July 28, 2010

ICANN Touts DNSSEC As Tool to Fight "Internet Criminals"

"ICANN said the DNSSEC would eventually allow Internet users to know 'with certainty' that they have been directed to the Web site they sought. 'This upgrade will help disrupt the plans of criminals around the world who hope to exploit this crucial part of the Internet infrastructure to steal from unsuspecting people,' ICANN President and CEO Rod Beckstrom said in a statement."

Greetings. While the implementation of DNSSEC is certainly important, and the avoidance of DNS cache poisoning attacks is clearly very useful, ICANN's "Dragnet-esque" pronouncements about fighting crime strike me as highly ironic.

The simple fact is that "Internet criminals" have a vast array of tools in their arsenal to misdirect users, and few of these depend on cache poisoning or DNS manipulation.

Much of the crime is enabled by the fundamental design of the domain name registry/registrars ecosystem, which enables crooks to easily create and abandon completely valid "disposable" domains that are only used for short periods of time and cannot be reasonable tracked to their owners.

In fact, through their plans to unleash vast numbers of new Top Level Domains (TLDs) on the Internet -- perhaps hundreds in the first year -- ICANN will only be increasing the confusion of consumers and providing fresh juice for criminal operations. Most Internet users aren't calling for new TLDs -- they mainly think in terms of dot-com and that's unlikely to change any time soon. The main push for new TLDs is from would-be registry operators and their registrar cohorts,
who see the promise of big bucks from the rush of purely defensive domain registrations that occur when every new TLD opens.

So as far as I'm concerned, ICANN isn't winning the "Joe Friday" crime-fighter award any time soon.


Posted by Lauren at July 28, 2010 07:26 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein