Latest news of the domain name industry

Recent Posts

ICE seizes more piracy domains

Kevin Murphy, May 23, 2011, Domain Policy

The US Immigration and Customs Enforcement agency has seized a small number of domain names that were allegedly being used to distribute bootleg movies and other goods.

But the number of domains falling to Operation In Our Sites in the latest round appears to be smaller than reported over the weekend by TorrentFreak.

The newly seized domains seem to be watchnewfilms.com, mygolfaccessory.com and re1ease.net.

Another half-dozen domains reportedly grabbed within the last few days were actually seized last November, as part of ICE’s major Thanksgiving crackdown.

The false positives were likely spotted because the domains recently changed name servers to ICE’s seizedservers.com, but this appears to be due to a domain management issue, rather than a fresh seizure.

ICE domain seizures enter second phase

Kevin Murphy, April 20, 2011, Domain Policy

The US Immigration & Customs Enforcement agency seems to be consolidating its portfolio of seized domain names by transferring them to its own registrar account.

Many domains ICE recently seized at the registry level under Operation “In Our Sites” have, as of yesterday, started naming the agency as the official registrant in the Whois database.

ICE, part of the Department of Homeland Security, has collected over 100 domains, most of them .coms, as part of the anti-counterfeiting operation it kicked off with gusto last November.

The domains all allegedly either promoted counterfeit physical goods or offered links to bootleg digital content.

At a technical level, ICE originally assumed control of the domains by instructing registries such as VeriSign, the .com operator, to change the authoritative name servers for each domain to seizedservers.com.

All the domains pointed to that server, which is controlled by ICE, resolve to a web server displaying the same image:

ICE seized domains banner

(The banner, incidentally, appears to have been updated this month. If clicked, it now sends visitors to this anti-piracy public service announcement hosted at YouTube.)

Until this week, the Whois record associated with each domain continued to list the original registrant – a great many of them apparently Chinese – but ICE now seems to be consolidating its portfolio.

As of yesterday, a sizable chunk — but by no means all — of the seized domains have been transferred to Network Solutions and now name ICE as the registrant in their Whois database records.

Rather than simply commandeering the domains, it appears that ICE now “owns” them too.

But ICE has already allowed one of its seizures to expire. The registration for silkscarf-shop.com expired in March, and it no longer points to seizedservers.com or displays the ICE piracy warning.

The domain is now listed in Redemption Period status, meaning it is starting along the road to ultimately dropping and becoming available for registration again.

Interestingly, most of the newly moved domains appear to have been transferred into NetSol from original registrars based in China, such as HiChina, Xin Net and dns.com.cn.

After consulting with a few people more intimately familiar with the grubby innards of the inter-registrar transfer process than I am, I understand that the names could have been moved without the explicit intervention of either registrar, but that it would not be entirely unprecedented if the transfers had been handled manually under the authority of a court order.

If I find out for sure, I’ll provide an update.

Feds seize billion-dollar poker domains

Kevin Murphy, April 15, 2011, Domain Policy

Five domain names associated with online poker sites have been seized by the FBI as part of an investigation that has also seen 11 people indicted.

The principals of PokerStars, Absolute Poker and Full Tilt Poker, along with third-party “payment processors”, stand accused of engaging in a massive money laundering scheme in order to accept billions of dollars of payments from American gamblers in violation of US laws.

The charges carry possible maximum sentences of between five and 30 years in prison, along with substantial monetary fines. Two men have been arrested, a third is due to be arraigned, and the remainder are currently outside of the US, according to a press release (pdf).

The US Attorney for the Southern District of New York said five domain names have been seized by the FBI in connection with the prosecutions.

It’s not yet clear which domains have been seized.

From where I’m sitting in London, absolutepoker.com already shows an FBI warning banner, but pokerstars.com and fulltiltpoker.com both resolve normally. I may be receiving cached DNS data.

Blogger Elliot Silver, sitting behind a resolver on the other side of the pond, reports that ub.com is among the seized domains.

Unlike previous recent seizures, which were carried out by the US Immigration and Customs Enforcement agency, this time the FBI appears to be the responsible agency.

And this time, these aren’t two-bit file-sharing forums or Chinese knock-off merchandise sites, we’re talking about businesses that are perfectly legal in many jurisdictions, clearing billions in revenue.

But according to US Attorney’s charges, the companies carried out an elaborate plan to cover up the sources of their revenue through third parties and phoney bank accounts.

The companies are even alleged to have made multi-million dollar investments in failing banks in order to get them to turn a blind eye to the illicit gambling activities.

It appears that the FBI went straight to the .com registry, VeriSign, as some of the affected domains appear to be registered through UK-based corporate registrar Com Laude.

If you’re wondering whether this is yet another confirmation that all .com domains are subject to US jurisdiction, this is your takeaway sentence, from Manhattan US Attorney Preet Bharara:

Foreign firms that choose to operate in the United States are not free to flout the laws they don’t like simply because they can’t bear to be parted from their profits.

The suits seek $3 billion in allegedly ill-gotten gains to be returned.

Plug-in works around seized domains

Kevin Murphy, April 15, 2011, Domain Tech

Disgruntled coders have come up with a new Firefox plug-in to help people find piracy web sites after their domain names are seized by the authorities.

MAFIAA-Fire hooks into the browser, checking DNS queries against a list supplied by the developers, to see if the name corresponds to a seized domain.

If it does, the browser is redirected to an approved mirror. If it does not, the DNS query is handled as normal through the browser’s regular resolvers.

The plug-in was created in response to the seizure of domain names alleged to be involved in distributing bootleg movies, music and software.

The US Immigration and Customs Enforcement agency has been sending court-ordered take-down notices to US-based registry operators such as VeriSign for the last several months.

Some sites immediately relocate to top-level domains outside of US jurisdiction. MAFIAA-Fire is designed to make the process of finding these new sites easier.

As the plug-in site acknowledges, if any fraudulent data were to make its way onto its manually-authenticated list of domains, it could cause a security problem for end users.

MAFIAA stands for “Music and Film Industry Association of America”, a corruption of RIAA and MPAA. The “Fire” suffix comes from the fact that fire melts ICE.

The plug-in, which was first reported by TorrentFreak, is hosted at a .com address.