Recent Posts
- Ancient registrar gets ICANN breach notice over UDRP
- ICANN is starting to auto-renew new gTLD contracts
- Freenom hit by FIFTH ICANN action after litany of screw-ups
- Second DNSSEC screw-up takes down Aussie web sites
- Nominet adds handcuffs clause to proposed new Articles
- Single/plural gTLD combos to be UNBANNED
- ICANN rejects a whole bunch of new gTLD policy stuff
- Volkswagen ditches its dot-brand
- Radix looking for a back-end
- Is this why WhatsApp hates some TLDs but not others?
- Blockchain domain firm raises $2.5 million
- Verisign: 1.7 million domain industry growth in Q2
- Namecheap has given away 500,000 free .me domains
- Epik had another terrible month in May
- Blockchain startup gets $5 million to apply for gTLDs
- Buckridge to replace Shears on ICANN board
- CentralNic rebrands as Team Internet
- .ai sells 100,000 domains in a year
- Google to launch two fun new gTLDs next month
- Domainers not welcome as .music readies September launch
- Another six dot-brands self-terminate (two are very strange)
- Four more years for Identity Digital in Oz
- ICANN might be a director light after election stalemate
- ICANN turns down money from blockchain alt-root
- CentralNic chief calls on industry to tackle climate change
- London Domain Summit starts tomorrow
- Closed generics ban likely to remain after another policy group failure
- Ukrainian domains slide as war becomes the new normal
- Epik had worst month ever in April
- Go.Compare now redirecting to the .com
- Huge telco dumps gTLDs after rebrand
- Rejected former director threatens to sue Nominet
- April 2026 is the date for the next new gTLD round
- Doria leaving ICANN board a loss for new gTLD program
- A second new gTLD has FAILED and will be sold off
- .web hit by second ICANN complaint
- Registrar linked to defunct social network terminated
- Three candidates stand for Nominet board
- Next round of gTLDs could come much sooner than expected
- Registering .cv domains might become easier
- Musk prematurely announces Twitter is now X
- Nominet admits membership fees mistake
- Government to regulate UK-related domain names
- Domainer objects to Epik’s acquisition over Masterbucks collapse
- Freenom is losing another ccTLD after collecting military emails
- DENIC kicks out NCC as ICANN’s sole escrow agent
- ICANN takes over country’s ccTLD after Hall of Famer’s death
- ICANN Ombudsman quits
- ICA baffled by plan to outlaw domaining in India
- No $8 million discount for dot-brands, says ICANN
- Epik lost 125,000 domains in Q1
- Buckingham leaves Nominet’s board early
- Epik is off the ICANN naughty step
- Identity Digital is gobbling up Verisign’s back-end business
- o.com auction likely a damp squib after Overstock rebrand
- ICANN actually CHANGES Verisign’s .net contract after public comments
- GoDaddy takes over .health
- The looooong road to urgently hiring ICANN’s next CEO
- Rwanda picked for ICANN meeting
- Governments call for ban on gTLD auctions
- Red Cross gets takedown powers over .org domains
- Domain universe grew 1% in Q1
- Closed generics and IDNs debates are big drag on new gTLDs
- New gTLD registry gets second ICANN breach notice
- Epik lost another 22,000 domains to transfers in February
- Mystery buyer rescues Epik at end of crazy week
- Millions of domains to be deleted as Freenom loses its first TLD
- Everyone hates Verisign’s new .net deal
- UAE boasts rapid domain growth in 2022
- ICANN just put a date on the next new gTLD round
- Three more straggler new gTLDs coming soon
- Three more dot-brands realize the futility of existence
- woke.com among domains in NamesCon auction
- Domainer asks court to block Epik sell-off
- .web delay likely after Verisign rival files ICANN appeal
- CentralNic starts returning cash to shareholders as revenue grows
- Newly launched .zip already looks dodgy
- Progress made on next new gTLD round rules
- Brands ask for cheaper ICANN fees
- ICANN salary porn: 2022 edition
- Tucows and GoDaddy see weakness in big-ticket aftermarket sales
- Another registrar seemingly vanishes
- Verisign “pleased” at ICANN’s .web call
- .hiphop returns to GoDaddy after Uniregistry snub
- Danish national registry changes its name. Don’t laugh.
- ICANN signs Whois’ death warrant in new contracts
- Verisign WILL get .web, ICANN rules
- Verisign narrows domain growth guidance
- Epik exodus topped 100,000 domains in January
- Nominet looking for another director
- CentralNic expects revenue up 24% in Q1
- Epik CEO tries to wriggle out of $327,000 refund lawsuit
- Travel gTLD registry dumps three strings — NOT dot-brands
- Worried about governments seizing .com domains? Too late
- Epik’s meltdown is a ticking time-bomb for ICANN
- Epik customer exodus started when Monster quit
- ICANN wants more newbies on its board
- AcornDomains bought by conference organizer
- Uniregistry successor makes big pricing changes on two TLDs
- ICANN to crowd-source CEO search
- Verisign’s .net contract up for public comment
- About 6,000 .au domains remain contested
- New gTLDs — implementation talks to start next month
- Epik sued over financial meltdown
- ChatGPT maker files UDRP on .com match
- Costerton drops rap album to attract Gen Z to ICANN
- .food registry to dump four dot-brand gTLDs
- Google to drop EIGHT new gTLDs
- .org back-end contract up for grabs
- The end of “do-nothing” ICANN?
- Governments backtracking on closed generics ban
- Radix sold almost $8 million of premiums last year
- .com was a drag on the industry in Q4
- Identity Digital hit by failure of Silicon Valley Bank
- .art links DNS and alt-root ENS
- Brands want new gTLD fast track
- Facebook sues free domains registry for cybersquatting
- Whois disclosure system coming this year?
- Euro registrars merge to form Your.Online
- This is why ICANN is worried about new gTLDs right now
- Identity Digital to launch .watches this month
- Typo .com on sale for $94 million
- First two proper registrars join Web3 Domain Alliance
- IDNs — small and shrinking
- “Everyone thinks you’re a spammer” if you buy keyword domains, says Googler
Newly launched .zip already looks dodgy
A trawl through the latest zone file for Google’s newly launched .zip gTLD reveals that it is likely to be used in malware and phishing attacks.
.zip is of course also a filename extension used by the ZIP archive format, often used to compress and email multiple files at once, and many domains registered in the .zip gTLD in the last few days seem ready to capitalize on that potential for confusion.
I counted 3,286 domains in the May 14 zone file, and a great many of them appear to relate to email attachments, financial documents, software updates and employment information.
I found 133 instances of the word “update”, with sub-strings such as “attach”, “statement”, “download” and “install” also quite common.
Some domains are named after US tax and SEC forms, and some appear to be targeting employees at their first day of work.
I don’t know the intent of any of these registrants, of course. It’s perfectly possible some of their domains could be put to benign use or have been registered defensively by those with security concerns. But my gut says at least some of these names are dodgy.
Google went into general availability with eight new TLDs last Wednesday, and as of yesterday .zip was the only one to rack up more than a thousand names in its zone file.
The others were .dad (913 domains), .prof (264), .phd (605), .mov (463), .esq (979), .foo (665) and .nexus (330).
Dynadot takes down its own web site after apparent breach
Dynadot took the drastic move of turning off its own web site last week after noticing an apparent security breach.
The registrar also reset all of its customers’ passwords, acknowledging the pair of moves were “extremely inconvenient”.
It’s not clear from the company’s statement whether there really had been an attack or whether it overreacted
It said “our system noticed irregular activity” but later brought its site back up after staff “investigated and determined there was not a threat”.
The company said it has engaged “cyber security experts” to help it out in future.
DNS Abuse Institute names free tool NetBeacon, promises launch soon
NetBeacon has been picked as the name for the DNS Abuse Institute’s forthcoming free abuse-reporting tool.
The tool is expected to launch in early June, after software was donated by CleanDNS accelerated the development cycle, according to Institute director Graeme Bunton.
The system was previously using the working title CART, for Centralized Abuse Reporting Tool, as I blogged in February.
CleanDNS CEO Jeff Bedser is also on the board of Public Interest Registry, which funds DNSAI. Bunton wrote that PIR approved the use of the CleanDNS software under its conflict of interest policy, with Bedser recusing himself.
NetBeacon is expected to provide a way for authenticated abuse reporters to file complaints in a normalized fashion, potentially streamlining the workflow of registrars that subsequently have to deal with them.
Bunton has said that the service will be free at both ends, funded by non-for-profit PIR.
GoDaddy hack exposed a million customer passwords
GoDaddy’s systems got hacked recently, exposing up to 1.2 million customer emails and passwords.
The attack started on September 6 and targeted Managed WordPress users, the company’s chief information security officer Demetrius Comes disclosed in a blog post and regulatory filing this week.
The compromised data included email addresses and customer numbers, the original WordPress admin password, the FTP and database user names and passwords, and some SSL private keys.
In cases where the compromised passwords were still in use, the company said it has reset those passwords and informed its customers. The breached SSL certs are being replaced.
GoDaddy discovered the hack November 17 and disclosed it November 22.
It sounds rather like the attack may have been a result of a phishing attack against a GoDaddy employee. The company said the attacker used a “compromised password” to infiltrate its WordPress provisioning system.
Comes wrote in his blog post:
We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection
You may recall that GoDaddy came under fire last December for punking its employees with a fake email promising an end-of-year bonus, which turned out to be an “insensitive” component of an anti-phishing training program.
About 500 staff reportedly failed the test.
XYZ counting standard sales as “premiums” because its fees are so expensive
Portfolio gTLD registry XYZ appears to be counting regular sales of domains in certain TLDs as “premium” wins, because the base reg fee is so high.
The company said in a recent blog post that it sold over 270 “premium” names in October, but it added the following caveat:
Premium XYZ Registry domains refer to premium domains for extensions with standard and premium domains, and XYZ’s premium namespaces such as .Cars, .Storage, .Tickets, .Security, etc.
So if a name in a .com-equivalent priced TLD such as .xyz had been flagged as a premium by the registry and sold for a few thousands bucks, that counts as a premium sale, but any sale at all in .cars, where all domains cost a few thousand bucks regardless of the second-level string, also counts as a premium.
This reporting practice appears to bring in .security, .storage, .protection, .car, .auto, and .theatre, which all retail for four figures as standard. It also includes .tickets, where you won’t get much change out of a grand. It doesn’t include the fourth member of the cars family, .autos, where domains are priced as .com-equivalent.
I’m not sure how I feel about this.
You can’t accuse the registry of being misleading — it’s disclosing what it’s doing pretty prominently mid-post, not even reducing the font size.
And you can’t reasonably argue that a standard $3,000 .cars domain, which renews at $3,000 a year, for example, has less claim to the adjective “premium” than a domain in .hair that has a premium-tier EPP code selling for $3,000 but renewing at $20.
It just feels weird to see the word used in this way for what appears to be the first time.
Whois rule changes that nobody likes get approved anyway
ICANN’s Generic Names Supporting Organization Council has approved a handful of changes to Whois policy, despite the fact that pretty much nobody was fully on-board with the proposals and how they were made.
The new recommendations call for a new field in Whois records to flag up whether the registrant is a private individual, whose privacy is protected by law, or a legal entity like a company, which have no privacy rights.
But the field will be optional, with no obligation for registries or registrars to use it in their Whois services, which has angered intellectual property interests, governments and others.
The working group that came up with the recommendations also declined to find that Whois records should come with an anonymized registrant email address as standard. This absence of change was also adopted by the Council, causing more disappointment.
In short, nothing much is happening to Whois records for the foreseeable future as a result of these policy changes.
But the process to arrive at this conclusion has highlighted not just the deep divisions in the ICANN community but also, some argue, deficiencies in the ICANN process itself.
The Expedited Policy Development Process working group that has since 2018 been looking at the interaction between Whois and privacy protection law, primarily the European Union’s General Data Protection Regulation, had been asked two final questions earlier this year, to wrap up its long-running work.
First, should registrars and registries be forced to distinguish between legal and natural persons when deciding what data to publish in Whois?
Second, should there be a registrant-based or registration-based anonymized email published in Whois to help people contact domain owners and/or correlate ownership across records?
The answer on both counts was that it’s up to the registry or registrar to decide.
On legal versus natural, the EPDP decided that ICANN should work with the technical community to create a new field in the Whois standard (RDAP), but that there should be no obligation for the industry to use it.
On anonymized email addresses, the working group recommendations were even hand-wavier — they merely refer the industry to some legal advice on how to implement such a system in a GDPR-compliant way.
While this phase of the EPDP’s work was super-fast by ICANN standards (taking about nine months) and piss-weak with its output, it nevertheless attracted a whole lot of dissent.
While its tasks appeared straightforward to outsiders, it nevertheless appears to have inherited the simmering tensions and entrenched positions of earlier phases and turned out to be one of the most divisive and fractious working groups in the modern ICANN period.
Almost every group involved in the work submitted a minority statement expressing either their displeasure with the outcome, or with the process used to arrive at it, or both. Even some of the largely positive statements reek of sarcasm and resentment.
EPDP chair Keith Drazek went to the extent of saying that the minority statements should be read as part and parcel of the group’s Final Report, saying “some groups felt that the work did not go as far as needed, or did not include sufficient detail, while other groups felt that certain recommendations were not appropriate or necessary”.
This Final Report constitutes a compromise that is the maximum that could be achieved by the group at this time under our currently allocated time and scope, and it should not be read as delivering results that were fully satisfactory to everyone.
The appears to be an understatement.
The Intellectual Property Constituency and Business Constituency were both the angriest, as you might expect. They wanted to be able to get more data on legal persons, and to be able to reverse-engineer domain portfolios using anonymous registrant-baed email addresses, and they won’t be able to do either.
The Governmental Advisory Committee and Security and Stability Advisory Committee both expressed positions in line with the IPC/BC, dismayed that no enforceable contract language will emerge from this process.
Councilor Marie Pattullo of the BC said during the GNSO Council vote last Wednesday that the work “exceeds what is necessary to protect registrant data” and that the EPDP failed to “preserve the WHOIS database to the greatest extent possible”.
The “optional differentiation between legal and natural persons is inadequate”, she said, resulting in “a significant number of records being needlessly redacted or otherwise being made unavailable”. The approved policies contain “no real policy and places no enforceable obligations on contracted parties”, she said.
IPC councilor John McElwaine called the EPDP “unfinished work” because the working group failed to reach a consensus on the legal/natural question. The IPC minority statement had said:
Requiring ICANN to coordinate the technical community in the creation of a data element which contracted parties are free to ignore altogether falls far short of “resolving” the legal vs. natural issue. And failing to require differentiation of personal and non-personal data fails to meet the overarching goal of the EPDP to “preserve the WHOIS database to the greatest extent possible” while complying with privacy law.
But McElwaine conceded that “a minority of IPC members did favor these outputs as being minor, incremental changes that are better than nothing”.
The BC and IPC both voted against the proposals, but that was not enough to kill them. They would have needed support from at least one councilor on the the other side of the GNSO’s Non-Contracted Parties House, the Non-Commercial Stakeholders Group, and that hand was not raised.
While the NCSG voted “aye”, and seemed generally fine with the outcome, it wasn’t happy with the process, and had some stern words for its opponents. It said in its minority statement:
The process for this EPDP has been unnecessarily long and painful, however, and does not reflect an appreciation for ICANN’s responsibility to comply with data protection law but rather the difficulty in getting many stakeholders to embrace the concept of respect for registrants’ rights…
With respect to the precise issues addressed in this report, we have stressed throughout this EPDP, and in a previous PDP on privacy proxy services, that the distinction between legal and natural is not a useful distinction to make, when deciding about the need to protect data in the RDS. It was, as we have reiterated many times, the wrong question to ask, because many workers employed by a legal person or company have privacy rights with respect to the disclosure of their personal information and contact data. The legal person does not have privacy rights, but people do.
While welcoming the result, the Registrars Stakeholder Group had similar concerns about the process, accusing its opponents of trying to impose additional legal risks on contracted parties. Its minority statement says:
it is disappointing that achieving this result was the product of significant struggle. Throughout the work on this Phase, the WG revisited issues repeatedly without adding anything substantially new to the discussion, and discussed topics which were out of scope. Perhaps most importantly, the WG was on many occasions uninterested in or unconcerned with the legal and financial risks that some proposed obligations would create for contracted parties in varying jurisdictions or of differing business models, or the risks to registrants themselves.
The Registries Stakeholder Group drilled down even more on the “out of scope” issue, saying the recommendation to create a new legal vs natural field in Whois went beyond what the working group had been tasked with.
They disagreed with, and indeed challenged, Drazek’s decision that the discussion was in-scope, but reluctantly went ahead and voted on the proposals in Council in order to finally draw a line under the whole issue.
The question of whether the legal vs natural question has been in fact been resolved seems to be an ongoing point of conflict, with the RySG, RrSG and NCSG saying it’s finally time to put the matter to bed and the IPC and BC insisting that consensus has not yet been reached.
The RySG wrote that it is “well past time to consider the issue closed” and that the EPDP had produced a “valuable and acceptable outcome”, adding:
The RySG is concerned that some have suggested this issue is not resolved. This question has been discussed in three separate phases of the EPDP and the result each time has been that Contracted Parties may differentiate but are not required to do so. This clearly demonstrates that this matter has been addressed appropriately and consistently. A perception that this work is somehow unresolved could be detrimental to the ICANN community and seen as undermining the effectiveness of the multistakeholder model.
Conversely, the BC said the report “represents an unfortunate failure of the multistakeholder process” adding that “we believe the record should state that consensus opinion did not and still does not exist”.
The IPC noted “a troubling trend in multistakeholder policy development”, saying in a clear swipe at the contracted parties that “little success is possible when some stakeholders are only willing to act exclusively in their own interests with little regard for compromise in the interest of the greater good.”
So, depending on who you believe, either the multistakeholder process is captured and controlled by intransigent contracted parties, or it’s unduly influenced by those who want to go ultra vires to interfere with the business of selling domains in order to violate registrant privacy.
And in either case the multistakeholder model is at risk — either “agree to disagree” counts as a consensus position, or it’s an invitation for an infinite series of future policy debates.
Business as usual at the GNSO, in other words.
Neustar exec fingered in Trump’s Russian “collusion” probe
A senior former Neustar executive has been outed as a participant in 2016 research that sought to establish nefarious links between then US presidential candidate Donald Trump and the Russian government.
According to a US federal indictment last month, former Neustar senior VP and head of security Rodney Joffe and others used DNS query data collected by the company to help create a “narrative” that Trump’s people had been covertly communicating with Kremlin-connected Alfa Bank.
The indictment claims that they did so despite privately expressing skepticism that the data was conclusive in establishing such ties.
Joffe did this work while under the impression he would be offered a top cybersecurity job in Hilary Clinton’s administration, had she won the 2016 general election, the indictment claims.
Joffe has not been accused of any illegality or wrongdoing — he’s not even named in the indictment — and his lawyer has told the New York Times that the indictment gives an “incomplete and misleading” version of events.
The indictment was returned by a federal grand jury on September 16 against Washington DC lawyer Michael Sussmann, as a result of Special Counsel John Durham’s investigation into the origins of the Trump-Russia “collusion” probe, which ultimately found insufficient evidence of illegality by the former president.
Sussman is charged with lying to the FBI when, in September 2016, he showed up with a bunch of evidence suggesting a connection between Trump and Alfa Bank and claimed to not be working on behalf of any particular client.
In fact, the indictment alleges, he was working on behalf of the Clinton campaign and Joffe, both of whom had retained his services. Lying to the FBI is a crime in the US.
The indictment refers to Joffe as “Technology Executive 1”, but his identity has been confirmed by the NYT and others.
Sussman’s evidence in part comprised DNS data supplied by Joffe and analyzed by himself and other researchers, showing traffic between the domain mail1.trump-email.com and the Russian bank.
At the time, Neustar was a leading provider of domain registry services, but also a significant player in DNS resolution services, giving it access to huge amounts of data about domain queries.
“Tech Executive-1 [Joffe] used his access at multiple organizations to gather and mine public and non-public Internet data regarding Trump and his associates, with the goal of creating a ‘narrative’ regarding the candidate’s ties to Russia,” the indictment claims.
According to the indictment, Joffe had been offered a job in the Clinton administration. He allegedly wrote, shortly after the November 2016 election: “I was tentatively offered the top [cybersecurity] job by the Democrats when it looked like they’d win. I definitely would not take the job under Trump.”
The researchers — which also included employees of the Georgia Institute of Technology, Fusion GPS, and Zetalytics, according to the NYT — sought to create a case for a connection between Trump and the Russian government while privately expressing doubts that their conclusions would stand up to third-party scrutiny, the indictment claims.
The suspicions were briefed to the media by Sussman and the Clinton campaign, the indictment says, and widely reported prior to the election.
When the FBI investigated the alleged links, it concluded the suspicious traffic was benign and caused by the activities of a third-party marketing firm, according to reports.
As I said, it is not alleged that Joffe broke the law, and his people say the indictment is, as you might expect from an indictment, one-sided.
Still, it’s a very interesting, and possibly worrying, insight into how companies like Neustar and their employees are able to leverage DNS resolution data for their own private purposes.
The full indictment, which uses pseudonyms for most of the people said to be involved in the research, can be read here (pdf). The New York Times story, which reveals many of these identities, can be read here (paywall).
While Neustar’s registry business was acquired last year by GoDaddy, it appears that Joffe did not make the move and instead stayed with Neustar. His LinkedIn profile showed he “retired” at some point in the last few weeks, after 15 years with the company.
Most registrars fail ICANN abuse audit
The large majority of accredited registrars failed an abuse-related audit at the first pass, according to ICANN.
(UPDATE October 14, 2021: ICANN disagrees with this characterization.)
The audit of 126 registrars, representing over 90% of all registered gTLD domains, founds that 111 were “not fully compliant with the [Registrar Accreditation Agreement’s] requirements related to the receiving and handling of DNS abuse reports”.
Only 15 companies passed with flying colors, ICANN said.
A further 92 have already put in place changes to address the identified concerns, with 19 more still struggling to come into compliance.
The particular parts of the RAA being audited require registrars to publish an abuse email address that it monitored 24/7 and to take action on well-founded cases of abuse within 24 hours of notification.
The results of the audit, carried out by ICANN Compliance and KPMG, can be found here (pdf).
Will you use SSAD for Whois queries?
ICANN is pinging the community for feedback on proposed Whois reforms that would change how people request access to private registrant data.
The fundamental question is: given everything you know about the proposed System for Standardized Access and Disclosure (SSAD), how likely are you to actually use it?
The SSAD idea was dreamed up by a community working group as the key component of ICANN’s response to privacy laws such as GDPR, and was then approved by the Generic Names Supporting Organization.
But it’s been criticized for not going far enough to grant Whois access to the likes of trademark lawyers, law enforcement and security researchers. Some have called it a glorified ticketing system that will cost far more than the value it provides.
Before the policy is approved by ICANN’s board, it’s going through a new procedure called the ODP, for Operational Design Phase, in which ICANN staff, in coordination with the community, attempt to figure out whether SSAD would be cost-effective, or even implementable.
The questionnaire released today will be an input to the ODP. ICANN says it “will play a critical role in assessing the feasibility and associated risks, costs, and resources required in the potential deployment of SSAD.”
There’s only eight questions, and they mostly relate to the volume of private data requests submitted currently, how often SSAD is expected to be used, and what the barriers to use would be.
ICANN said it’s asking similar questions of registries and registrars directly.
There’s a clear incentive here for the IP and security factions within ICANN to low-ball the amount of usage they reckon SSAD will get, whether that’s their true belief or not, if they want ICANN to strangle the system in its crib.
It’s perhaps noteworthy that the potential user groups the questionnaire identifies do not include domain investors nor the media, both of which have perfectly non-nefarious reasons for wanting greater access to Whois data. This is likely because these communities were not represented on the SSAD working group.
You can find the questionnaire over here. You have until July 22.
ICANN name servers come under attack
ICANN’s primary name servers came under a distributed denial of service attack, the Org said earlier this week.
The incident appears to have gone largely unnoticed outside of ICANN and seems to have been successfully mitigated before causing any significant damage.
ICANN said on its web site:
ICANN was subjected to a Distributed Denial of Service (DDoS) attack targeting NS.ICANN.ORG. This event did not result in harm to the organization. It was mitigated by redirecting traffic flows through a DDoS scrubbing service.
ns.icann.org is the address of ICANN’s name servers, which handle queries to ICANN-owned domains such as icann.org and iana.org.
The servers are also authoritative for Ugandan ccTLD .ug for some reason, and until a few years ago also handled the .int special-purpose TLD and sponsored gTLD .museum.
ICANN did not disclosed the exact date of the attack, nor speculate about whether it was targeted and why it might have happened.
Recent Comments