General 1 — Cybercrime Information Center

Related Work

Related work by Interisle Consulting Group

Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access. Domain names that can be rapidly acquired, used in an attack, and abandoned before they can be traced are a critical resource for cybercriminals. Some attacks, including spam and ransomware campaigns and criminal infrastructure operation (e.g., “botnets”), benefit particularly from the ability to rapidly and cheaply acquire very large numbers of domain names-a tactic known as bulk registration. The use of bulk registration services to distribute attacks across hundreds or thousands of domain names in matters of minutes, coupled with ICANN policies that impede access to registration contact data, presents cybercrime investigators with the dual impediments of harder-to-pursue criminal activity and harder-to-obtain information about the criminals. Download the Executive Summary or the full Complete Report from Interisle Consulting Group, LLC.

Domain Name Registration Data at the Crossroads. This report measures the effectiveness and impact of ICANN's registration data access policies and procedures by examining the practices of 23 registrars, which collectively sponsor more than two-thirds of the registrations in the generic top-level domains (gTLDs). This study determines whether they comply with ICANN's policies and related contractual obligations, and also to the European Union's General Data Protection Regulation (EU GDPR). Find table of registrar scores from the report here.

WHOIS Contact Data Availability and Registrant Classification Study. This report presents an in-depth analysis of how contact data for Internet domain names–which make all web sites, email, and apps work–has disappeared from public access, impeding cybercrime investigation, consumer protection, Internet security, and online commerce.

Relevant cybercrime or cyberthreat research

Oest, P. Zhang, B. Wardman, E. Nunes, et al: "Sunrise to Sunset: Analyzing the End-to-end Life Cycle and Effectiveness of Phishing Attacks at Scale." Proceedings of the 29th USENIX Security Symposium, August 12–14, 2020. https://www.usenix.org/system/files/sec20-oest-sunrise.pdf

P. Foremski and P. Vixie. "Modality of Mortality in Domain Names: An In-depth Study of Domain Lifetimes." 2018. https://www.farsightsecurity.com/assets/media/download/VB2018-study.pdf

Maroofi, M. Korczynski, C. Hesselman, B. Ampeau, A. Dud, "COMAR: Classification of Compromised versus Maliciously Registered Domains." 2020 IEEE European Symposium on Security and Privacy (EuroS&P). http://mkorczynski.com/COMAR_2020_IEEEEuroSP.pdf and https://comar-project.univ-grenoble-alpes.fr/

G. Aaron and R. Rasmussen. Anti-Phishing Working Group: Global Phishing Survey series, 2008 to 2016. https://apwg.org/globalphishingsurvey

L. Metcalf, E. Hatleback, J. Spring. "Blacklist Ecosystem Analysis: 2016 Update." Software Engineering Institute, CERT Coordination Center, Pittsburgh, PA. March 2016. https://resources.sei.cmu.edu/asset_files/WhitePaper/2016_019_001_466029.pdf

A. Oest, Y. Safaei, P. Zhang, B. Wardman, et al: "PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists." Proceedings of the 29th USENIX Security Symposium, August 12–14, 2020. https://www.usenix.org/system/files/sec20-oest-phishtime.pdf

D. Piscitello, G. Aaron. "Domain Abuse Activity Reporting (DAAR) System Methodology". Internet Corporation for Assigned Names and Numbers (ICANN). November 2017. https://www.icann.org/en/system/files/files/daar-methodology-paper-30nov17-en.pdf