In a hard-hitting report, ‘Review of Illicit Registrar 2010’, KnujOn has revealed alleged illicit practices of at least 162 Registrars who could be benefiting from significant financial returns from their complicity. Particular attention has rested on eNom:
"... they sponsor more illicit pharmacy than the next 'top five' pharmacy-sponsoring Registrars combined".
There are roughly 4,000 rogue Internet pharmacies violating the criminal laws specified above that are utilizing ‘eNom’s’ registration services, more than any other Registrar by a factor of seven, KnujOn claim. eNom is aware of the illegal nature of these domains. eNom has been notified by the organization that represents pharmacy regulatory authorities about this problem, and has been requested to work with LegitScript, as other U.S.-based Registrars do, and non-U.S. Registrars who do business in the United States, to identify clearly illegal websites and suspend them in accordance with the RAA, UDRP and their own Terms and Conditions. eNom has failed to act’.
Jart Armin, security analyst and editor of HostExploit, has obtained an exclusive interview with Garth Bruen, one of the authors of KnujOn’s report, which has been receiving a great deal of media attention.
In an initial response to KnujOn’s findings, Quinn Daly, senior vice president, Corporate Communications at eNom (Demand Media) said:
"eNom is the largest domain name wholesaler and we take this responsibility very seriously. We cooperate with multiple law enforcement agencies, as this is our policy and meets ICANN requirements. Customers suspected of using eNom products and services for illegal purposes are investigated and appropriate action is taken.
"In this case, LegitScript and KnujOn do not represent law enforcement. LegitScript is a pharmacy trade organization, and KnujOn is an individual whose research has been called into question in the past.
"We can confirm that we received the complaint issued by LegitScript and KnujOn, and the complaint is currently under review."
In a direct reply Garth exclusively said:
‘eNom (Demand Media) has issued a weak and irrelevant response to the KnujOn Registrar Audit. This response is actually the first time eNom has responded to any of our concerns about illicit pharmacy domains they sponsor, and they were initially sent comprehensive data six months ago. It is important to note that eNom does not refute any of our facts in the report concerning their sponsorship of illicit and illegal pharmacies linked to organized crime and dealing in diverted and counterfeit drugs all without prescription. Instead, they have responded with personal ad hominem attacks which are factually incorrect. It is a common tactic, if you cannot challenge the data attack the author.
"This is Senior Vice President of Demand Media Quinn Daly’s comment about KnujOn: 'KnujOn is an individual whose research has been called into question in the past.' KnujOn is a company not an individual, and Ms. Daly does not provide a single example of what she claims. This is their characterization of LegitScript: ' LegitScript is a pharmacy trade organization.' Wrong. LegitScript works for the consumer to ensure that online pharmacies are safe. The idea that Ms. Daly completely dismissed LegitScript demonstrates eNom’s lack of concern about rampant criminality occurring in their space and their lack of concern for the Internet consumer. This is at the heart of our issue with eNom, they don’t care."
As a background to this important news we have summarized KnujOn’s report:
‘Illicit Internet product traffic’ occurs through abuse of the Whois privacy service with covert registration of domain names and related products. Domain registrars provide the perfect vehicle for this type of operation whereby organized gangs of cybercriminals can pedal their nefarious and illegal ‘pharma’ products. Under the protection of, and in some cases, as a business partner of, domain registrars, criminals are provided with the essential resource of an online transaction platform. Without this means illicit traffic would fail. The product could be one of several, i.e. pirated software, consumer knockoff products or in this case, illegal drugs with similar issues surrounding each. However, the underground pharmacy market is particularly nasty with potentially fatal outcomes. It is more than lifestyle drugs such as Viagra or Cialis with tainted and completely fake drugs sometimes containing nothing more than chalk for sale without a prescription for conditions including heart problems, high blood pressure, cancer, diabetes and AIDS. KnujOn believes that this constitutes the number one threat to consumers and the Internet structure. The global network of illicit drug traffic uses malware deployment, denial of service attacks, trademark hijacking, botnets, spam, WHOIS fraud, network intrusions, domain hijacking, Registrar corruption, and electronic money laundering as its tools of the trade while, furthermore, impacting the health of the public at the same time as funding organized crime and terrorist groups.
All of this is made possible by the valuable asset that Registrars hold – domains. Domains underpin all the online shops, content/image servers,’ NameServers’, customer service sites, mail servers, newsletter/blog sites, transaction sites, and click-through advertisement processing that provide online drug traffickers the means to ply their trade. Weak policy, improper oversight, ineffective enforcement tools, and missing demand for accountability among service providers allow these practices to persist. Registrars are failing in their duty to the consumer with consistent abuses of their Registrar Accreditation Agreement (RAA) with ICANN. This can be in the form of WHOIS abuses, fees and deletion policy abuse, non-compliance with reseller obligations, invalid privacy services or many other forms of supporting an illicit traffic network.
One particular highlighted case is that of ‘Namecheap’, shown to be an illicit reseller for ‘eNom’. ‘Namecheap’ hosts many unlicensed online pharmacies and is representative of ‘some of the most troubling illicit activity in terms domain name abuse and misuse of privacy services’ through a carefully planned scheme whereby the domain owner remains completely anonymous and unaccountable.
The most commonly stolen and illicitly trafficked online drugs are ‘Viagra’ and ‘Cialis’ for erectile dysfunction. Several months of tracking domain names linked to the ‘viagra’ name found that most registrations were through ‘eNom’. Even more worrying is an ‘intelligent’ additional tool that ‘eNom’ provides that returns related drug alternatives to queries such as ‘viagra’ indicating that the theme or type of product the customer wants is understood. From here it is only a short step to blocking trademarks with trademark infringing domains the only returned options. With such a service a Registrar would become an accessory to cybersquatting and any trademark holder suing a Registrar ‘would be wise to demand statistics of registrations made from these interfaces during discovery’.
‘GlavMed’ has been shown by several leading security analysts to be amongst the largest of the illegal Internet drug trafficking networks in the world. It belongs to the group of ‘Canadian Pharmacies’ with its network controlled from Russia and with drugs from Turkey and Thailand . KnujOn traced spam for’ GlavMed’ back to ‘eNom’.
The big question remains unanswered, how much registrar income is generated from illicit online pharmacy domains? Without an answer the basic integrity of the Internet is at stake. With more than one case in example KnujOn has illustrated how ‘eNom’ is guilty of ‘Acting in a Manner that Endangers Stability’ and is, therefore, non-compliant of RAA 5.3.6. Any criminal charge and, or, accreditation of ‘eNom’ could potentially throw ICANN, the whole online business world and domain consumers into chaos.
This is a brief overview of KnujOn’s report. There are many more in-depth examples of Registrars’ and 'eNom’s' association with illicit online practices in the full report found here.
|< Prev||Next >|
Recent Articles by Jart Armin :
World Hosts Report - September 2013HostExploit is pleased to present the September 2013 World Hosts Report. Download...
World Hosts Report - March 2013HostExploit is pleased to present the March 2013 World Hosts Report, in collaboration...
White Paper: The New gTLDs – Security by DesignCyberDefcon has released a new white paper, The New gTLDs – Security...