Feeds

Notorious registrar gets deactivation notice for president's sin

RIP EstDomains

Securing Web Applications Made Simple and Scalable

EstDomains, a domain name registrar with a reputation for catering to cyber criminals, suffered another blow after the organization that oversees the net's address system said it would revoke the company's right to sell domain names because of a recent fraud conviction in Estonia of its president.

In a letter addressed to EstDomains President Vladimir Tsastsin, an official with the Internet Corporation for Assigned Names and Numbers said EstDomain's registrar accreditation would be revoked on November 12.

"This termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction," Stacy Burnette, ICANN's director of contractual compliance, wrote. ICANN rules permit the group to terminate registrars who have officers or directors convicted of a crime related to financial activities, she said.

An EstDomains representative said the group was working to block the move.

Tuesday's letter (PDF) is the latest black eye for EstDomains, which has been sharply criticized by many security experts for registering domain names used in phishing, spam, malware, and the sale of drugs that are illegal in some countries.

Last month, a company that provides software used to shield the identity of domain name owners said it was cutting off EstDomains because a high percentage of its customers used the anonymizing service to register websites that engaged in cyber crime. Three weeks later, network provider Intercage, struggling with its own reputation as a haven for cyber criminals, terminated its contract with EstDomains and its sister company EstHost.

Throughout the entire controversy, principals with EstDomains and EstHost have maintained they do not knowingly allow customers to run illegal websites.

"We don't provide the service for spammers/phishers etc, and we never did," Konstantin Poltev, registry liaison for EstDomains, wrote in an email to The Register on Wednesday. He said officials with the company were appealing ICANN's move on several grounds. For one, Tsastsin hasn't been a director or officer of EstDomains since June. And for another, the February court record, which was reported here by Brian Krebs's Security Fix blog, has never taken effect.

"The document the ICANN is referring to, is the decision of the Circuit court, or, in other words, the court of the first level, which has never been enforced and will never be," Poltev wrote. "95% of all criminal cases in the Circuit courts of Estonia end with bringing in a verdict against a defendant, however in most cases the decision of the Circuit court is pushed to Supreme court for review, end up with the final decision of a Supreme court in favor of a defendant."

Over the past few months, as a flurry of negative reports and news articles cast EstDomains in a harsh spotlight, the company has grown more responsive to reports of abuse, one critic said.

"They started dumping anything we'd tell them about and it almost seemed like it was out of a panic," said Garth Bruen, part of a two-man outfit called Knujon that is dedicated to clamping down on registrars that enable phishing and the sale of steroids and other drugs that are illegal in the US and many other countries without a prescription.

ICANN is already preparing for the transfer of some 281,000 domain names under EstDomains' management. The registrar is free to recommend an ICANN-accredited agent to receive a bulk transfer, or qualified registrars may volunteer under established ICANN procedures. It will be interesting to see what companies, if any, agree to take on a customer base with such toxic reputation. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.