icann – Techdirt (original) (raw)

Very, Very Bad Ideas: Ukraine Asks ICANN To Disconnect Russia From The Internet

from the think-this-through-a-moment... dept

Much of the world is, correctly, standing up against Russia following its despicable invasion of Ukraine as part of Vladimir Putin’s power-mad fever dream. And in response there are lots of questions about how different companies are looking to punish, sanction, or limit Russian access to goods and services. Some of the ideas make sense. Some of them don’t. And some of them are incredibly dangerous. In the extremely dangerous territory is Ukrainian officials reaching out to ICANN on Monday and asking it to disconnect Russia from the internet, revoking domains issued in Russia and shutting down DNS servers in Russia.

Moreover, it’s becoming clear that this aggression could spread much further around the globe as the Russian Federation puts the nuclear deterrent on “special alert” and threatens both Sweden and Finland with “military and political consequences” if these states join NATO. Such developments are unacceptable in the civilized, peaceful world, in the XXI century.

Therefore, I’m strongly asking you to introduce the following list of sanctions targeting Russian Federation’s access to the Internet:

Revoke, permanently or temporarily, the domains “.ru”, “.рф” and “.su”. This list is not exhaustive and may also include other domains issued in the Russian Federation.

Contribute to the revoking for SSL certificates for the abovementioned domains.

Shut down DNS root servers situated in the Russian Federation, namely:

Saint Petersburg, RU (IPv4 199.7.83.42)

Moscow, RU (IPv4 199.7.83.42, 3 instances)

Apart from these measures, I will be sending a separate request to RIPE NCC asking to withdraw the right to use all IPv4 and IPv6 addresses by all Russian members of RIPE NCC (LIRs – Local Internet Registries), and to block the DNS root servers that it is operating.

All of these measures will help users seek for reliable information in alternative domain zones, preventing propaganda and disinformation. Leaders, governments and organizations all over the world are in favor of introducing sanctions towards the Russian Federation since they aim at putting the aggression towards Ukraine and other countries to an end. I ask you kindly to seriously consider such measures and implement them as quickly as possible. Help to save the lives of people in our country.

It is difficult to describe just how bad an idea this is. First of all, this is kind of what Russia already wants. It’s already looking to cut itself off from the wider internet in order to keep its own citizenry misinformed. Second, this punishes the Russian people, many of whom are against the war. Third, the internet remains the best way for activists on the ground in Russia to organize and to evade crackdowns by the Russian government. Fourth, the internet remains one of the most important ways that people outside of Russia are getting information on what is happening in the country.

Thankfully, it appears that almost everyone realizes exactly why this is a terrible, terrible idea.

“This is a huge request from Ukraine,” says Justin Sherman, a fellow at the Atlantic Council’s Cyber Statecraft Initiative. “It’s very likely ICANN will just say no. The Kremlin is spreading tons of propaganda and disinformation about Ukraine, but this is not the way to go about addressing it.”

The RIPE Network Coordination Centre, which (as noted above) received its own such request has similarly rejected it and explained the many reasons why cutting off Russia from the internet is a dreadfully bad idea.

It is crucial that the RIPE NCC remains neutral and does not take positions with regard to domestic political disputes, international conflicts or war.

This guarantees equal treatment for all those responsible for providing Internet services. This is a fundamental reason why the RIPE NCC has been able to maintain its operations in the way it has for the past three decades. It also means that the information and data provided by the RIPE NCC can be trusted as authoritative and free from bias or political influence. Failure to adhere to this approach would jeopardise the very model that has been key to the development of the Internet in our service region.

Separately, the Internet Society has put out a statement explaining why undermining the internet at this moment is a dangerous idea.

These proposals miss something fundamental about the Internet: it was never designed to respect country borders. The idea of unplugging a country is as wrong when people want to do it to another country as it is when governments want to do it to their own.

Internet connectivity means anyone with access can use the Internet to communicate. This means aggressors and opponents alike. Unlike most historical communication methods, the Internet is astonishingly resilient when conditions for connection are bad. It’s not magic. It won’t end wars or invasions. But it is a great tool for humans to use against their oppressors.

The Internet allows people who otherwise would be silenced to speak, so it should be no surprise that there are people the world over trying to undermine the Internet.

Russia has been trying for over a decade, with limited evidence of success (whatever the Kremlin has said), to be able to unplug from the Internet. Some governments impose Internet shutdowns that harm the interests of their citizens and impede economic development, all in the interests of social control. These efforts are not “the Internet with local characteristics,” or any other catchphrase. They’re opposition to the Internet. The Internet puts decisions about connections into the hands of people who want to connect. It’s a frightening idea to those who want to control the messages. But it’s what has made the Internet a resource to enrich people’s lives.

Furthermore, it notes just how dangerous a precedent this would set:

Once large network operators start demonstrating an ability to make routing decisions on political grounds, other governments will notice. This will attract regulatory requirements to shape network interconnection in real time along political lines. If we travel that path, in short order the network of networks will not exist. In its place we would have a different network design built around national gateways, broken up on geopolitical lines, and just as dynamic and robust as other multilateral, regulation-based systems. The Internet has done a lot to erode those systems because it is more efficient and effective. We’d give that up.

Without the Internet, the rest of the world would not know of atrocities happening in other places. And without the Internet, ordinary citizens of many countries wouldn’t know what was being carried out in their name. Our best hope, however dim, is that those supporting an aggressive regime will change their support. More information can help, even as disinformation circulates. We need a better understanding of what is and is not disinformation. Cutting a whole population off the Internet will stop disinformation coming from that population—but it also stops the flow of truth.

We must not ease the path for those who hate the Internet and its ability to empower people. We must fight the suppression of the Internet. This means making sure connectivity does not stop for anyone. It means ensuring that strong encryption, which protects ordinary communications, but also allows political discourse in the face of censorship, is always available. It means making sure the critical properties of the Internet are not undermined by legislation, no matter how well-meaning. It means making interconnections cheap and easy and ubiquitous, so that all networks are reliable and robust systems that can be made from unreliable parts. It means dedicating ourselves to ensuring that the Internet is for everyone.

I can kind of understand the thinking behind the original request, but it’s important to recognize how such an idea would (1) dangerously backfire in the short-term, and (2) set an extraordinarily bad precedent for the future that would then be widely abused. There are plenty of reasonable actions to take against Russia. Cutting them off from the internet is not one and would play into Putin’s hands.

Filed Under: dns, domain registrars, internet, russia, ukraine
Companies: icann, internet society, ripe

ICANN Board Blocks The Sale Of The .Org Registry

from the try-again dept

Last fall, we wrote about what appeared to be many of the sketchy details between the non-profit Internet Society (ISOC) agreeing to sell off the non-profit Public Interesty Registry (PIR), which runs the .org top level domain registry, to the very much for-profit private equity firm, Ethos Capital, which had recently been formed, and involved a bunch ex-ICANN execs and other internet registry folks. Even if the deal made perfect sense, there was a lot of questionable issues raised concerning who was involved, whether or not there was self-dealing, and how transparent the whole thing was. On the flipside, a number of very smart people I know and respect — including some who worked for ISOC, insisted that the deal not only made sense, but was good for the future of the .org domain and the wider internet. In January, we had a long podcast with Mike Godwin, who is on the board of ISOC and voted for the deal, debating whether or not the deal made sense.

In the intervening months, many people and organizations had petitioned ICANN to block the deal, and ICANN had repeatedly delayed its vote — with the last delay coming a few weeks ago right after California’s Attorney General, Xavier Becerra, sent a pretty scathing letter about the deal.

On Thursday, ICANN’s board voted to block the deal, saying that it just created too much uncertainty for non-profit organizations who rely on the .org top level domain.

The Board was presented with a unique and complex situation ? impacting one of the largest registries with more than 10.5 million domain names registered. After completing its evaluation, the ICANN Board finds that the public interest is better served in withholding consent as a result of various factors that create unacceptable uncertainty over the future of the third largest gTLD registry. Factors that were considered in determining reasonableness include, but are not limited to:

* A change from the fundamental public interest nature of PIR to an entity that is bound to serve the interests of its corporate stakeholders, and which has no meaningful plan to protect or serve the .ORG community. * ICANN is being asked to agree to contract with a wholly different form of entity; instead of maintaining its contract with the mission-based, not-for-profit that has responsibly operated the .ORG registry for nearly 20 years, with the protections for its own community embedded in its mission and status as a not-for-profit entity. * The US$360 million debt instrument forces PIR to service that debt and provide returns to its shareholders, which raises further question about how the .ORG registrants will be protected or will benefit from this conversion. This is a fundamental change in financial position from a not-for-profit entity. * There are additional uncertainties, such as an untested Stewardship Council that might not be properly independent, or why PIR needs to change its corporate form to pursue new business initiatives. * The transaction as proposed relies on ICANN as a backstop for enforcement of disputes between the .ORG community and the registry operator in an untested manner.

The entire Board stands by this decision. After thorough due diligence and robust discussion, we concluded that this is the right decision to take. While recognizing the disappointment for some, we call upon all involved to find a healthy way forward, with a keen eye to provide the best possible support to the .ORG community.

It will be interesting to see what happens next — but if ISOC wants to sell off PIR, it’s apparently going to need to go down a different path. In the meantime, ISOC’s CEO sent out an email and a blog post talking about his disappointment, and (once again) explaining why he felt the deal made sense and was done appropriately, and promises to continue to move forward with helping to make a better internet. He also insists that PIR is not for sale, while taking a dig at ICANN in the process:

Now that we know that ICANN believes its remit to be much larger than we believe it is, we can state this clearly: neither PIR nor any of its operations are for sale now, and the Internet Society will resist vigorously any suggestion that they ought to be.

While most of the focus in these discussions has been specific to the impact on PIR and the .org domain, I do separately wonder if this whole mess will hurt ISOC itself in the very good work that it does. I hope not. Even as I came down pretty clearly against this deal, I can at least recognize that the people on the ISOC side at least were honestly trying to do what they believed made the most sense for everyone. However, a very large swath of the civil society, non-profit, and public interest world disagreed — and I fear that this ends up damaging ISOC’s overall credibility going forward. If that is the end result of this, it would be a huge shame.

Filed Under: .org, non-profits, private equity, tlds
Companies: ethos capital, icann, isoc, pir

The Sketchy, Sketchy Case Of ICANN Execs And Self-Dealing Regarding The .Org Domain

from the this-looks-bad dept

Earlier this month, within the domain name world, there were significant concerns raised upon the news that Internet Society (ISOC), the (perhaps formerly?) well-respected nonprofit that helps “provide leadership in Internet-related standards, education, access, and policy” had agreed to sell off the Public Interest Registry, which is the registry that manages all .org top level domain (TLD) names, to a private equity company called Ethos Capital. Just having a public interest nonprofit selling off a part of its operations to a private equity group would be trouble enough, but the details make the story look much, much worse.

Just a few months ago, ICANN, a different non-profit that is in charge of coordinating and managing the various top level domain namespaces, and figuring out who gets to manage the associated registries (and, which has been subject to years of controversy regarding poor accountability and transparency, along with accusations of self-dealing), had announced that it was eliminating the price caps on the .org TLD. For most of the past decade, the ICANN agreement regarding the .org TLD space had held that .org domains had a maximum top price of $8.25 per year per domain.

ICANN claimed that it was making changes to the .org contract to “better conform” with the base registry agreement that ICANN had with other TLDs, tons of which have come on the market over the past few years. However, seeing as the .org TLD is one of the oldest ones on the web, and which has generally been considered (though, not exclusively) to be used for things like non-profits and community organizations, many people were reasonably concerned about the lifting of the price cap. Indeed, in response to ICANN’s request for comment, the comments went overwhelmingly against the removal of the price cap.

But ICANN did it anyway.

And, then, just a few months later, the Internet Society sells off the registry to a private equity firm.

And it gets worse. Remember how I mentioned earlier the years-long concerns about ICANN and self-dealing?

Ethos Capital is a new private equity firm lead by Erik Brooks. Brooks was at Abry Partners until earlier this year. Abry Partners acquired Donuts and installed former ICANN President of Global Domains Akram Atallah in the top spot there.

Donuts co-founder Jon Nevett left to be CEO of Public Interest Registry.

The other person at Ethos is former ICANN Senior Vice President Abusitta-Ouri.

Ethos appears to have just been founded. It acquired the domain name EthosCapital.com at the end of October through Afternic.

Oh, and it gets even worse:

Despite stating that Ethos Capital ?understands the intricacies of the domain industry? its founder and CEO Erik Brooks has no experience within that industry. The firm?s website lists only Brooks and one Nora Abusitta-Ouri ? who joined the outfit last month as its ?chief purpose officer? ? as employees.

But there is a common thread between those two and it is Fadi Chehade, a former CEO of ICANN, the organization that oversees the domain-name system and awards the contracts to run internet registries.

It was under Chehade that ICANN radically changed its approach to internet registries, including a massive expansion of the internet namespace and a move toward a free market approach to internet addresses.

Oh, and it gets even worse. While Ethos Capital does not list Chehade as an employee, it appears that he started the organization:

On May 7 this year, Fadi Chehade appears to have registered EthosCapital.org. He is listed as the owner in Whois. That was just before a Delaware company by the name Ethos Capital, LLC was formed.

May 7th, eh? the timing is notable:

That date is significant because it is one day after ICANN indicated it was planning to approve the lifting of price caps through its public comment summary.

In case you were wonder about the “thread” that ties Brooks, Abusitta-Ouri and the CEO of Public Interest Registry:

The founder of Ethos Capital is Erik Brooks. He left ABRY Partners this year after spending two decades at the investment firm.

Does the name Abry ring a bell? That?s because it?s the company that bought new top level domain name company Donuts last year.

That deal involved Abry Senior Advisor Fadi Chehade. Chehade is the former CEO of ICANN, the group that oversees the domain name industry.

Now we have a twenty year veteran of Abry, who worked on the Donuts deal and was (or still is) a member of Donuts? board, leaving this year to form a new entity that buys a registry, much like how Abry bought Donuts.

And the CEO of Public Interest Registry is Jon Nevett, one of the founders of Donuts.

Oh, and:

The other person listed on Ethos Capital?s website is Nora Abusitta- Ouri. She worked for Chehadi at ICANN as SVP, Development and Public Responsibility Programs.

In other words, the folks involved here are all very closely connected, and it happened right after ICANN, going against the public’s clearly stated interests, suddenly made the .org domain space much more open to profit exploitation. The whole thing is incredibly sketchy.

And while Ethos Capital has put out a meaningless statement promising to keep the .org domain space “accessible and reasonably priced for all” and to “live within the spirit of historic practice when it comes to pricing,” though admitting it might start adding in “annual price increases of up to 10 percent on average.”

Even if everything is aboveboard, the entire sequence of events sure looks incredibly sketchy, and no one involved has done anything to address the concerns about how this all went down. Internet Society insists that Ethos Capital only just approached it about buying PIR a couple months ago, but given the dates and activities described above, it’s reasonable to infer that Ethos was planning this out from about the time that ICANN decided it was going to drop the price cap on .org domains.

As more and more anger rose about this whole mess, ISOC is trying to calm the waters by (somewhat hilariously) launching an entire website called KeyPointsAbout.org in which it tries to defend this mess:

Under the new ownership, PIR?s operation of .ORG will continue as usual with the same excellent management team and reliable backend registry operator. There will be no disruption of services to the .ORG Community.

Both PIR and Ethos Capital are committed to ensuring a smooth and seamless transition, and to continuing the community orientation and strong social purpose of the .ORG and PIR. Ethos is enthusiastic about developing new services and support to serve the .ORG Community.

It also insists that the lifting of price caps had absolutely nothing to do with this, and that this wasn’t all planned out in advance, but in September — a claim that almost no one believes. The one “new” fact in this statement is finally admitting what everyone already suspected, that Chehade is associated with Ethos Capital as an “adviser” though it downplays that role and tries to talk up how he advises lots of companies. Thing is, mere “advisers” aren’t usually the people registering the domain names…

Separately, it’s now been revealed who is financing this whole thing:

… the bulk of the money would come from the investment vehicles of renowned US Republican billionaires: Perot Holdings, tied to former presidential candidate Ross Perot; FMR LLC, closely associated with the Johnson family, one of the Republican Party?s biggest backers; and Solamere Capital, tied to Republican senator Mitt Romney.

Congrats, Senator Romney, on buying up the public interest part of the internet.

That same article, from the Register notes, disappointingly, that Vint Cerf, is supporting this move and even insisting that if Ethos raised the prices of .org domains to $60/year that’s not such a big deal:

Asked on the ISOC members list about the risks of .org domain holders facing domains as much as 60ayear,Cerfsurprisedmanywhenheresponded:?Hardtoimaginethat60 a year, Cerf surprised many when he responded: ?Hard to imagine that 60ayear,Cerfsurprisedmanywhenheresponded:?Hardtoimaginethat60/year would be a deal breaker for even small non-profits.?

[….]

That comment prompted [co-founder of the .eco top-level domain Jacob] Malthouse to point out that $60 is the equivalent of two weeks? wages in sub-Sahara Africa, where a large number of non-profits rely on their internet presence for awareness of their efforts.

All in all this is a bad look from an organization and individuals with a history of questionable deal-making and accusations of self-dealing. It’s disappointing to see Cerf support this deal.

Filed Under: .org, akram atallah, erik brooks, fade chehadi, jon nevett, nora abusitta-ouri, private equity, self dealing, top level domains, vint cerf
Companies: ethos capital, icann, isoc, pir, public interest registry

from the oh,-do-give-it-a-rest dept

Back in May, we wrote about the bizarre attempt by the Internet Corporation for Assigned Names and Numbers (ICANN) to exempt itself from the EU’s new privacy legislation, the GDPR. ICANN sought an injunction to force EPAG, a Tucows-owned registrar based in Bonn, Germany, to collect administrative and technical contacts as part of the domain name registration process. EPAG had refused, because it felt doing so would fall foul of the GDPR. A German court turned down ICANN’s request, but without addressing the question whether gathering that information would breach the GDPR.

As the organization’s timeline of the case indicates, ICANN then appealed to the Higher Regional Court of Cologne, Germany, against the ruling. Meanwhile, the lower court that issued the original judgment decided to re-visit the case, which it has the option to do upon receipt of an appeal. However, it did not change its view, and referred the matter to the upper Court. The Appellate Court of Cologne has issued its judgment (pdf), with a comprehensive smackdown of ICANN, yet again (via The Register):

Regardless of the fact that already in view of the convincing remarks of the Regional Court in its orders of 29 May 2018 and 16 July 2018 the existence of a claim for a preliminary injunction (Verfügungsanspruch) is doubtful, at least with regard to the main application, the granting the sought interim injunction fails in any case because the Applicant has not sufficiently explained and made credible a reason for a preliminary injunction (Verfügungsgrund).

The Appellate Court pointed out that ICANN could hardly claim it would suffer “irreparable harm” if it were not granted an injunction forcing EPAG to gather the additional data. If necessary, ICANN could collect that information at a later date, without any serious consequences. ICANN’s case was further undermined by the fact that gathering administrative and technical contacts in the past had always been on a voluntary basis, so not doing so could hardly cause great damage.

Once more, then, the question of whether collecting this extra personal information was forbidden under the GDPR was not addressed, since ICANN’s argument was found wanting irrespective of that privacy issue. And because no interpretation of the GDPR was required for the case, the Appellate Court also ruled there were no grounds for referring the question to the EU’s highest court, the Court of Justice of the European Union.

ICANN says that it is “considering its next steps”, but it’s hard to see what those might be, given the unanimous verdict of the courts. Maybe it’s time for ICANN to comply with the EU law like everybody else, and for it to stop wasting money in its forlorn attempts to get EU courts to grant it a special exemption from the GDPR’s rules.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: eu, gdpr, privacy, whois
Companies: icann

from the who-is-whois-for? dept

The EU’s General Data Protection Regulation (GDPR) has only just started to be enforced, but it is already creating some seriously big waves in the online world, as Techdirt has reported. Most of those are playing out in obvious ways, such as Max Schrems’s formal GDPR complaints against Google and Facebook over “forced consent” (pdf). That hardly came as a shock — he’s been flagging up the move on Twitter for some time. But there’s another saga underway that may have escaped people’s notice. It involves ICANN (Internet Corporation for Assigned Names and Numbers), which runs the Internet’s namespace. Back in 2015, Mike memorably described the organization as “a total freaking mess”, in an article about ICANN’s “war against basic privacy”. Given that history, it’s perhaps no surprise that ICANN is having trouble coming to terms with the GDPR. The bone of contention is the information that is collected by the world’s registrars for the Whois system, run by ICANN. EPAG, a Tucows-owned registrar based in Bonn, Germany, is concerned that this personal data might fall foul of the GDPR, and thus expose it to massive fines. As it wrote in a recent blog post:

We realized that the domain name registration process, as outlined in ICANN’s 2013 Registrar Accreditation Agreement, not only required us to collect and share information we didn’t need, it also required us to collect and share people’s information where we may not have a legal basis to do so. What’s more, it required us to process personal information belonging to people with whom we may not even have a direct relationship, namely the Admin and Tech contacts [for each domain name].

All of those activities are potentially illegal under the GDPR. EPAG therefore built a new domain registration system with “consent management processes”, and a data flow “aligned with the GDPR’s principles”. ICANN was not happy with this minimalist approach, and sought an injunction in Germany in order to “preserve Whois data” — that is, to force EPAG to collect those administrative and technical contacts. A post on the Internet Governance Project site explains why those extra Whois contacts matter, and what the real issue here is:

The filing by ICANN’s Jones Day lawyers, which can be found here, asserts a far more sweeping purpose for Whois data, which is part of an attempt to make ICANN the facilitator of intellectual property enforcement on the Internet. “The technical contact and the administrative contact have important functions,” the brief asserts. “Access to this data is required for the stable and secure operation of the domain name system, as well as a way to identify those customers that may be causing technical problems and legal issues with the domain names and/or their content.”

As the tell-tale word “content” there reveals, the real reason ICANN requires registrars to collect technical and administrative contacts is because the copyright industry wants easy access to this information. It uses the personal details provided by Whois to chase the people behind sites that it alleges are offering unauthorized copies of copyright material. This is precisely the same ICANN overreach that Techdirt reported on back in 2015: the organization is supposed to be running the Internet’s domain name system, not acting as a private copyright police force. The difference is that now the GDPR provides good legal and financial reasons to ignore ICANN’s demands, as EPAG has noted.

In a surprisingly swift decision, the German court hearing ICANN’s request for an injunction against EPAG has already turned it down:

the Court said that the collection of the domain name registrant data should suffice in order to safeguard against misuse the security aspects in connection with the domain name (such as criminal activity, infringement or security problems).

The Court reasoned that because it is possible for a registrant to provide the same data elements for the registrant as for the administrative and technical contacts, ICANN did not demonstrate that it is necessary to collect additional data elements for those contacts. The Court also noted that a registrant could consent and provide administrative and technical contact data at its discretion.

However, as ICANN rightly notes, that still leaves unanswered the key question: would collecting the administrative and technical contact information contravene the GDPR? ICANN says it is “continuing to pursue the ongoing discussions” with the EU on this, and a clarification of the legal situation here would certainly be in everyone’s interests. But there is another important angle to this. As the security researcher Brian Krebs wrote on his blog back in February:

For my part, I can say without hesitation that few resources are as critical to what I do here at KrebsOnSecurity than the data available in the public WHOIS records. WHOIS records are incredibly useful signposts for tracking cybercrime, and they frequently allow KrebsOnSecurity to break important stories about the connections between and identities behind various cybercriminal operations and the individuals/networks actively supporting or enabling those activities. I also very often rely on WHOIS records to locate contact information for potential sources or cybercrime victims who may not yet be aware of their victimization.

There’s no reason to doubt the importance of Whois information to Krebs’s work. But the central issue is which is more important for society: protecting millions of people from spammers, scammers and copyright trolls by limiting the publicly-available Whois data, or making it easier for security researchers to track down online criminals by using that same Whois information? It’s an important discussion that is likely to rage for some time, along with many others now being brought into sharper focus thanks to the arrival of the GDPR.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: copyright, domain registrars, enforcement, gdpr, germany, privacy, whois
Companies: epag, icann, tucows

Malware Purveyor Serving Up Ransomware Via Bogus ICANN Blacklist Removal Emails

from the for-best-results,-enable-macros dept

Fun stuff ahead for some website owners, thanks to a breakdown in the registration process. A Swiss security researcher has spotted bogus ICANN blacklist removal emails being sent to site owners containing a Word document that acts as a trigger for ransomware.

Fake @ICANN Domain Abuse Notices being spammend out to domain owners, distributing malware (Dridex?) – icann-monitor[dot]org

These fake @ICANN abuse notices distribute Cerber Ransomware (hXXp://csenet.org/view/file5.exe) calling out to ffoqr3ug7m726zou.1nuljt.top

— abuse.ch (@abuse_ch) December 29, 2016

These fake @ICANN abuse notices distribute Cerber Ransomware (hXXp://csenet.org/view/file5.exe) calling out to ffoqr3ug7m726zou.1nuljt.top

The email appears to orginate from somewhere legitimate, as seen in this screenshot:

But the quasi-legit URL (icann-monitor.org) was only very recently registered through eNom, which apparently had no problem with some internet rando snagging a URL closely associated with the international group that governs domain names.

Domain Name: ICANN-MONITOR.ORG Domain ID: D402200000001096932-LROR WHOIS Server: Referral URL: http://www.enom.com Updated Date: 2016-12-29T15:25:14Z Creation Date: 2016-12-28T20:19:57Z Registry Expiry Date: 2017-12-28T20:19:57Z Sponsoring Registrar: eNom, Inc. Sponsoring Registrar IANA ID: 48 […] Tech Email: legal@whoisguard.com Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM

Ironically, the emails containing this malware inform recipients that their domain is “being used for spamming and spreading malware.” The spam email invites site owners to download a malware-laced “report” for further instructions on how to remove their site from the blacklist, warning them they only have 24 hours to ~~fall victim to ransomware~~ respond.

The researcher is now “counting the hours (days?)” until either eNom or ICANN act in response to this spoofing/ransomware attack. Don’t hold your breath. ICANN has yet to say anything publicly about this and, as of this point, eNom has yet to deactivate the account. For now, the fake ICANN still lives and breathes and poses a threat to recipients of this official-looking email.

Filed Under: blacklist, malware, ransomware
Companies: icann

Judge Says No Way To Attorneys General Looking To Block IANA Transition

from the transition-is-a-go dept

Well, this isn’t much of a surprise, but following the ridiculous last minute attempt to block the IANA transition by four state attorneys general (who have absolutely no standing or argument), a judge has flatly denied their request for an injunction meaning that the transition is a go for midnight tonight, barring any really last minute unforeseen methods to block it (or a desperate leapfrog to an appeals court).

Having spent part of the morning responding to clueless conspiracy theorists on my earlier post, I’m sure you’re going to hear the standard ridiculous lizard people warnings about how this is enabling “the UN” or “leftists” and “globalists” to “takeover” the internet and how it will allow China to build the “Great Firewall” into the core functioning of the internet. None of that is even remotely true. What happens tonight at midnight is… nothing, basically. ICANN, which has managed the IANA function through its multistakeholder process for almost two decades… will continue to do so. Nothing changes. The only “change” is that the US Commerce Dept. no longer has to issue a contract to ICANN for the IANA functions. And that’s it.

But, at a larger scale, what this does is preserve the way internet governance currently works, and makes sure that governments are not the one running the show. Under the ICANN setup, things are not decided at the whim of any government, but through a much more involved process, that allow lots of non-government players — including the engineers who built the internet and keep it functioning — to have a major say in what happens. This is good. ICANN is far from a perfect vehicle for internet governance, but this change is a good one.

Filed Under: attorneys general, iana, iana transition, internet governance
Companies: icann

Ridiculously Stupid: 4 State Attorneys General File Totally Bogus Lawsuit Against Internet Transition

from the make-it-stop dept

Okay, this is really dumb. What is it about state attorneys general making totally bullshit claims? It seems to happen with fairly consistent frequency. The latest is that four state AGs (from Arizona, Texas, Oklahoma and Nevada) have filed a lawsuit to stop the IANA transition. If you don’t recall, we’ve written about this a bunch. A bunch of people are up in arms over something they don’t seem to understand. The IANA transition is a good thing. It’s not the US government handing over the internet to Russia and China as you may have heard. It’s the Commerce Department severing an almost entirely symbolic link between it and a very specific internet governance capability concerning top level domains. And it’s important to complete the transition because other countries (including Russia and China) keep pointing to this symbolic link as a reason for why they should have more say in internet governance. Getting rid of the link keeps the internet functioning as it has for decades — and takes away a weapon from Russia and China. More importantly, going back on the transition now actually gives even more ammo to Russia and China, allowing them to point to unilateral actions by the US gov’t to block a process that everyone had agreed upon earlier.

Anyway, to the actual lawsuit. It’s dumb. It’s really dumb. If you live in Arizona, Texas, Oklahoma or Nevada, you should be embarrassed for your Attorneys General. Elect better ones next time, please. First of all, they have no standing whatsoever to file this lawsuit. The IANA/top level domain system is not those states’ property. They have no claim here other than “HEY LOOK! POLITICAL FOOTBALL THAT WE CAN GRANDSTAND OVER!” That does not give them standing. The best they can come up with for claiming standing is… uh… “hey, we have some websites.” No, really.

Plaintiffs operate multiple websites, including those that use the .gov and .com generic top level domains, to conduct their business and communicate with their citizens.

Yeah. That’s not enough to get standing here, buckos. Also, in filing a lawsuit they don’t allege any actual harms. That’s kind of a big no no when filing a lawsuit. Instead, they sorta maybe kinda speculate that maybe possibly there could (sorta, maybe) be some (possible, maybe, not really) harm in the theoretical future. Maybe.

Second, the entire crux of the lawsuit is that the authoritative root zone file and the internet domain name system itself are somehow “property” of the federal government, and that this transition is, in effect, the giving away of government property without an act of Congress, violating the Property Clause of the Constitution. Except, as we just discussed recently, the Government Accountability Office studied this issue earlier this month and came to the conclusion that “nope, it’s not property.” In case you missed it then:

It is unlikely that either the authoritative root zone file?the public ?address book? for the top level of the Internet domain name system?or the Internet domain name system as a whole, is U.S. Government property under Article IV. We did not identify any Government-held copyrights, patents, licenses, or other traditional intellectual property interests in either the root zone file or the domain name system. It also is doubtful that either would be considered property under common law principles, because no entity appears to have a right to their exclusive possession or use.

Others have walked through some of the other charges and find them all totally lacking. A judge is set to review this request for an injunction later today, and you never know how any individual judge might rule. So it’s entirely possible that this will muck up the timing of the transition, but long term, this filing is not just a joke, but it’s an embarrassment and a waste of taxpayer money in those four states.

Filed Under: arizona, congress, gao, iana, iana transition, internet governance, nevada, oklahoma, property, standing, texas
Companies: icann

Arguments Over Internet Governance Transition Get Even More Stupid

from the make-it-stop dept

So, yesterday, we noted that the Senate at least seemed to come (at least somewhat) to its senses in choosing not to include the ridiculous and dangerous proposal from Ted Cruz (and supported by Donald Trump) to block the transition of the IANA functions of internet governance away from the Commerce Department. I won’t go into (once again) why this is important and not a problem, or even why Cruz’s objections to it are so backwards that his plan will actually make it more likely that the “bad” result he keeps warning about will actually come to pass. You can reread the older articles on that.

However, with Democrats complaining about the Senate’s Continuing Resolution and a vote on it being pushed off, the debate over the possibility of blocking the transition is still going on. Hell, Ted Cruz even pointed to Donald Trump’s support of his plan as a reason to finally endorse Trump:

Internet freedom. Clinton supports Obama?s plan to hand over control of the Internet to an international community of stakeholders, including Russia, China, and Iran. Just this week, Trump came out strongly against that plan, and in support of free speech online.

Except, none of that is true. First, the plan does not hand over control to Russia, China and Iran — and keeping IANA under the Commerce Dept. makes it A LOT MORE LIKELY that that coalition of countries is able to grab control of the IANA functions from ICANN and the US. But, uh, even more importantly, claiming that Trump is in favor of “free speech online” is laughable. This is the candidate who has repeatedly talked about “opening up our libel laws” to go after speech he doesn’t like, has threatened to sue many publications for protected speech, and has flat out declared that we should turn off parts of the internet and anyone who responded with “freedom of speech” was “foolish.”

But, that’s still not the craziest argument I’ve heard recently concerning the transition. The award there goes to Theresa Payton, who was a top IT staffer at the White House under George W. Bush and now runs a “cybersecurity” firm. She wrote a bizarre opinion piece in The Hill that, frankly, calls into question whether she understands what ICANN even does. She tries to argue that the transition will somehow make it easier for Russia to hack our election… because [reasons].

Changing who controls the Internet Corporation for Assigned Names and Numbers (ICANN) so close to our presidential election will jeopardize the results of how you vote on Nov. 8 unless Congress stops this changeover. When the calendar hits Sept. 30, a mere 6 weeks before our election, the United States cannot be assured that if any web site is hacked, the responsible party will be held accountable. We cannot be sure if a web site is a valid. We cannot be sure if one country is being favored over another. These are all the things ICANN is responsible for and has worked perfectly since the Internet was created. Why change it now and so close to the election? Why does that matter to you as a voter?

Take a look at recent cyber activity as it relates to the election. The Democratic National Convention was breached comprising the entire party?s strategy, donor base, and indeed, national convention. Everything the DNC had done to prepare for a moment four years in the making (if not longer) was undermined by a hacker who had been in their system for some time but waited for the optimal moment to spring it on the DNC ? opening day of the convention. The FBI and other U.S. agencies, as the headlines blare, suspect Russia is responsible for the hack. Recently, Vladimir Putin went so far as to say, “Does it matter who broke in? Surely what’s important is the content of what was released to the public.?

Except, uh, ICANN has nothing to do with figuring out who hacks who. Nor is it the party that’s figuring out if one country “is being favored over another” or if a “website is valid.” That’s not ICANN’s job, and has nothing to do whatsoever with the IANA transition — which will leave the internet working exactly as it has before. Honestly, this opinion piece does nothing to call the transition into question, but does a tremendous job in calling Theresa Payton’s knowledge of technology and cybersecurity into question.

ICANN does more than just assign and/or approve your website?s domain. ICANN has its own Security and Stability Advisory Committee, which ?engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly.? They are equivalent to your security guard at the bank. Why change the security guard now when voter data is more vulnerable ? and prized – than ever?

If ICANN changes hands, so do the security measures taken to protect the rightful owner of your web site. If a site was hijacked today ? not an uncommon crime in the cyber world – to reassert yourself as the rightful owner, you would go through law enforcement channels, your domain provider, and yes, ICANN.

First of all, the “transition” in question isn’t about transitioning all of ICANN. Just its IANA functions, which only have a symbolic connection to the US government. Second, Payton seems to not understand what ICANN does, what the ICANN SSAC does, or how internet security works. They are not the equivalent of the “security guard at the bank.” You’d think the CEO and founder of a “cybersecurity” company would know that. And, after the IANA transition takes place, ICANN itself doesn’t “change hands” nor does it change what the SSAC does, which isn’t anything even remotely close to what Payton seems to think it does.

Don’t trust me? How about Stephen Crocker, who heads ICANN’s Board of Directors — and also helped create the damn internet. You know how much of the internet was designed through “RFCs” — “Requests for Comments” — well, Crocker invented the RFC and wrote the very first one. I think he knows what he’s talking about. And he and the head of ICANN’s SSAC, Patrik Fallstrom, have responded to Payton with a nicer version of “you have no idea what you’re talking about.”

The SSAC is not a ?security guard? for the Internet. The SSAC has no enforcement power, and the value of its advice is based on the strength of the facts underlying such advice.

The Security and Stability Advisory Committee advises the ICANN community and Board on matters relating to the security and integrity of the Internet’s naming and address allocation systems. Our recent work include advisories on a wide range of topics such as internationalized domain names, protecting domain name owners and operators, best practices for domain name registrars, analysis on the changing nature of IPv4 address semantics, and advice on matters pertaining to the correct and reliable operation of the root name system and other issues (see https://ssac.icann.org/ for more details). The SSAC neither operates as a security guard for the Internet, nor does it aspire to.

The IANA transition has no practical effect on the work and activities of the SSAC. Nor does the transition have any effect on the security and stability of website owners worldwide. The risk of compromise of a website owner does not increase as a result of the IANA transition, since ICANN and IANA do not control either the ownership of websites or the content on websites. Leading technical experts, industry associations, and civil society groups agree that allowing the IANA contract to expire is the best possible way to protect and promote the continued integrity of the Internet.

There is simply no relationship between ICANN and the current U.S. election process. Assertions of this sort are misleading and irresponsible. On the other hand, attempt to connect ICANN to the U.S. political process play directly into the hands of the enemies of an open Internet who would like to see ICANN and other Internet bodies put under the control of the United Nations or, worse yet, broken up into separate, government-controlled networks that do not interoperate smoothly around the world.

So, yeah. It seems that as we get closer to the transition, and since this issue has become “political,” we’re seeing stupider and ever more clueless attacks — but they seem to only serve to make the people behind them look worse and worse. This shouldn’t be a partisan issue. It shouldn’t be a political issue. It shouldn’t be an issue. Severing the minor link connection between IANA and the Commerce Department changes nothing practical in how the internet is governed, but takes a big weapon away from Russia and China in their quest to take control over those functions.

Filed Under: donald trump, iana, iana transition, internet freedom, internet governance, stephen crocker, ted cruz, theresa payton
Companies: icann

Senate Comes To Its Senses: Does NOT Support Ted Cruz's Plan To Block Internet Governance Transition

from the crisis-averted dept

So, just a few hours ago, the reports were still spreading that the Senate would absolutely include Ted Cruz’s preferred language that would block the (largely symbolic, but really important) transfer of control over the IANA functions of ICANN away from the Commerce Department. We’ve explained over and over and over again why this is important — including once this morning in response to Donald Trump suddenly taking a stand (an incredibly ignorant one, but a stand) on the issue.

And then… poof. The Senate Appropriations Committee released its “short term continuing resolution” (CR for short) and it does not include any language on blocking the IANA transition. So… all the talk and (misleading) hype was apparently a bunch of grandstanding and hot air over nothing. It may have just been posturing and used to negotiate something else. Or, maybe (just maybe) people who actually understood what was happening with the IANA transition were actually able to explain to those in charge how stupid all this rhetoric was. That would certainly be a nice explanation for this — though it seems tragically unlikely.

But, for the short term, this means a very dangerous thing for the internet, pushed for by Ted Cruz (and, as of yesterday, Donald Trump) has been avoided. It’s possible that the House could try to somehow move to block the transition, but that seems unlikely. So, we may have actually won one here and narrowly avoided political grandstanding mucking up a piece of the internet. Phew.

Filed Under: continuing resolution, donald trump, funding, iana, iana transition, internet, internet governance, senate, ted cruz
Companies: icann