dotBerlin CEO Dirk Krischenowski is suspected of using a bug in ICANN’s new gTLD portal to access hundreds of confidential documents, some containing sensitive financial planning data, belonging to competing gTLD applicants.
That’s according to ICANN documents sent by a source to DI today.
Krischenowski, who has through his lawyer “denied acting improperly or unlawfully”, seems to be the only person ICANN thinks abused its portal’s misconfigured search feature to deliberately access rivals’ secret data.
ICANN said last night that “over 60 searches, resulting in the unauthorized access of more than 200 records, were conducted using a limited set of user credentials”.
But ICANN, in private letters to victims, has been pinning all 60 searches and all 200 access incidents on Krischenowski’s user credentials.
Some of the incidents of unauthorized access were against applicants Krischenowski-run companies were competing against in new gTLD contention sets.
The search terms used to find the private documents included the name of the rival applicant on more than one occasion.
In more than once instance, the data accessed using his credentials was a confidential portion of a rival application explaining the applicant’s “worst case scenario” financial planning, the ICANN letters show.
I’ve reached out to Krischenowski for comment, but ICANN said in its letters to victims:
[Krischenowski] has responded through legal counsel and has denied acting improperly or unlawfully. The user has stated that he is unable to confirm whether he performed the searches or whether the user’s account was used by unauthorized person(s). The user stated that he did not record any information pertaining to other users and that he has not used and will not use the information for any purpose.
Krischenowski is a long-time proponent of the new gTLD program who founded dotBerlin in 2005, many years before it was possible to apply.
Since .berlin launched last year it has added 151,000 domains to its zone file, making it the seventh-largest new gTLD.
The bug in the ICANN portal was discovered in February.
The results on an audit completed last month showed that over the last two years, 19 users used the glitch to access data belonging to 96 applicants and 21 registry operators.
There were 330 incidents of unauthorized access in total, but ICANN seems to have dismissed the non-“Krischenowski” ones as inadvertent.
An ICANN spokesperson declined to confirm or deny Krischenowski is the prime suspect.
Its investigation continues…
The US Federal Trade Commission has made some strong criticisms of the new gTLD program but has refused to answer the question of whether .sucks is behaving illegally.
In a letter to ICANN today (pdf), FTC chair Edith Ramirez took the opportunity to ask for a bunch of changes to the program.
But she declined to reply to ICANN’s original question, which was: are Vox Populi’s launch policies and pricing illegal?
Ramirez said she “cannot comment on the existence of any pending investigations” but said “the FTC will monitor the activities of registries and other actors in this arena” and “will take action in appropriate cases”.
She goes on to make three “recommendations” about new gTLDs in general.
She wants ICANN to “encourage the best practice” of all domain registrants to prominently identify themselves on their web sites, so that consumers are not confused.
This will never happen.
Ramirez then says rights protection mechanisms should be strengthened to prevent companies like Vox Pop violating the “spirit” of the RPMs by charging such high prices.
Finally, she echoes the advice of the Governmental Advisory Committee in asking for gTLDs representing regulated industries to have much more stringent registration requirements.
ICANN is of course under no obligation to take these recommendations as anything other than the comments of a single community member.
It’s good news for .sucks — without a determination of illegal behavior ICANN presumably has no reason to act against it.
It remains to be seen what the Canadian regulator, which ICANN also contacted for guidance, will say.
UPDATE: ICANN has just released the following statement from general counsel John Jeffrey:
We want to thank Chairwoman Ramirez for her response and for the FTC’s active interest in ICANN.
We greatly appreciate the Chairwoman’s stated understanding and appreciation of the importance of the concerns ICANN had conveyed regarding the .SUCKS gTLD rollout, as well as the broader set of consumer protection issues relating to the new gTLD program that the FTC has restated in the Chairwoman’s letter.
The FTC’s comments on consumer protection issues throughout the new gTLD program have been an important part of the dialogue of the ICANN community relating to these topics.
A small number of new gTLD registries and/or applicants deliberately exploited ICANN’s new gTLD portal to obtain information on competitors.
That’s my take on ICANN’s latest update about the exploitation of an error in its portal that laid confidential financial and technical data bare for two years.
ICANN said last night:
Based on the information that ICANN has collected to date our investigation leads us to believe that over 60 searches, resulting in the unauthorized access of more than 200 records, were conducted using a limited set of user credentials.
The remaining user credentials, representing the majority of users who viewed data, were either used to:
Access information pertaining to another user through mere inadvertence and the users do not appear to have acted intentionally to obtain such information. Access information pertaining to another user through mere inadvertence and the users do not appear to have acted intentionally to obtain such information. These users have all confirmed that they either did not use or were not aware of having access to the information. Also, they have all confirmed that they will not use any such information for any purpose or convey it to any third party; or
Access information of an organization with which they were affiliated. At the time of the access, they may not have been designated by that organization as an authorized user to access the information.
We can infer from this that the 60 searches, exposing 200 records, were carried out deliberately.
I asked ICANN to put a number on “limited set of user credentials” but it declined.
The breach resulted from a misconfiguration in the portal that allowed new gTLD applicants to view attachments to applications that were not their own.
ICANN knows who exploited the bug — inadvertently or otherwise — and it has told the companies whose data was exposed, but it’s not yet public.
The information may come out in future, as ICANN says the investigation is not yet over.
Was your data exposed? Do you know who accessed it? You know what to do.
NameVault, a registrar that once had over 75,000 domains under management, has been terminated by ICANN over multiple alleged contract breaches.
ICANN told (pdf) the Canadian company this week that its right to sell gTLD domain names will come to an end June 17.
The breaches primarily relate to its failure to provide records relating to the domain stronglikebull.com and its failure to provide ICANN with a working phone number.
NameVault belonged to domain investor Adam Matuzich, but I hear he may have sold it off to an Indian outfit several months ago (that may have been a surprise to ICANN too).
Back in 2011, it had over 75,000 names on its books. Today, it has fewer than 1,000.
The decline seems to be largely due to the departure of fellow domain investor Mike Berkens, who started taking his portfolio to Hexonet a few years ago.
ICANN will now ask other registrars if they want to take over NameVault’s domains.
It’s the fourth registrar to lose its accreditation this year.
The 10-hour outage in the Trademark Clearinghouse’s key database had no impact on domain registrations, ICANN says.
We reported earlier this week that the TMCH’s Trademark Database had been offline for much of last Friday, for reasons unknown.
We’d heard concerns from some users that the downtime may have allowed registrants to register domain names matching trademarks without triggering Trademark Claims notices.
But that worry may have been unfounded. ICANN told DI:
The issue occurred when two nodes spontaneously restarted. The cause of this restart is still under investigation. Although both nodes came back up, several services such as the network interface, TSA Service IP and the SSH daemon did not. All TMDB Services except the CNIS service were unavailable during the outage. From a domain registration point of view there should have been no impact.
CNIS is the Claim Notice Information Service, which provides registrars with Trademark Claims notice data.