I'm not even sure how to begin this post, but let me tell you—my head explodes when I try to contact WHOIS "contacts" about criminal activity—FAIL.
I think ICANN wants to do the right thing here, and has stated on multiple occasions that inaccurate WHOIS data is reason for registrar termination. That's a Good Thing.
I'm assuming that the various RIRs also have a similar policy, but admittedly, I'm not sure (and it's late and I don't feel like looking up each of the RIR policies on it) and experience has proven to me that criminals don't adhere to registrar/RIR policies—they don't care, and we seem to pretty much let them get away with it.
Are we just stupid, and they are smart?
No, we are stupid.
No one in the policy-making bodies has seemed to have discovered this fact yet, and continue to allow criminals free reign.
This has got to stop.
I wrote a blog article earlier this evening for my company's blog, singling out Turkey.
Having said that, I didn't necessarily want to single out Turkey, but it just so happens that I spent an unacceptable amount of time trying to find 'someone who cares' in Turkey to mitigate some Eastern European criminal activity that we have observed.
Now, this is not a unique experience, but it is exemplary of the issues that we face—we cannot get the attention of the rsonsile parties to mitigate criminal activity.
How do we fix this?
Seriously. How do we fix this?
I find this very, very disturbing—and the criminals find comfort.
We have to change this. Immediately.
But first, we have to find people who actually give a damn, and that is proving harder and harder.
Shame.
Written by Fergie, Advanced Threats Researcher, Emerging Threats & Operational Intelligence
Follow CircleID on Twitter
More under: Cybercrime, ICANN, Internet Governance, Policy & Regulation, Security, Whois