ICANN Cheers Registrars' Efforts to Fight COVID-19 Scammers

ICANN chief executive Goran Marby has a message for its hundreds of registrars. Though ICANN can't involve itself in content issues, "That does not mean we are unconcerned or unaware of how certain domain names are being misused in fraudulent activities during this global pandemic." It is this concern that prompted me to contact the registries and registrars thanking them for their efforts and actions aimed at helping to mitigate and minimize the abusive domain names being used to maliciously take advantage of the coronavirus pandemic. For example, the Registrar Stakeholder Group has posted a useful guide, entitled "Registrar approaches to the COVID-19 Crisis" that provides a number of steps and resources the registrar community can use in their efforts.

Many of our contracted parties already support a Framework to Address Abuse, which deals with DNS abuse and website content abuse. I continue to commend them for making this commitment to protect the DNS from those who would maliciously exploit domain names. In my correspondence to the registries and registrars, I expressed ICANN org's appreciation for their work during the pandemic.

Additionally, I'm pleased to tell you that ICANN org has joined registries, registrars, security experts, law enforcement, Internet engineers, and others, in the COVID-19 Cyber Threat Coalition (CTC). The CTC's mission is to, "operate the largest professional-quality threat lab in the history of cybersecurity out of donated cloud infrastructure and with rapidly assembled teams of diverse, cross-geography, cross-industry threat researchers."

I am proud that so many in the Internet ecosystem are joining together during this crisis to stop those who prey on the desperate.
AFP reports that just in March at least 100,000 websites were registered with names including terms like "COVID," "corona," and "virus," according to recent report prepared for ICANN. "COVID-19 is unique in that it is truly global; and the cyber bad guys haven't drifted toward it, they have rushed toward it like a barrel off Niagra Falls," ICANN security chief John Crain told AFP.

"This is a new low, preying on people at a time like this."

While they sneak through a

[oldgraybeard]

deal to sell the .org domain business to a hedge fund. to get BIG profits for themselves.

ICANN what a joke!

Just my 2 cents ;)

Where'd they learn that?

[rmdingler]

Like the political strategists are fond of saying, "You never let a serious crisis go to waste".

Standby for legit sites to get taken down

[MyFirstNameIsPaul]

I'm wondering if they do like they did back in the P2P days of taking down batches of sites, with legit sites buried in the lists, never to come back again.

I'm confused

[fred911]

".. ICANN can't involve itself in content issues.."

So what is your motivation? I thought your job was resolution. Make sure the network resolves properly and your registrars are operating per legislation in their specific location, and let the individual jurisdictions worry about content.

The minute a utility designed to make it easier for a human to resolve a name to an address decides it has responsibility for content publication is the minute the network needs to find a better solution for domain resolut

Re:

[PPH]

I think what they mean is that they will limit their oversight to things like typosquatting and misuse of trademarked names. Once you get to the site you were looking for, it's still "Let the buyer beware."

Re:

[gbjbaanb]

virtue signalling that they're the good guys.

I know, stop laughing.

This is the company that is selling the .org to a hedge fund, and created the ".sucks" domain specifically to rake in cash from companies that had to buy one before someone else did, at a massive mark up.

This is not really a new low

[ITRambo]

Scammers take advantage of every opportunity to trick people. It's not really a new low. It's, unfortunately, more of the same. We can never stop being vigilant about online fraud.

Re:

[NateFromMich]

Thank you. Came here to say this very thing. It's just a different thing to use to scam people about.

Re:

[fred911]

"We can never stop being vigilant about online fraud."

Fraud is fraud. It's not changed since the 1600's tulip market in Amsterdam, snake oil salesmen in the early 1900s, CDOs from Goldman or investments from Madoff.

It's just become easier (and significantly cheaper) to target victims internationally.

There will always be a vector for a criminal, and those vectors will be found and exploited before those responsible for enforcement will know of it's availability. The cat will chase the mouse in perpetuity.

Res

Re:

[kingbilly]

"But people need to know how to authenticate the data or resource they may be tempted to use, before they use it. It's not that complicated. But it's not the responsibility of a network routing resource either."

Agreed and this is my argument for being okay with the extended validation on SSL certificates not having a place in Let's Encrypt and other similar changes. Trust shouldn't be coupled to the part of the network layer that deals with encryption.It was convenient to do that years ago, but a mistake.

To start with, reduce the number of TLDs

[robbak]

They went and created almost infinite registrars, when they made the ridiculous decision to allow people to register just about anything as a TLD. And now they are worried about people using all these TLDs to register scam sites with one of the new scummy registrars with those TLDs.

Their problem, theirs to fix. Move all those new non-country TLDs to whatever.sorryfromican.net.us until everyone drops them. Then you only need to monitor .com, .edu, .mil and .org (which you take away from the Public Interest R

More tech

[AHuxley]

Censorship.

If they merely...

[rnturn]

... killed off everything registered with the ".icu" TLD the amount of spam I receive daily would drop considerably. ("Entrepreneurs and business owners"? Ha!)