to sign the keys that make end-to-end DNSSEC possible. By signing the root, DNSSEC resolvers have a “chain of trust” that goes all the way to the top of the DNS hierarchy.
The root keys just secure the bit between the root at the TLDs. Compromising them would not enable a hacker to immediately start downloading data from the site of his choosing, as depicted in the show. He’d then have to go on to compromise the rest of the chain.
“You’d have to create an entire path of spoofed zones to who you wanted to impersonate,” Larson said. “Your fake root zone would have to delegate to a fake TLD zone to a fake SLD zone and so on so you could finally convince someone they were going to the address that you wanted.”
“If you could somehow compromise the processes at the root, that alone doesn’t give you anything,” he said.
But the show did present a somewhat realistic description of how the ceremony rooms (located in Virginia and California, not Manhattan as seen on TV) are secured.
Among other precautions, the facilities are secured with smart cards and PINs, retina scans for ICANN staff, and have reinforced walls to prevent somebody coming in with a sledgehammer, Larson said.
Blacklist: Redemption airs on Thursday nights on NBC in the US, but I wouldn’t bother if I were you.
The six losing applicants for the .hotel new gTLD are collectively threatening ICANN with a second Independent Review Process action.
Together, they this week filed a Request for Reconsideration with ICANN, challenging its decision earlier this month to allow the Afilias-owned Hotel Top Level Domain Sarl application to go ahead to contracting.
HTLD won a controversial Community Priority Evaluation in 2014, effectively eliminating all rival applicants, but that decision was challenged in an IRP that ICANN ultimately won.
The other applicants think HTLD basically cobbled together a bogus “community” in order to “game” the CPE process and avoid an expensive auction.
Since the IRP decision, the six other applicants — Travel Reservations, Famous Four Media, Radix, Minds + Machines, Donuts and Fegistry — have been arguing that the HTLD application should be thrown out due to the actions of Dirk Krischenowski, a former key executive.
Krischenowski was found by ICANN to have exploited a misconfiguration in its own applicants’ portal to download documents belonging to its competitors that should have been confidential.
But at its August 9 meeting, the ICANN board noted that the timing of the downloads showed that HTLD could not have benefited from the data exposure, and that in any event Krischenowski is no longer involved in the company, and allowed the bid to proceed.
That meant the six other applicants lost the chance to win .hotel at auction and/or make a bunch of cash by losing the auction. They’re not happy about that.
It doesn’t matter that the data breach could not have aided HTLD’s application or its CPE case, they argue, the information revealed could prove a competitive advantage once .hotel goes on sale:
What matters is that the information was accessed with the obvious intent to obtain an unfair advantage over direct competitors. The future registry operator of the .hotel gTLD will compete with other registry operators. In the unlikely event that HTLD were allowed to operate the .hotel gTLD, HTLD would have an unfair advantage over competing registry operators, because of its access to sensitive business information
They also think that HTLD being given .hotel despite having been found “cheating” goes against the spirit of application rules and ICANN’s bylaws.
In that case, the panel suggested that the board should conduct more thorough, meaningful reviews of CPE decisions.
It also found that ICANN staff had been “intimately involved” in the preparation of the Dot Registry CPE decision (though not, it should be noted, in the actual scoring) as drafted by the Economist Intelligence Unit.
The .hotel applicants argue that this decision is incompatible with their own IRP, which they lost in February, where the judges found a greater degree of separation between ICANN and the EIU.
Their own IRP panel was given “incomplete and misleading information” about how closely ICANN and the EIU work together, they argue, bringing the decision into doubt.
The RfR strongly hints that another IRP could be in the offing if ICANN fails to cancel HTLD application.
The applicants also want a hearing so they can argue their case in person, and a “substantive review” of the .hotel CPE.
The HTLD application for .hotel is currently “On Hold” while ICANN sorts through the mess.
Afilias is back on the path to becoming the registry for .hotel, after ICANN decided claims of hacking by a former employee of the applicant did not warrant a rejection.
The ICANN board of directors decided last week that HOTEL Top-Level Domain Sarl, which was recently taken over by Afilias, did not gain any benefit when employee Dirk Krischenowski accessed competing applicants’ confidential documents via an ICANN web site.
Because HTLD had won a Community Priority Evaluation, it should now proceed to contracting, barring any further action from the other six applicants.
ICANN’s board said in its August 9 decision:
ICANN has not uncovered any evidence that: (i) the information Mr. Krischenowski may have obtained as a result of the portal issue was used to support HTLD’s application for .HOTEL; or (ii) any information obtained by Mr. Krischenowski enabled HTLD’s application to prevail in CPE.
It authorized ICANN staff to carry on processing the HTLD application.
The other applicants — Travel Reservations, Famous Four Media, Radix, Minds + Machines, Donuts and Fegistry — had called on ICANN in April to throw out the application, saying that to decline to do so would amount to “acquiescence in criminal acts”.
That’s because an ICANN investigation had discovered that Dirk Krischenowski, who ran a company with an almost 50% stake in HTLD, had downloaded hundreds of confidential documents belonging to competitors.
He did so via ICANN’s new gTLD applicants’ portal, which had been misconfigured to enable anyone to view any attachment from any application.
Krischenowski has consistently denied any wrongdoing, telling DI a few months ago that he simply used the tool that ICANN made available with the understanding that it was working as intended.
ICANN has now decided that because the unauthorized access incidents took place after HTLD had already submitted its CPE application, it could not have gained any benefit from whatever data Krischenowski managed to pull.
The board reasoned:
his searches relating to the .HOTEL Claimants did not occur until 27 March, 29 March and 11 April 2014. Therefore, even assuming that Mr. Krischenowski did obtain confidential information belonging to the .HOTEL Claimants, this would not have had any impact on the CPE process for HTLD’s .HOTEL application. Specifically, whether HTLD’s application met the CPE criteria was based upon the application as submitted in May 2012, or when the last documents amending the application were uploaded by HTLD on 30 August 2013 – all of which occurred before Mr. Krischenowski or his associates accessed any confidential information, which occurred from March 2014 through October 2014. In addition, there is no evidence, or claim by the .HOTEL Claimants, that the CPE Panel had any interaction at all with Mr. Krischenowski or HTLD during the CPE process, which began on 19 February 2014.
The HTLD/Afilias .hotel application is currently still listed on ICANN’s web site as “On Hold” while its rivals are still classified as “Will Not Proceed”.
It might be worth noting here — to people who say ICANN always tries to force contention sets to auction so it possibly makes a bit of cash — that this is an instance of it not doing so.
Afilias has sought to distance itself from DotBerlin CEO Dirk Krischenowski, due to ongoing claims that he improperly accessed secret data on rival .hotel applicants.
The company revealed in a recent letter to ICANN that it has bought out Krischenowski’s 48.8% stake in successful .hotel applicant Hotel Top Level Domain Sarl and that Afilias will become the sole shareholder of HTLD.
The move is linked to claims that Krischenowski exploited a glitch in ICANN’s new gTLD applicants’ portal to access confidential financial and technical information belonging to rival .hotel applicants.
These competing applicants have ganged up to demand that HTLD should lose its rights to .hotel, which it obtained by winning a controversial Community Priority Evaluation.
Afilias chairman Philipp Grabensee, now “sole managing director” of HTLD, wrote ICANN last month (pdf) to explain the nature of the HTLD’s relationship with Krischenowski and deny that HTLD had benefited from the alleged data compromise.
He said that, at the time of the incidents, Krischenowski was the 50% owner and managing director of a German company that in turn was a 48.8% owner of HTLD. He was also an HTLD consultant, though Grabensee played down that role.
He was responding to a March ICANN letter (pdf) which claimed that Krischenowski’s portal credentials were used at least eight times to access confidential data on .hotel bids. It said:
It appears that Mr Krischenowski accessed and downloaded, at minimum, the financial projections for Despegar’s applications for .HOTEL, .HOTEIS and .HOTELES, and the technical overview for Despegar’s applications for .HOTEIS and .HOTEL. Mr Krischenowski appears to have specifically searched for terms and question types related to financial or technical portions of the application.
Krischenowski has denied any wrongdoing and told DI last month that he simply used the portal assuming it was functioning as intended.
Grabensee said in his letter that any data Krischenowski may have obtained was not given to HTLD, and that his alleged actions were not done with HTLD’s knowledge or consent.
He added that obtaining the data would not have helped HTLD’s application anyway, given that the incident took place after HTLD had already submitted its application. HTLD did not substantially alter its application after the incident, he said.
HTLD’s rival .hotel applicants do not seem to have alleged that HTLD won the contention set due to the confidential data.
Rather, they’ve said via their lawyer that HTLD should be disqualified on the grounds that new gTLD program rules disqualify people who have been convicted of computer crime.
Even that’s a bit tenuous, however, given that Krischenowski has not been convicted of, or even charged with, a computer crime.
The other .hotel applicants are Travel Reservations, Famous Four Media, Radix, Minds + Machines, Donuts and Fegistry.
ICANN is now pressing HTLD for more specific information about Krischenowski’s relationship with HTLD at specific times over the last few years, in a letter (pdf) published last night, so it appears that its overdue investigation is not yet complete.
A group of would-be .hotel gTLD registries have called on ICANN to reject the winning applicant’s bid or be complicit in “criminal acts”.
The group, which includes Travel Reservations, Famous Four Media, Radix, Minds + Machines, Donuts and Fegistry is threatening to file a second Independent Review Process complaint unless ICANN complies with its demands.
Six applicants, represented by Flip Petillion of Crowell & Moring, claim that Hotel Top Level Domain Sarl should forfeit its application because one of its representatives gained unauthorized access to their trade secrets.
That’s a reference to a story we covered extensively last year, where an ICANN audit found that DotBerlin CEO Dirk Krischenowski, or at least somebody using his credentials, had accessed hundreds of supposedly confidential gTLD application documents on ICANN’s web site.
Krischenowski, who has denied any wrongdoing, is also involved with HTLD, though in what capacity appears to be a matter of dispute between ICANN and the rival .hotel applicants.
In a month-old letter (pdf) to ICANN, only published at the weekend, Petillion doesn’t pull many punches.
The letter alleges:
Allowing HTLD’s application to proceed would go agaist everthing that ICANN stands for. It would amount to an acquiescence in criminal acts that were committed with the obvious intent to obtain an unfair advantage over direct competitors.
ICANN caught a representative of HTLD stealing trade secrets of competing applicants via the use of computers and the internet. The situation is even more critical as the crime was committed with the obvious intent of obtaining sensitive business information concerning a competing applicant.
It points out that ICANN’s Applicant Guidebook disqualifies people from applying for a new gTLD if they’ve been convicted of a computer crime.
To the best of my knowledge Krischenowski has not been convicted of, or even charged with, any computer crime.
What ICANN says he did was use its new gTLD applicants’ customer service portal to search for documents which, due to a dumb misconfiguration by ICANN, were visible to users other than their owners.
Krischenowski told DI in an emailed statement today:
According to ICANN, the failure in ICANN’s CSC and GDD portals was the result of a misconfiguration by ICANN of the software used (as mentioned at https://www.icann.org/news/announcement-2-2015-11-19-en). As a user, I relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.
HTLD’s application for .hotel is currently “On Hold”, though it is technically the winner of the seven-application contention set.
It prevailed after winning a controversial Community Priority Evaluation in 2014, which was then challenged in an Independent Review Process case by the applicants Petillion represents.
They lost the IRP, but the IRP panelists said that ICANN’s failure to be transparent about its investigation into Krischenowski could amount to a breach of its bylaws.
In its February ruling, the IRP panel wrote:
It is not clear if ICANN has properly investigated the allegation of association between HTLD and D. Krischenowski and, if it has, what conclusions it has reached. Openness and transparency, in the light of such serious allegations, require that it should, and that it should make public the fact of the investigation and the result thereof.
The ruling seems to envisage the possibility of a follow-up IRP.
ICANN had told the panel that its investigation was not complete, so its failure to act to date could not be considered inaction.
The ICANN board resolved in March, two days after Petillion’s letter was sent, to “complete the investigation” and “provide a report to the Board for consideration”.
While the complaining applicants want information about this investigation, their clear preference appears to be that the HTLD application be thrown out.