KnujOn calls out eNom for pharmacy sites.
Internet security research group KnujOn isn’t afraid to pick a fight. And its latest report (pdf) picks a big one, going after 162 domain name registrars including eNom, the second biggest in the world. It even says that eNom is an “active facilitator of illicit criminal traffic”. But that logic is based on the idea that everything illegal on the internet usually involves a domain name, and you should blame the registrar.
Before getting into the eNom complaints, KnujOn suggests that basically all ills of the internet start with illicit drug trade:
There are many types of threats on the Internet but our research reveals the heavy influence of diverted, altered, and counterfeit prescription drugs. In our estimation this is the number one threat to consumers and the Internet structure. Additional security threats like malware deployment, denial of service attacks, trademark hijacking, botnets, spam, WHOIS fraud, network intrusions, domain hijacking, Registrar corruption, and electronic money laundering are all tools of the global network of illicit drug traffic. Beyond the Internet this traffic impacts the health of the public while funding organized crime and terrorist groups.
That’s quite a claim. But here’s what KnujOn has to say about eNom:
These are therefore the facts. There are roughly 4,000 rogue Internet pharmacies violating the criminal laws specified above that are utilizing eNom’s registration services, more than any other Registrar by a factor of seven. eNom is aware of the illegal nature of these domains. eNom has been notified by the organization that represents pharmacy regulatory authorities about this problem, and has been requested to work with LegitScript, as other U.S.-based Registrars do, and non-U.S. Registrars who do business in the United States, to identify clearly illegal websites and suspend them in accordance with the RAA, UDRP and their own Terms and Conditions. eNom has failed to act.
And the group says eNom is thereby an “active facilitator” of illegal conduct:
Since December, 2009 eNom has transitioned from being a passive service provider to become an active facilitator of illicit criminal traffic, and possibly a knowing accessory, under the common definitions.
Is it fair to blame the registrar? To what extent should a registrar be involved in taking down these domains? It’s a legitimate question, but KnujOn says eNom needs to act:
No one is suggesting that eNom is a principal in these cases. However, without their sponsorship of domains, like canadianhealthcaremall.net, the illicit activity would not exist. So it follows that eNom is facilitating crimes committed by the owners of canadianhealthcaremall.net because eNom knowingly provides them with the means and opportunity to commit a crime. We have already established eNom has full knowledge of the crimes documented and from that day their inaction helps the criminals commit additional crimes and even evade detection through privacy services.
Seems a lot like the “Guns don’t kill people, people kill people” debate.
The report knocks eNom more, including how it operates “Acquire This Name” to sell company-owned domains. Although this has been known in the domain community for a while, I’m not sure why KnujOn labeled this as a “reseller” abuse.
George Kirikos says
Spot on. It’s a lot of grandstanding. See the discussions by Knujon at CircleID in the following two articles (especially the comments) and you can judge for yourself:
http://www.circleid.com/posts/20100504_when_registrars_look_the_other_way_drug_dealers_get_paid/
http://www.circleid.com/posts/20100601_registrar_abacus_america_is_in_corporate_delinquency/
ST says
It’s simple. KnujOn is not able to put any pressure on the registrants so they put pressure on the Registrars.
They cannot pressure the Registry like Verisign. So they got one option left.
In the case of Enom it is impossible to monitor all domain names registered or transfered thru them.
The debate is indeed the same like guns do not kill people, people do.
George Kirikos says
ST: That’s incorrect. There’s more than “one option left.” They can involve the police and the court system, if there’s a real crime happening. That’s due process. eNom doesn’t have to respond to the “claim” of just anyone. There are laws, and eNom is free to insist that people follow the correct process.
If I “claim” that someone at a certain IP address (say managed by Verizon) is infringing on a music copyright, sending out all the press releases in the world isn’t going to make Verizon or any other ISP do anything. You have to follow the correct process (i.e. a subpoena, go through law enforcement, file a DMCA, whatever).
Andrew Allemann says
A good number of the claims domain registrars receive are bogus.
or perhaps ? says
Who pays for NewJohn to do all this research. Pharmaceutical companies ? Let’s be open about this. Why not go after registrars and name the ones involved in CP or some other activities ?
ST says
Hi George,
I agree with your option but i assume that it is rather problematic since the problem is global based one. Registrars, registrants they reside in some cases not in the USA. Making it much harder.
Instead of having Registrars deal with the problem it shouldbe ICANN who should regulate.
Or go one level down to the registry.
Incase of an inaccurate whois and the registrant does nothing the registry can revoke the domain.
Course you cannot compare these cases but you catch my drift.
Now Registrars are enforced to police the internet. Personally i do not think that companies shouldbe tasked with this role.
IMO ICANN should pickup the ball here. With a few exceptions 99% of the Registrars would carry out any ruling that ICANN would make in matters like this.
No more hiding behind country laws. 3 strikes and the domain is locked by ICANN.
Still it won’t solve the problem cause they just register another domain name and since everyone in the world can register a .com or .net no questions asked.
Letting the Registrars deal with the problem is not the solution. Yet an easy target to put pressure on and claim victory while the problem does not get solved.
This year it is ENOM next year it is prolly some Russian acreditted ICANN registrar who willbe harder to put pressure on.
Charles Christopher says
Regarding whois issues the article fails to understand that sharing of EPP connections creates great complexity in the handling of whois.
Simple put you have seperate “whois authorities”, the sponsoring registrar and the registrar operating the pool but whos registrantions are not known to the sponsoring registrar. ENOM runs one of the larger drop pools, thus there are many different ways these whois issues are dealt with.
So I suggest KnujOn learn a little more about how registrars really work and contractually work together.
I’d go so far as to suggest if KnujOn REALL cares about these issues the CORRECT solution is to demand Versign implements a “thick” whois as does .ORG, .INFO, and virtually ALL other registries. I would fully support such an effort. KnujOn, are you up for a real solution?
Charles Christopher
CIO, PocketDomain.com
ICANN Accredited Registrar
George Kirikos says
ST: See comment #7 to first CircleID link I posted above. Microsoft went to a federal judge and got a court order to take down a botnet by killing its domains. That was the right way (the botnet operators were presumably located internationally).
As for “anyone” being able to register a domain, if one supports WHOIS verification (e.g. domains don’t resolve until the registrant is mailed via postal mail a PIN code, to activate it), that would greatly reduce the use of throwaway domains that are registered instantaneously. There’s a physical limit to real addresses that can be used, and it would help trace the “bad guys.”
Charles Christopher says
>Registrars, registrants they reside in some
>cases not in the USA. Making it much harder.
Domain Name Whois is required to be correct, otherwise the domain may be deleted. This rule exists NOW.
Force the COM/NET whois server to be centralized is the US based Versign. Verisign is contracted to save a copy of all EPP commands of all domain changes. This makes them the obvious centralization point for whois NOT ICANN. Further those stored modification commands allow unwinding thus producing a “whowas” service to trace domain whois changes.
Demand Versign implement a thick registry like most all other registries, centralizing the whois at THE REGISTRY, and most of these problems go away.
Charles Christopher
CIO, PocketDomain.com
ICANN Accredited Registrar
ST says
‘lo George. So MS is able to take down a whole botnet and we still face some sites that sells pills on the internet and nothing is being done…. Sounds like the MS approach works better..
Charles i agree. The registy does enforce a correct whois .
I see ICANN pick up whois cases and i see russians provide full whois info with.
“correct” scans of passports ..
Registrars provide the info to ICANN and case is closed ..
Nor ICANN nor the registrar can validate it.
Back to the case of MS.. This is where imo ICANN or the registry should jump in and make it clear.
In too many cases the registrar faces the music while doing the right thing where the registry overrules the action of the registrar. Once more it proves that the registrar should not be the judge and jury .
Groups like KnujOn put the blame on the registrars. While ICANN and the registries do nothing ..
If registrars would make like 90% profit on a domain name then it wouldbe a different ball game .. but it is more like a few cents . And yet this group has to deal with all the BS and gets the blame.
Groups like KnujOn hit easy targets and claim victory with the people who pay them money. And the real problem .. that goes not get solved at all.
Charles Christopher says
>Nor ICANN nor the registrar can validate it.
Your logic escapes me.
The whois requirement is for VALID ADDRESS AND PHONE contact infomation. In fact that is the very foundation of the required ICANN whois escrow system.
That contact info is used to send a letter of registration termination to the registrant UNLESS they respond.
Please explain to me, in detail, how a passport scan is used to intercept said physical mail?
Thank you
Charles Christopher
CIO, PocketDomain.com
ICANN Accredited Registrar
Charles Christopher says
>Regarding whois issues [KnujOn] fails to
>understand that sharing of EPP connections
>creates great complexity in the handling of
>whois.
My appologies for my wording. I incorrectly said “the article” but intended to reference KnujOn. I’ve corrected my paragraph as above.
Again, my appologies.
Charles Christopher
CIO, PocketDomain.com
ICANN Accredited Registrar