Canada’s Internet domain registry is one of a number of organizations banding together in a non-profit group to try to put a dent in the number of criminals abusing the domain name system.
The Canadian Internet Registry Authority (CIRA), which oversees the .ca domain, Facebook Verizon, VeriSign, Enom, Name.com, CrowdStrike, the Anti-Phising Working Group (APWG) and others officially launched the Secure Domain Foundation today to fight cybercrime.
The weapon is a database of banned people that domain registrars and Web site hosting providers can check for phony information or known data abusers before giving out domain names.
“We’re not making it impossible” for criminals to get registered, Chris Davis, a founder and president of the foundation, who is also director of partnerships at security vendor CrowdStrike, said in an interview, “but we’re raising the bar and making it a little harder for these bad guys to operate.”
News of the foundation’s operational launch was announced in Singapore where the Internet Corporation for Assigned Names and Numbers (ICANN) is having a major conference.
“The services offered by the Secure Domain Foundation provide organizations in the domain name industry, like CIRA, with reputation information that makes it easier for us to identify those bad actors during the registration process for new domains,” Jacques Latour, CIRA’s director of IT, said in an email.
“For CIRA, this service enables us to ensure that .CA continues to be one of the world’s most trusted top-level domains.”
The foundation was actually created two years ago when Davis and friend came up with the idea of a database that allows users to get the equivalent of a credit score based on the security reputation and contact data validation of those applying for domain names.
Domain names can used as command and control centres for malware.
If an applicant for a new account, record update or domain registration has a bad score, the agency would think carefully about granting approval.
“Lots of bad guys are registering thousand of domain names every day to control bonets, distribute malware or attack people’s computers,” Davis said. “Most of the registrars don’t have an ability to verify data given to them by security researchers. Some didn’t think it was their problem to shut down domains — they’d say ‘go talk to the hosting company’.'”
Even if a domain registry or hosting provider turned down a suspicious application, the person would try another.
The foundation oversees the database for validating information from domain applicants including postal address, phone number and email. If a piece of information isn’t valid that’s noted in the database.
That database now has over 7.5 million email addresses, over 100 million malware records and information from the Who.is search domain Web site. Davis hope to expand that with bad IP addresses and other information from hosting providers who would contribute their knowledge when joining the foundation.
The foundation does have to be careful on screening members: There are some “malicious” registrars and hosting providers, Davis said, who won’t get in. Some may be “de-peered,” he added.
Davis believes the foundation has a good start with the inclusion of Enom, the second largest domain registrar in the world next to GoDaddy — and he’d like to have GoDaddy become a member.