KSRegistry takes over .gd but questions remain about two other hijacked ccTLDs

KSRegistry has been appointed the new registry operator for Grenada’s ccTLD after bad management at the previous operator led to the whole TLD being hijacked.

But the fate of two other hijacked ccTLDs — .tc and .vg — appears to be less certain, with significant confusion over who’s in charge at both.

One of them, at least, may still be “hijacked”.

But KSRegistry, part of the KeyDrive group, said today that it took over the technical management of .gd from AdamsNames (Amaryllis Investments Ltd) on May 1.

While a press release describes the change as a “redelegation” by ICANN’s IANA function, in fact it’s just a change of technical contact in the IANA database.

Grenada’s National Telecommunications Regulatory Commission remains the official, delegated manager of the TLD.

The hasty switch-over follows the alleged wholesale hijacking of the ccTLD by a disgruntled former employee of AdamsNames, who temporarily relocated it from the UK to Turkey.

The TLD, along with .tc and .vg, went AWOL in March after one Ertan Ulutas apparently took over the domain AdamsNames.net, the web site which was used by registrants to manage their names.

For a couple of weeks the site remained in the hands of the alleged hijacker, and all the while the AdamsNames.net site presented itself as the official registry manager.

KSRegistry was at the time the appointed back-end provider, appointed last year, for AdamsNames.

Due to the period of confusion, KSRegistry said today that the integrity of registration data in .gd may have been compromised, and that the zone will be “frozen” until May 21.

KSRegistry said in a statement:

While the .GD zone is frozen, no registrations, modifications, transfers, deletions or renewals can be made until the zone file has been fully reviewed and confirmed as valid and complete. Expired domains which are still in the zone can explicit be set to be either deleted or renewed prior to the reactivation of automated domain deletion function on May 21. Contact and nameserver updates can be done by each registrar for the domain names in its portfolio once the ServerUpdateProhibited status is removed. The NTRC and the KSregistry GmbH intend to resolve the discrepancies in the registration data with the .GD accredited registrars until May 21, 2013.

Getting rid of AdamsNames seems like a smart move by Grenada.

While AdamsNames has not been accused of any wrongdoing, allowing its TLDs to get hijacked, putting many thousands of domains at risk, certainly smacks of incompetence.

And the current status of .tc and .vg is unclear enough that I’d advise extreme caution when doing business with either TLD until further notice.

According to IANA records, .vg (British Virgin Islands) still has AdamsNames listed as the technical manager, but there have been significant, dodgy-looking changes at .tc recently.

Notably, references to AdamsNames as technical contact and official registration site for the ccTLD have been removed and replaced with those for a couple of new companies.

TLD AS (based in Turkey) and Meridian TLD (based in the British Virgin Islands) have been named as technical contact and registration site for .tc respectively.

Also, a name server for .tc that was operated by RIPE (a respectable organization), was also removed and replaced with one from zone.tc, a domain controlled by Meridian TLD, in early April.

All the name servers for .tc, and all but one of the name servers for .vg, are now on domains controlled by Meridian.

On the face of it, it looks almost legit. Meridian’s web site even states that its representatives were at the ICANN meeting in Beijing a month ago.

But according to AdamsNames, Meridian is actually run by Ulutas (the alleged hijacker) and at least two other people, and the two other people showed up in Beijing pretending to represent AdamsNames.

AdamsNames said on its web site:

We have to state frank and clear that neither Ayse Ergen nor her companion are authorised to represent or to act on behalf of AdamsNames Limited. By posing as employees of AdamsNames, the group of criminals around Ertan Ulutas, newly also known as “Meridian TLD Corp.”, continues its efforts to hijack the business of AdamsNames (run since 1999) by underhand means.

ICANN/IANA, according to AdamsNames, was aware of its complaints about Meridian from late March, which was before it made the changes that gave Meridian effective control over .tc.

Right now, it looks disturbingly like the alleged “hijacker” has actually managed to not only take over operations for at least one entire ccTLD but also to make it official.

Nuclear Iran campaign group sends ICANN list of demands (and they’re really, really stupid)

Kevin Murphy, September 19, 2012, Domain Policy

The campaign group United Against Nuclear Iran has called on ICANN to switch off internet access to Iran, due to an apparent misunderstanding of what it is ICANN does.

In a letter sent earlier this month and published yesterday, UANI told ICANN to “immediately cease and desist” from providing “ICANN/IANA access” to Iranian entities covered by US and EU sanctions.

The group is worried that these organizations are using the internet to help Iran with its goal of creating nuclear weapons.

The letter states:

Absent access to ICANN/IANA, the dictatorial regime of Iran would be severely impeded in pursuing its illegal and amoral activities. For each day that you knowingly continue to provide Iran sanction-designated persons and entities access to the worldwide web, ICANN/IANA will be increasingly complicit in the IRGC and Iranian regime’s nefarious behavior. ICANN/IANA must stop transacting with such Iranian entities and persons and deny them access to Unique Web Identifiers, and therefore, the worldwide web.”

The letter is stupid on so many levels it’s difficult to know where to begin.

It appears to assume that ICANN has the power and ability to shut down certain individual .ir and .com domain names, which are registered to and used by sanctioned entities.

The letter (pdf) states:

Prominent sanction-designated Iranian entities have acquired .ir Unique Internet Identifiers from ICANN/IANA through the RIPE NCC. For example, Iran’s nuclear brain trust, Malek Ashtar University holds the http://www.mut.ac.ir/ address. Major Iranian banks, including the country’s central bank, maintain active websites (e.g. http://www.cbi.ir, http://www.bank-maskan.ir, http://www.bmi.ir and http://www.banksepah.ir). Further, Khatam al-Anbia, which serves as the IRGC’s engineering arm with over 812 subsidiaries and is heavily involved in the construction of the Qom/Fordow nuclear weapons facilities, holds the web address of http://www.khatam.com. These sanction-designated entities could not gain such web access without ICANN/IANA.

You’ll immediately notice that UANI seems to think that RIPE NCC hands out .ir addresses, which it does not. RIPE is a Regional Internet Registry that deals exclusively with IP address blocks.

ICANN doesn’t have the power to shut down individual domains either. It has powers over the root zone — top-level domains — not second-level domains in individual TLDs.

Nor does ICANN appear to work with any of the organizations on the US list of sanctioned entities.

The .ir ccTLD is delegated to the Tehran-based Institute for Research in Fundamental Sciences, which is not sanctioned.

ICANN could, feasibly, shut down the whole of .ir, as long as Verisign and the US Department of Commerce — which have ultimate control over the root — played along, but that seems like overkill.

Is UANI asking ICANN to shut down the whole of the .ir space?

Apparently not. In fact, the group condemns censorship and appears to support the ability of regular Iranian citizens to access a free, unfettered internet. The letter states:

Unfortunately, ICANN/IANA and the Unique Internet Identifiers that it provides are misused by the sanction-designated Iranian entities and persons to facilitate their illicit operations, activities and communications including support for Iran’s rogue nuclear weapons program, Iran’s sponsorship of terrorism around the world, and the Iranian regimes brutal crackdown against its own people. Disturbingly, that crackdown includes the ruthless censorship of the Internet and other communication access, and the use of tracking technology to monitor, torture and kill freedom seeking dissidents.

Simply put, ICANN/IANA should not provide the internet communications means that the Iranian regime and the IRGC misuses to censor and deny Internet freedoms to its people, much less to support Iran’s illicit nuclear program or its sponsorship of terrorism.

A second, more or less identical letter (pdf) sent to RIPE NCC accused the organization of being the country-code manager for .ir, apparently based on a misunderstanding of this web page.

Netherlands-based RIPE has already responded, saying:

The RIPE NCC is in contact with the Dutch Ministry of Foreign Affairs to ensure that we operate in accordance with Dutch law and all applicable international sanctions. Our advice from the Ministry has been that the RIPE NCC is not in violation of these sanctions. However, we will investigate in cases where new information is provided to us and we will ensure that changing circumstances do not place the RIPE NCC in violation of sanctions.

UANI could have avoided embarrassing itself with a couple of phone calls, and I have to wonder why it did not.

Possibly because it can get New York Times column inches simply by throwing around accusations.

Breaking: ICANN awarded IANA contract

Kevin Murphy, July 2, 2012, Domain Policy

ICANN has been awarded the contract to run IANA for another three to seven years.

It’s almost eight months since the US National Telecommunications and Information Administration put the contract up for rebid and four months after ICANN’s initial proposal was deemed unsatisfactory.

“This is the longest IANA functions contract we’ve ever had, running for a period of three years with two 2-year renewal options,” said Akram Atallah, ICANN’s new interim CEO, in a statement.

The new contract starts October 1.

A cynic might note that the renewal, which was of course expected, comes just a day after the departure of former CEO Rod Beckstrom. That cynic might also suggest that the timing was deliberate.

Former CEO Rod Beckstrom tweeted tonight that his last act as CEO was to sign the new contract yesterday.

The IANA contract gives ICANN its powers over the domain name root system and IP address allocation.

More on the story when we have it…

US reopens IANA contract re-bid

Kevin Murphy, April 17, 2012, Domain Policy

ICANN’s key contract with the US government is open for proposals again, a month after ICANN was told its first bid wasn’t up to the expected standards.

The US National Telecommunications and Information Administration yesterday posted a revised request for proposals, looking for a new IANA contractor.

The IANA contract is what gives ICANN its operational powers over the domain name system root database.

Based on a quick comparison of the new RFP with the old, there have been few notable, substantial changes, giving little indication of why ICANN’s previous response fell short.

The RFP has a strong emphasis on accountability, transparency, separation of ICANN/IANA powers, conflicts of interest and the “global public interest”, as before.

While many of the requirements have been edited, clarified or shifted around, I haven’t been able to spot any major additions or subtractions.

The RFP now envisages a contract running from October 1, 2012 until September 30, 2015, with two two-year renewal options, bringing the expiry date to September 30, 2019.

The deadline for responses is May 31.

The current contract had been due to expire at the end of March but the NTIA unexpected extended it by six months just before ICANN’s meeting in Costa Rica kicked off last month.

The NTIA said it canceled the first RFP “because we received no proposals that met the requirements” but neither it nor ICANN has yet provided any specifics.

Over a month ago, at an ICANN press conference in Costa Rica, CEO Rod Beckstrom said: “We were invited to have a debriefing with [the NTIA] to learn more about this. Following that discussion we will share any information we are allowed to share.”

Since then, no additional information has been forthcoming.

The new RFP can be read here. For comparison, the old version can be downloaded here.

ICANN to issue update on IANA contract

Kevin Murphy, March 12, 2012, Domain Policy

This weekend’s shock news that ICANN’s bid to renew its IANA contract with the US government failed is still without an official, detailed explanation, but ICANN may soon reveal more specifics.

The National Telecommunications and Information Administration said Saturday that no bidder for the IANA contract had met its requirements, and that it was canceling the RFP until a later date.

It extended ICANN’s management of IANA for another six months.

CEO Rod Beckstrom said at a press conference here at the public meeting in Costa Rica today that ICANN cannot comment on the reasons its bid was rejected for now.

However, it’s going to meet with the NTIA soon to discuss the matter and may issue an update later.

“We were invited to have a debriefing with them to learn more about this,” Beckstrom said. “Following that discussion we will share any information we are allowed to share.”

Here in San Jose, there are several theories floating around the show floor.

The first hypothesis, which was popular on Saturday but which since seems to have fallen out of favor, is that it was a deliberate attempt to, in the words of one attendee, “fuck with” Beckstrom.

His contract expires in early July, and it was speculated that the NTIA would prefer to deal with his successor on the IANA contract, forcing him to leave the organization on a bum note.

I don’t really buy that. I can’t see the NTIA playing personality politics to that extent, not with the future of internet governance on the line.

The other theory doing the rounds is that ICANN fell foul of some rather esoteric US procurement guidelines – that the NTIA was legally unable to approve its bid.

Others speculate that ICANN just submitted a really crappy response to the RFP, or a response that failed to take the NTIA’s requirements seriously enough.

This seems more likely.

Whatever the reason, the way the news broke – apparently catching ICANN off-guard as much as anybody else – certainly suggests that the NTIA either screwed up its communications or that it wanted to make one of its trademark pre-show sabre-rattling statements.