Pirates set up domain seizure workaround

Kevin Murphy, October 6, 2011, Domain Tech

Movie and music pirates are setting up alternative DNS services to help users work around the government seizure of domain names.

A new service, BlockAid.me, launched an open beta at the end of September. It’s currently being promoted prominently on at least one major movie/music/games-sharing site.

The site encourages internet users to reconfigure their computers to use BlockAid’s DNS servers. That way, if a domain name used by a piracy web site is seized by law enforcement, BlockAid will be able to direct surfers to the original owner’s IP address more or less transparently.

This is exactly what the experts predicted would happen.

Ever since the US Immigration and Customs Enforcement agency started seizing domain names associated with pirated content and US politicians have been discussing legislation to streamline the process, workarounds have been expected.

In May, DNS experts including Paul Vixie, Dan Kaminsky and now-ICANN chair Steve Crocker said that the Protect-IP Act in the US would persuade many users to switch to offshore DNS servers.

They warned that this would lead to a rise in cybercrime against consumers, as disreputable or insecure DNS providers send surfers to spoofs of banks and other sensitive sites.

While there’s no reason to believe the BlockAid project has this kind of nefarious activity in mind, if the idea catches on it’s probably inevitable that a similar service operated by crooks will emerge eventually.

Amusingly, BlockAid’s web site says that it may financially support itself in future by showing ad-laden web pages instead of returning NXDOMAIN errors, a much-criticized money-making tactic many ISPs already use.

Note also that the .me registry is managed by Afilias, a heavily US-based company, which likely makes BlockAid.me just as vulnerable to seizure as any .com address.

Big Content calls for government new gTLD oversight

Kevin Murphy, August 1, 2011, Domain Policy

The music, movie and advertising industries have backed a US move that could see governments getting more control over the approval of new top-level domains.

They’ve urged the National Telecommunications and Information Administration to keep a proposed rule that would force ICANN to show a new gTLD is in the “global public interest” before giving it the nod.

But they are opposed by many other stakeholders who responded to the NTIA’s Further Notice Of Inquiry on the renewal of ICANN’s IANA contract.

The FNOI resulted in about 35 responses, from companies and organizations on five continents.

The most controversial question posed by the NTIA was whether the IANA contract should include this provision:

For delegation requests for new generic TLDS (gTLDs), the Contractor [ICANN] shall include documentation to demonstrate how the proposed string has received consensus support from relevant stakeholders and is supported by the global public interest.

This was broadly interpreted as a way for governments to have a de facto veto over new gTLD applications, via ICANN’s Governmental Advisory Committee.

The proposed measure has now been supported by the Recording Industry Association of America, the Association of National Advertisers, and the Coalition for Online Accountability, which represents the music and movie industries.

Brand owners want another bite

In his strongly worded response, ANA president Robert Liodice wrote that the new gTLD program “is likely to cause irreparable injury to brand owners”, adding that it supported the NTIA’s proposal.

[It] provides a layer, however thin, of contractual protection that gTLDs will not be deposited to the authoritative root zone without appropriate justification. While the ANA believes that these protections are marginal at best, and that a more secure, safe and permanent solution must be found to prevent the harms to brand owners and consumers described above; nonetheless, “something is better than nothing”

Special interests

The RIAA said in its filing that it “strongly supports” the proposal, on the basis that it thinks .music, if approved as a gTLD, could lead to more online music piracy.

there are no concrete obligations in the latest application guidebook to implement heightened security measures for these types of gTLDs that are focused on particular industries such as record music. Given the the risk that such a gTLD application could pass through the ICANN process without committing to such measures, it should be incumbent on the IANA contractor to document how its entry into the root would meet the “global public interest” standard.

It’s a drum the RIAA, never afraid of making special-interest arguments on matters of internet governance, has been beating for some time.

It stopped short of asking for all existing TLDs (and IP addresses, in the case of peer-to-peer applications) to be banned outright, which would presumably do much more to prevent piracy.

Oh no you ditn’t!

The COA, which includes the RIAA among its members, has the honor of being the first of ICANN’s critics to raise the Peter Dengate Thrush Situation to officially bash the organization.

PDT, as you’ll recall, joined Minds + Machines, likely to be a volume gTLD applicant next year, just a few weeks after he helped push through ICANN’s approval of the gTLD program.

COA counsel Steve Metalitz wrote:

This development tends to confirm COA’s view that “the new gTLD process, like so much of ICANN’s agenda, has been ‘led’ by only a small slice of the private sector, chiefly the registrars and registries who stand to profit from the introduction of new gTLDs.”

If a “check and balance” on addition of these new gTLDs to the root was advisable prior to this announcement, it now appears to be indispensable.

Plenty of ICANN stakeholders on both sides of the new gTLD debate have been calling for a review of ICANN’s ethics policies recently, so the COA is far from alone in highlighting the perception problem PDT’s move, and others, may have created.

It looked dodgy, and people noticed.

But on the other hand…

Many responses to the FNOI take the opposing view – saying that the “global public interest” requirements appear to run contrary to IANA’s technical coordination mandate.

IANA’s statement of work, which mandates IANA staff independence from ICANN policy-making, seems like a very odd place to introduce a vague and highly policy-driven oversight check.

Opposition came from the gTLD registry community and likely applicants, as you might expect, as well as from a number of ccTLD operators, which was perhaps less predictable.

A typical response, from the ccNSO, was:

While recognising and supporting the need for ensuring that new gTLDs have consensus support and are consistent with the global public interest, the ccNSO suggests that the IANA contractor’s role should simply be to verify that ICANN has followed the Guidebook process and that all the evaluation criteria (not just the two referred to) have been met.

A number of responses also call for the strict separation of IANA staff from ICANN’s policy-making functions to be relaxed. The way the NTIA’s proposal is currently worded, it’s not clear if IANA’s experts would be able to provide their input to important work.

How Protect IP will get you hacked

Kevin Murphy, July 14, 2011, Domain Policy

The collection of DNS experts opposing the Protect IP Act today held a press conference to outline exactly why the proposed US piracy protection legislation is dangerous.

Protect IP, currently making its may through Congress, would force ISPs to intercept and redirect domain name look-ups for proscribed piracy sites.

It’s the latest in a series of attempts by the IP lobby to push through legislation aimed at curbing the widespread bootlegging of digital content such as music and movies.

But ICANN chair Steve Crocker, DNS uber-hacker Dan Kaminsky, David Dagon of Georgia Tech, VeriSign’s Danny McPherson and BIND supremo Paul Vixie all think the Act will have unintended and dangerous consequences.

They published a white paper explaining their concerns in May, which I wrote about here, and today ramped up the campaign by talking to reporters in Washington, DC.

Here’s the problem as they see it:

Today, the vast majority of internet users take the default DNS service from their ISP. Usually, the servers are configured automatically when you’re installing the ISP’s software.

Many users are also aware of alternative DNS providers such as Google and OpenDNS. Whatever you think of these services, you can be pretty confident they’re not out to steal your identity.

What Crocker et al are worried about is that content pirates will set up services similar to OpenDNS in order to enable users to visit domains that are blocked by Protect IP in their country.

Users can configure such a service in just 30 seconds, with a single click, the experts said. If they want access to the latest movies and music, they may do so without considering the consequences.

But if you sign up to use a DNS server provided by a bunch of movie pirates, you don’t necessarily have the same reassurances you have with OpenDNS or Google.

You’re basically signing up to pass all your domain name look-up data to proven rogues, what Kaminsky referred to during the press conference as “unambiguously bad guys”.

These bad guys may well direct you to the correct server for the Pirate Bay, but they may also hand you over to a spoof web site when you try to visit your bank.

You’ll think you’re looking at your bank’s site, and your computer will think it got a genuine IP address in response to its DNS query, but you’re really handing your login credentials to a crook.

DNS blocking already takes place with respect to content such as child pornography, of course, but it has not to date created a huge reaction with millions of users taking their DNS overseas.

“The scale of the reaction is what we fear,” Kaminsky said. Vixie added: “To the extent that the content is extremely popular the bypass mechanisms will also be popular.”

The measures proposed by Protect IP would also break DNSSEC, but that’s still pretty much pie-in-the-sky stuff, so the press conference did not spend much time focusing on that.

ICE seizes more piracy domains

Kevin Murphy, May 23, 2011, Domain Policy

The US Immigration and Customs Enforcement agency has seized a small number of domain names that were allegedly being used to distribute bootleg movies and other goods.

But the number of domains falling to Operation In Our Sites in the latest round appears to be smaller than reported over the weekend by TorrentFreak.

The newly seized domains seem to be watchnewfilms.com, mygolfaccessory.com and re1ease.net.

Another half-dozen domains reportedly grabbed within the last few days were actually seized last November, as part of ICE’s major Thanksgiving crackdown.

The false positives were likely spotted because the domains recently changed name servers to ICE’s seizedservers.com, but this appears to be due to a domain management issue, rather than a fresh seizure.

ICE domain seizures enter second phase

Kevin Murphy, April 20, 2011, Domain Policy

The US Immigration & Customs Enforcement agency seems to be consolidating its portfolio of seized domain names by transferring them to its own registrar account.

Many domains ICE recently seized at the registry level under Operation “In Our Sites” have, as of yesterday, started naming the agency as the official registrant in the Whois database.

ICE, part of the Department of Homeland Security, has collected over 100 domains, most of them .coms, as part of the anti-counterfeiting operation it kicked off with gusto last November.

The domains all allegedly either promoted counterfeit physical goods or offered links to bootleg digital content.

At a technical level, ICE originally assumed control of the domains by instructing registries such as VeriSign, the .com operator, to change the authoritative name servers for each domain to seizedservers.com.

All the domains pointed to that server, which is controlled by ICE, resolve to a web server displaying the same image:

ICE seized domains banner

(The banner, incidentally, appears to have been updated this month. If clicked, it now sends visitors to this anti-piracy public service announcement hosted at YouTube.)

Until this week, the Whois record associated with each domain continued to list the original registrant – a great many of them apparently Chinese – but ICE now seems to be consolidating its portfolio.

As of yesterday, a sizable chunk — but by no means all — of the seized domains have been transferred to Network Solutions and now name ICE as the registrant in their Whois database records.

Rather than simply commandeering the domains, it appears that ICE now “owns” them too.

But ICE has already allowed one of its seizures to expire. The registration for silkscarf-shop.com expired in March, and it no longer points to seizedservers.com or displays the ICE piracy warning.

The domain is now listed in Redemption Period status, meaning it is starting along the road to ultimately dropping and becoming available for registration again.

Interestingly, most of the newly moved domains appear to have been transferred into NetSol from original registrars based in China, such as HiChina, Xin Net and dns.com.cn.

After consulting with a few people more intimately familiar with the grubby innards of the inter-registrar transfer process than I am, I understand that the names could have been moved without the explicit intervention of either registrar, but that it would not be entirely unprecedented if the transfers had been handled manually under the authority of a court order.

If I find out for sure, I’ll provide an update.