Security threats Toolkit

ICANN under fire for dodgy domains

Tags:
Database,
Privacy,
Whois,
Cybercrime

Greg Sandoval CNET News

Published: 08 Dec 2005 09:40 GMT

More than 8 percent of all Internet domain names are registered with false or incomplete information, according to a US government study into the prevalence of phoney Web sites.

The study, released Wednesday by the US General Accountability Office, showed that 2.31 million domain names, or 5.14 percent of all domain registrations, have been registered with information "obviously and intentionally false" (such as a (999) 999-9999 telephone number, the report says). The GAO also found that 1.6 million, or 3.6 percent, contained incomplete data in one or more of the required fields.

The report drew a response from Representative Lamar Smith, chairman of the Subcommittee on Courts, the Internet and Intellectual Property.

"Vendors unwilling to identify themselves publicly are more than likely fraudulent," Smith, a Republican from Texas, said in a statement released on Wednesday.

Smith concluded that the ICANN, the standards body for Internet domain names, is failing to "weed out such fraudulent identifications".

The rise of phishing scams has prompted Congress to investigate. In such fraud schemes, Internet thieves lure consumers to counterfeit Web sites to dupe them out of vital information such as credit card numbers and passwords. Roughly one in four US Internet users have been targets of phishing attacks, according to a study conducted by Time Warner.

Contact information for operators of Web sites is publicly available through the Whois Internet service. Data from Whois could help law enforcement officials track down Internet criminals — provided it's accurate.

The GAO said that ICANN is now requiring registrars to investigate and correct any reported inaccuracies in contact information. The Internet group continues to assess the operation of the registration process and look for ways to improve accuracy, according to the agency's report.

Attempts to reach an ICANN representative were not successful.

This is not the first time ICANN has been called on to monitor the accuracy of its registrations more closely. A study three years ago found that ICANN policies encouraged but did not require registration organizations, such as VeriSign or Go Daddy, to verify information from people who have submitted false information. It recommended that ICANN change those policies.