Netcraft published a report showing that criminals will use expensive domains for sophisticated schemes.
Netcraft published an analysis of cybercrime in the .ai namespace today.
.Ai is the country code for Anguilla and is popular because of artificial intelligence. This has driven a massive increase in registrations in recent years. According to Netcraft, since 2013, the number of .ai domains used by web servers has grown 12,523% from 913 to 115,245 domains. IP addresses and active sites have also increased, from 165 to 37,041 IPs and 647 to 112,600 active sites.
Netcraft also reports a similar surge in .ai domains it has blocked during this period. When I eyeball the chart, it seems that the growth in blocked domains has been much less than the growth in the number of domains used by web servers.
But this begs the question: since .ai domains are so expensive (about $60 per year), why are criminals using .ai domains instead of cheaper alternatives?
It’s undebatable that cheap domains (sub $1) attract all sorts of miscreants. If you’re going to spam people and use throwaway domains, you might as well spend a dollar on them rather than $10+.
Here’s what Netcraft has to say about that:
We suspect that criminals believe that the implied ‘legitimacy’ of .ai domains is worth the extra cost, as there is a notable proportion of purpose-registered .ai sites (particularly for cryptocurrency investment scams).
The hype surrounding AI over the last few years perhaps explains why victims are ignoring long-established conventions of ‘avoiding unknown links’, and instead are willing to click on .ai URLs. In the past year, there have been numerous legitimate AI products created (mostly from new/generic brand names), which means victims are getting used to seeing (and clicking on) .ai brands and URLs. The increasing familiarity of seeing domains that end in .ai – coupled with a curiosity about AI fuelled by months of media speculation – makes the .ai ccTLD attractive for cybercriminals.
I think the key here is “purpose-registered.” People aren’t going to register .ai domains for spamming, but if they can think of a sophisticated scheme in which a .ai might lend credibility, it’s worth the extra cost.
Netcraft’s report immediately made me think of a weird decision by the .ai registry in September. It started fining registrars for not taking down .ai domains when a complaint is received, assuming the registry disagrees with the registrar’s decision. It fines them even more if the registrant looks up the registry’s contact information and bugs the registry about the decision.
The registry’s notice of this fine noted, “In our experience Netcraft.com takedown requests have always been valid and we strongly recommend registrars comply with Netcraft requests.”
It wouldn’t surprise me if Netcraft talked to .ai about the growing prevalence of abuse and its plan to publish about it, which led to the policy change.