Conmen in eye of Ernesto

With tropical storm Ernesto now blowing off the coast of Florida, Internet security experts are warning that fraudsters may be hard at work claiming Ernesto-related Web site domains.

On Tuesday, 18 domains related to the storm became live, said Johannes Ullrich, chief research officer at the SANS Institute. They include such names as, and Ullrich’s Web posting on this topic can be found here:

Scammers began cashing in on natural disasters in a widespread way following the December 2004 earthquake and Tsunamis that killed hundreds of thousands in southeast Asia, Ullrich said.

Last year there were reports of large-scale fraud in the weeks after Hurricane Katrina devastated New Orleans and parts of the U.S. Gulf Coast. In September, the U.S. Federal Bureau of Investigation warned that more than half of the Hurricane Katrina aid sites that it had reviewed were registered to people outside of the U.S. and likely to be fraudulent.

SANS saw about 1,000 Katrina-related domains registered in the wake of Hurricane Katrina, Ullrich said. The majority of these domains were set up for what he called “domain parking,” an attempt to make money by placing ads on a Web site that surfers seem likely to stumble upon., for example was registered by Julian Luby a graduate student in Portland, Oregon, who said he registered between 30 and 50 Ernesto-related domains, beginning Sunday. Luby registered the domains for the dual purposes of providing information on the storm and raising money for a group of social networking sites he is developing.

Luby, who also registered the and sites, has listed many of his domains for sale, asking from US$400 to $1,000 per domain. He is also maintaining a blog of Ernesto-related news on some of the sites.

On one day shortly after Hurricane Katrina made landfall, more than 400 Katrina-related domains were registered.

Ultimately dozens of the sites proved to be fraudulent, and Ullrich is worried that this pattern may repeat itself with Ernesto.

However, it seems unlikely that Ernesto will attract the attention of Katrina, which was one of the worst natural disasters in U.S. history. By Tuesday, the National Hurricane Center had downgraded Ernesto from hurricane to tropical storm.

“It doesn’t look like Ernesto will amount to much, so I don’t think we’ll see much in terms of domain fraud,” Ullrich said. But this is a pattern he expects scammers to repeat as other storms form during this 2006 hurricane season. “Basically they’re waiting for the right hurricane to come around,” he said.

In any case, anyone looking to register Ernesto domain names may already be late to the game. The U.S. National Weather Service publishes its list of hurricane names years in advance, and many scammers have pre-registered their fraudulent sites, according to Rich Miller, an analyst with Web site tracking service Netcraft Ltd. “A lot of the premium names are long gone,” he said.

That list of National Weather Service’s list of hurricane names can be found here:

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now