WS #146 Domain Name System Abuse – Defined and Experienced

Summary

This panel discussion focused on defining and addressing domain name system (DNS) abuse, exploring its impacts on consumers and brands. The panelists discussed the need for a broader definition of DNS abuse that goes beyond technical issues to include deceptive, malicious, or illegal activities. They shared examples of DNS abuse, including phishing scams, counterfeit product sales, and impersonation of legitimate businesses or individuals. The discussion highlighted how bad actors exploit domain names to create convincing fake websites that trick consumers into sharing personal information or making fraudulent transactions.

Panelists emphasized the challenges in quickly taking down abusive websites, noting that current processes can be slow and ineffective. They stressed the importance of having accurate “WHOIS” data to identify those behind abusive domains. The discussion touched on the role of registrars, registries, and ICANN in mitigating DNS abuse, with some panelists calling for stronger accountability measures. Participants also highlighted the need for consumer education and awareness to help people recognize potential scams.

The conversation explored how DNS abuse affects various sectors, including finance, pharmaceuticals, and e-commerce. Panelists shared experiences from different regions, including Egypt and Cameroon, demonstrating the global nature of the problem. The discussion also touched on emerging challenges, such as the use of AI and deepfakes in creating more sophisticated scams. Overall, the panel emphasized the need for collaboration between brands, governments, and internet governance bodies to combat DNS abuse effectively and protect consumers in the digital space.

Keypoints

Major discussion points:

– Defining DNS abuse more broadly to include deceptive, malicious, and illegal activities beyond just technical abuse

– Challenges in quickly taking down harmful websites and domain names due to limited enforcement mechanisms

– Sophisticated scams and fraud targeting consumers, including phishing, counterfeit goods, and impersonation

– Need for better tools and policies to identify bad actors and remove harmful content

– Balancing enforcement against abuse with protecting legitimate speech and websites

The overall purpose of the discussion was to highlight the growing problem of DNS abuse and harmful online activities, and to advocate for broader definitions and more effective enforcement mechanisms to protect consumers and brands.

The tone was generally serious and concerned about the issues being discussed, but also constructive in proposing solutions. There was a collaborative spirit among the panelists and audience in sharing experiences and ideas. The tone became slightly more urgent when discussing specific harmful examples, but remained professional throughout.

Speakers

– Alexis Crawford Douglas: Partner at K&L Gates law firm, intellectual property practice focused on combating cybersquatting, online infringement, and domain name system abuse

– Tara Harris: Group IP lead at Prosus, manages IP risk and protects/enforces IP assets globally, including online brand protection

– Daniel Zani: Global head of online brand protection at Avion, intellectual property lawyer, former FIFA IP team leader

– Sameh Salem: Executive director of emerging technology and security at Egyptian Computer Emergency Response Team, professor of cybersecurity at Helwan University

– Audience: Various audience members who asked questions or provided comments

Additional speakers:

– Keith Drazek: Representative from Verisign, registry operator for .com and .net

– Nick Wendman-Smith: General counsel for Nominet, the .UK CCTLD registry

– Andrew Campling: From 419 Consulting, DNS enthusiast

– Charles: Representative from .cm (Cameroon) ccTLD

– Thuy: Representative from .vn (Vietnam) domain

DNS Abuse: Evolving Threats and Challenges in the Digital Landscape

This panel discussion brought together experts to explore the complex issue of Domain Name System (DNS) abuse and its impact on consumers and brands in the digital space. The conversation highlighted the evolving nature of DNS abuse, challenges in combating it, and potential strategies for addressing these issues.

Defining and Understanding DNS Abuse

A central theme was the need to broaden the definition of DNS abuse beyond traditional technical issues. Alexis Crawford Douglas argued that ICANN’s narrow definition limits the ability to address a wider range of harmful activities. However, an audience member raised concerns about potential censorship, highlighting the delicate balance between consumer protection and freedom of expression online.

Types and Impact of DNS Abuse

The panelists shared various examples demonstrating the wide-ranging impact of DNS abuse:

1. Sophisticated Scams: Daniel Zani noted that scammers now use AI to create convincing fake websites within minutes, making detection challenging. He provided an example of a FIFA.gg domain used for fraudulent activities.

2. Counterfeit Products: Tara Harris highlighted the sale of counterfeit products online, including dangerous items like fake anti-choking devices.

3. Impersonation: Scams involving the impersonation of company executives for fraudulent investment schemes were discussed.

4. Fake Pharmacies: Dr. Sameh Salem pointed out the dangers of fake online pharmacies selling harmful counterfeit medicines.

5. Financial Fraud: Dr. Salem provided examples from Egypt, including a major online fraud operation linked to a mobile application and fake Apple stores.

Challenges in Combating DNS Abuse

Key challenges in effectively addressing DNS abuse include:

1. Speed of Response: Complex processes can delay takedowns of fraudulent websites.

2. Lack of Accurate Data: Tara Harris emphasized that insufficient WHOIS data hinders quick identification of bad actors.

3. Technological Sophistication: The use of AI and deepfakes in creating scams complicates detection.

4. Resource Disparities: Smaller companies often lack resources to combat DNS abuse effectively.

5. Mixed Alphabet Domains: Andrew Campling raised the issue of mixed alphabet domain names being used to create deceptive websites.

6. Privacy Concerns: Alexis Crawford Douglas noted the difficulty in proving phishing without compromising consumer privacy.

Strategies and Solutions

Proposed strategies for addressing DNS abuse include:

1. Proactive Monitoring: Tara Harris advocated for proactive domain monitoring and quicker takedown procedures, mentioning the concept of “fish kits” for detecting patterns of abuse.

2. Consumer Education: Dr. Salem stressed the importance of awareness campaigns.

3. Leveraging Technology: Using AI and emerging technologies to detect malicious activity more effectively.

4. Policy Changes: Keith Drazek highlighted recent ICANN policy changes giving registries and registrars an affirmative obligation to mitigate online harms.

5. Targeted Approaches: Nick Wendman-Smith cautioned against overly broad rules to avoid unintended consequences for legitimate websites.

6. Cross-Sector Collaboration: Dr. Salem suggested increased collaboration between brands, governments, and platforms.

7. Increased Friction: Andrew Campling proposed building more friction into the system for domains not linked to real persons or legal entities.

Regional Approaches

The discussion included insights on regional efforts to combat DNS abuse:

1. Egypt: Dr. Salem described efforts to combat online fraud, including arrests related to a mobile app scam and addressing fake Apple stores.

2. Cameroon: An audience member shared how the .cm ccTLD mitigates domain name misuse through strict registration policies and monitoring.

Unresolved Issues and Future Directions

Several issues remained unresolved:

1. Balancing broad definitions of abuse with protecting legitimate speech and content.

2. Establishing best practices for quickly identifying and taking down abusive sites across different TLDs and jurisdictions.

3. Effectively combating sophisticated scams using AI and deepfakes.

4. Addressing the lack of accurate WHOIS data while maintaining privacy protections.

5. Supporting smaller companies without trademark protection in combating abuse.

The panel concluded with a call for continued dialogue and collaboration among stakeholders to develop more effective strategies for combating DNS abuse. The complexity of the issue demands a nuanced approach that balances consumer protection, technological innovation, and the preservation of legitimate online activities.

Alexis Crawford Douglas: testing. Okay. Cool. Can we get started? All right. Hi, everyone, and welcome to domain name system abuse, defined and experienced. Today we’re going to be discussing the definition of domain name system abuse, and our panelists will share their experiences with these issues. Our discussion is going to be guided by hypothetical situations, loosely based on experiences we’ve faced in our daily work, but firmly grounded in the reality of the exploitation of consumers and brands that’s happening online. To give you an introduction to our panelists, we have to my right, Tara Harris, the group IP lead at process, where Tara spearheads the group’s IP strategy, manages IP risk, and in terms of IP, too many acronyms here, intellectual property risks and protects and enforces intellectual property assets across the globe, including managing the group’s online brand protection program. And process is part of NASPERS, a South African multinational global consumer internet group, and one of the largest technology investors in the world. Next to Tara, we have Daniel Zani, who is I’m skipping ahead, the global head of online brand protection at Avion. He’s a highly experienced intellectual property lawyer with bar qualifications in Germany and the United States, who spent over ten years at FIFA, where he led the intellectual property team and the online brand protection for the World Cup tournaments. Right now, Daniel is a partner at Avion, and he leads the Switzerland office, serving as global head of online brand protection there. And online, I think we have Dr. Sama Salem, somewhere maybe, hopefully, the executive director of emerging technology and security at the Egyptian computer emergency response team. and a professor of cybersecurity at the Faculty of Engineering at Helwan University in Egypt. And Dr. Sameh is passionate about fostering innovation while ensuring digital safety. I’m Alexis Crawford Douglas, a partner at the global law firm of K&L Gates, where my intellectual property practice includes helping clients combat cyber squatting, online infringement, and the domain name system abuse that we’re going to be talking about today. So I have firsthand experience with these issues, as do all of our panelists. But the reason that we’re here outside of our daily jobs is that three of us on this panel, myself, Tara, and Daniel are all members of the International Trademark Association, which is an association of brand owners and professionals dedicated to supporting trademarks at complementary intellectual property. And one of our missions as part of that organization is to identify trends and practices online that impact intellectual property holders and ultimately, really, everyday consumers. It’s not just about brands and making money. It’s about the people at the end of those experiences. And that’s a lot of what we’re going to talk about today. And to this end, Intel put together a definition of domain name system abuse that seeks to hold registrars, registry operators, and registrants all accountable for a wider range of harmful activity that’s making it, and also to make it easier for companies, governments, and consumers to stop this activity online. So we have, you know, some of the objectives here for this program, and we’ll go through the definitions very quickly, not to bore you, not to put you to sleep, but I think it’s important to talk through these definitions and show why it’s not enough and how the examples that we’re going to speak about really touch on why there needs to be more protection and policies in place. The slide clicker is not working. Can you just go to the next slide for me? The next one. Two more after that, I just kept talking through the slides. So keep going. Go ahead. This one right here. You can stop. Go back one more. Thanks. All right. So some of the common definitions of DNS abuse are, one of them is the EU Commission study that DNS abuse, domain name system abuse, is any activity that makes use of domain names or DNS protocol to carry out harmful or illegal activity, which can be a wide scope of activities, right? In contrast, ICANN and the new registry agreement that was amended this past summer narrowly defines DNS abuse as malware, botnets, phishing, farming, and spam, but when spam serves as a delivery mechanism for other forms of DNS abuse, these are very highly technical definitions and narrow definitions of what constitutes DNS abuse, and we’ll talk today about a broader definition. The other two, ICANN’s business constituency gave a somewhat broader definition that also included trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law. We’re going to take that and narrow it a little bit more because that’s broad, but I think if you can flip to the next slide, please. INTA adopted a resolution, a board resolution in 2023 to give a definition of domain name system abuse that is simpler and I think easier to understand, but also broad. It’s any activity that makes or intends to make use of domain names for the domain name system protocol or any digital identifiers that are in similar or informer function to domain names because now, you know, you know, everything is included, to carry out deceptive, malicious, or illegal activity. And these three types of activity is what we’re gonna talk about today in our examples. Bad behavior online, to put it simply. So why do we care about these definitions? There’s a lot of harmful behavior that’s happening online right now affecting the general public, and there are not mechanisms for stopping it, easy mechanisms for stopping it. I’m gonna kick it over to Daniel to talk about where we started with domain name systems abuse and kind of where we are now.

Speaker 1: Hey, thank you. So kind of old school domain name system abuse, probably a lot of you have heard the term of cybersquatting, in essence, registering a domain name that is linked to a brand where you’re the first one to do it, right? So you’re earlier than the brand could register it. Let’s say it’s a .com. And as an example, you have the .com, but then for a different TLD, the brand is registered by somebody else, normally with the goal to sell it back to the brand. Now, one could easily argue and say, well, what’s wrong about that, right? I’m just using the system. That’s what the system is. I am leveraging that fact, supply and demand. Of course, brands, on the other hand, that have trademarks, invested a lot of their brands in the good faith, might disagree. And if that was done for that specific purpose, so in bad faith, registering a domain, there are mechanisms like the UDRP to get the domain back by the brand owner. An example of what this is, for example, out of my practice. when I was at FIFA. FIFA started to do a lot in the gaming world, in the eSports world, and in the eSports world, a typical TLD that is used is .gg, which is the channel islands Guernsey and Jersey. Now .gg also stands for good game. It’s a term that’s used by gamers as, you know, wrapping each other up. So somebody had registered FIFA.gg. Now the FIFA eSports team wanted to use that domain. Don’t you want to buy this, etc. Then there was an exchange and the person that owned the domain, which was also not clear who it was, of course, because due to privacy it was not obvious, then said, well, we did some valuations and for 17 million dollars you can have this. That was not really what the company thought the value was and clearly higher than any out-of-pocket expense that the person ever ever paid. So, you know, an administrative procedure was started, an arbitration before the GG arbitrary commission, it’s actually one person in Guernsey that administers it, and in the end after the decision that was rendered the domain was signed over to FIFA. Now that is really not what we’re typically talking about today anymore when it’s about domain name abuse. These are things sometimes I think some brand owners may even say of the past because some brands don’t even really care about domain names that much anymore. A lot of people just go and search, right, like who plucks in a domain name. Often that doesn’t happen that much anymore. So brands are now more faced with situations where domain names that contain their brands are used for fraudulent activity, for scamming. scams, et cetera, that, in essence, don’t only affect them, but much more affect the consumers. But for consumers, it’s often very hard to go after something like that. If you’ve been scammed online and you go to your local police station, well, mostly good luck with that. Either they throw up their hands, they’re like, I don’t know what to do with this, or you file the report and it goes nowhere. But brand owners are in a position often to leverage their brand, their trademarks, and to file for, or to use the mechanisms available with the players in the field to get content taken down and whatnot, and thereby also help consumers being protected. And that was just, I mean, the start into it to say that I think the issues nowadays are much, much broader than what initially DNS abuse was conceived to be.

Alexis Crawford Douglas: Thanks Daniel. And so now we’re going to go into some of those examples. It’s really hard to hear yourself while you’re talking. Some of these concrete examples that show what’s happening, the issues, and that there’s not simple ways to combat any of this. So one of the hypotheticals that we have come across in this last year based, and several of us on the team, I think, have dealt with this in different capacities. Let’s say there’s a domain name that was registered with a typo of a bank or other financial institution’s name. Too many letters, missing a letter, something a little bit off from the brand owner’s name. The bad actor sets up a website with the financial institution’s name and logo at the top. They show a login portal where you can put your account number and password. And the bad actor contacts people, acting as though they’re from the financial institution, points to that deceptive website that they were able to register, uses deep fakes to communicate with the target. And over months and weeks, a relationship of trust is formed and the consumer makes a money transfer to the wrong party without realizing it. If a follow-up call is requested to ensure the transfer is genuine, the call is accepted at a fraudulent call center, these are not made-up actions. These are things that we’ve all seen. And if cryptocurrency was used, trying to track that illegal transfer is completely impossible because someone’s own bank doesn’t know, you know, the money’s not traceable. The consumer tries to get their money back and then blames the trademark owner or the company, the brand owner for that loss and comes after them and is complaining about them. And so I think to ask our panelists to weigh in, how have you seen maybe examples similar to this and what have you done to stop it?

Tara Harris: Hi. Hi. Is this on? Oh. Hi. So one of the big issues we have is with one of our classified platforms. And so I’m sure many of you shop online and a lot of the platforms will offer delivery services. And so what we see sometimes is scammers going on and putting fake content on the platform and then using it to lure people in. And then they send them a branded page where they can insert their credit card information. And of course, there’s no product and the scammer now has the information. And this, of course, is very damaging. People don’t trust the platform, but also, more importantly, people are losing money. And as Alexis says, the police don’t always, there’s nothing really they can do. So as a brand owner, what do we try and do to try and help the consumers? We try our best to educate them. We warn them. We put various things on our website to say that you should only use our portals to speak to people. But of course, that doesn’t always work. We also spend a lot of money trying to. to conduct, you know, daily domain name monitoring to try and catch anybody that’s registering our brands in these websites, so in these domain names that we can try and forecast them as soon as content goes down. So that is some of the things that we see.

Speaker 1: Hello? Yes. So another example that we had quite a lot, especially in 2022 and in the buildup to the World Cup where there would be a lot of job postings online with the FIFA logo, with the logo of the World Cup offering positions, right? Often targeted at countries like Bangladesh, Nepal, where also a lot of the migrant workers that worked in Qatar came from, and soliciting applications for jobs that didn’t exist. These actors had nothing to do with the organization or with any recruitment agencies that were actually working for the company or for the World Cup. And that then not only solicited the information, but to progress the application to pay money. And, you know, one could say, and this goes back to, I think, something we heard during these days a lot, online literacy, right? You, especially if you’re kind of newer to the internet, you might think, oh, this is just the way it’s done, right? And you believe that, while others might say, well, who would really think it works that way? But a lot of people actually did send money. Often, these are not large amounts for somebody maybe in a Western country, but 100, $200 is a lot of money in Bangladesh, for example. Can be a year’s salary where people are desperate, like, oh. I’ll go work at the work and we dealt with this quite a lot and to I to take down the fraudulent sites as quickly as possible because the longer they’re online the more harmful they are and really the there that the main goal and driver was to make sure no people are harmed yes there’s a harm to the brand we get complaints about it but it doesn’t really affect the brand that much there’s no financial loss for the brand owner in a direct way but there’s definitely a financial loss to the consumer and that is also something that I think as a responsibility of especially big brands you have to take care of

Alexis Crawford Douglas: and I think one of the reasons that we need this broader definition to is to hold the registrars accountable so what do you do when there’s a website like that what what are the actions you said taking it down quickly how fast can it be taken down

Speaker 1: all that widely differs and we’re talking about domain name abuse right I mean a lot of this also happens on social media where typically it’s actually faster with a lot of platforms depends on the platform really but normally then you you have as a first option two options you go to the host that hosts the content on that website if it’s a compliant host and they know what they’re doing and they actually want to play by the rules you can be successful pretty quickly if you’re really lucky within hours such red card what content is taken down if you give it enough enough evidence etc or you go to the registrar which sometimes also compliant but then in some regions of this world they’re not really and you will fall on deaf ears and then it becomes really complicated

Tara Harris: yeah I agree I mean if it falls into a clear phishing attack if there’s a clear phish kit used if there’s a credit card and and you and you as an organizational brand owner have the mechanisms and the knowledge to understand that that is a phishing case you can go in and use sophisticated tools but these costs money and I think what is important is for smaller companies that do not have such a budget or do not necessarily even understand the need for these tools they will not know where to start so again I think trying to trying to explain often even when we get complaints the difference between a phishing attack person a simple infringement attack or for example the job scams which we see we get a lot of complaints where people have handed over very poor personal information, attended online CVs, sent money, sent credit card information. Again, it depends on where it is. Is it on a social media? Often they have three or four dimensional attacks. And so they get very sophisticated. And I think that’s the issue is trying to even, I mean, I’ve been doing this for so many years now and even still these cases that are coming. So is it worth spending the resources? Are they using our trademark? Is that something we can do? Is there a fish kit involved? But again, I think it comes down to having the expertise and skills in your team, the resources and the budgets to know which mechanisms to use.

Speaker 1: And maybe just to add to that, because Tara just said it, the sophistication of these scams has exploded. I mean, as I said, back in the day when there were scams, it was pretty easy to detect. Often the English on those websites was terrible. You know, like, OK, who drafted this? The links were all broken. If you clicked on something, it didn’t work. It was often, at least to the sophisticated eye, pretty obvious. Nowadays with AI, people create websites in minutes, put them up, they look perfect. Go down, next one is put up. And I mean, you gave me an example of fish kits. You just said fish kit. Maybe speak to that a little bit, because that’s really interesting. That’s something that’s rather new, but where whole solutions are offered.

Alexis Crawford Douglas: Hang on. Before we do that, I do want to tie it back to the idea of how long it takes to get something taken down. So if you have the host who’s responsive and sees that there’s some infringement, but if there’s not copyright infringement, where there’s the US DMCA laws that require them to act quickly, if it’s just trademark infringement, just a brand name on there, the host might not act. And the registrar might not take it down, because they don’t know who’s behind it and the risk of taking it down. something down that’s actual real speech, they don’t want to have to make that decision. So then you go through the uniform domain name, the UDRP process, everybody knows, and that takes weeks, right? You finally get a complaint together. You have to hire a lawyer typically to put that together. It costs thousands of dollars. You have to file the fee, and then you have to wait, see if the other side responds, which they probably don’t because it’s bad behavior. They’re going to just put this up on another site. And then the website is still up there for weeks until you can get it taken down, and it’s continuing to harm people. People are continuing to put money in it or be deceived into thinking it’s a real site. And so I think that’s tying that back to why there needs to be that broader definition to put the onus on registrars and governments to make new policies to ensure that these kinds of activities can be stopped faster. And that’s what we’re talking about here with these examples. So I will let Dr. Salman, who’s I think online, chime in a little bit with his experience. And if we can take the PowerPoint slides down and then we can see him, that would be great. Hello. Hello. Good afternoon. We can hear you.

Sameh Salem: this panel, I would like to explore the Egypt efforts for especially financial proofs and the DNA’s abuse. Actually, we have several incidents happened in Egypt, especially related to the financial proofs. For example, in 2023, the authorities arrested 29 individuals, including 13 criminals involved in a major online fraud operation, linked to an app and a mobile application called HomePod. The group arrested and recruited over 20 victims, and getting around $180 million. The protesters were looking for a quick financial gain through the bank. Actually, they used some suspicious activities, including creation of fake wallets, illicit currency transfers. Unfortunately, they used mobile phones, computers, and group messaging tools to carry out their scams. Actually, the funds were funneled abroad and converted into unreasonable cryptocurrency. In this context, the victims cannot claim the financial institute. These are examples happening in Egypt. There is another example of incidents happening in Egypt. A number of patient scams were reported, where individuals sent fake bank messages through SMS messages. or emails that appear to be from a local bank asking the people to update their personal information and provide credit card details. This is another phishing scams already happening. Also, there is fake charity scams, especially in the month of Ramadan. So, in this context, there are, from my point of view, there are two roles. One for the consumer role, and the other for the government role. For the consumer roles, any consumer discovered or gets suspicious, we should report the incident to the responsible boss. This is for the consumer role. For the government role, actually, first, it comes to the government as a cyber incident or a complaint through the hotline or email for register on finance or financial. So, to address this, we did a response plan. First, we validate the complaint by confirming its domains and its relation to the financial institution. Actually, we use tools like QoS or RPRS to gather registrants or details. In some cases, if we could indicate the information, we submit a request to the uniform domain dispute resolution policy, UPRP, to reclaim the domain. host to shut down the received domain or blocking the domain IPs. Actually, we have a national project in Egypt. It’s called the IP Scanner. It scans the national IPs and any suspicious IPs already blocked. And also, if there is a social pages or accounts try to view the scans, it’s already blocked in coordination with the Facebook company. For the prevention plan, actually, we should have proactive monitoring. We scan the domain registration similar to a brand using online brand protection services. We are using anti-mutation tools like email filters, antivirus software, simplication tools, and simplication solutions for emails like DeMarco, STM, or BKM. This is really a simplication just to prevent spammers, phishers, and other unauthorized parts. Fourthly, we build consumer awareness through awareness campaigns, especially on social media, TV, and browser. So we educate the customers to recognize phishing and the virus and share the steps to verify phishing in financial institutions online. Also, we are trying to create a in-reach world. So we had the three roles, a plan for a sponsor plan, and provision plan, and the road to insurance. Thank you.

Alexis Crawford Douglas: Thanks. Thank you, Dr. Sami. That’s very helpful. And I think it also brings up one of the key pieces that government and businesses share the tools. They have the same tools, right? The brand owners, the RDRS. You have to see who’s behind it, right? Who’s behind this bad activity? For government to take action, it’s also impossible for them after the who is information, you know, was taken down to get accurate who is data. So governments rely on that. Intellectual property owners rely on that all to protect consumers. So without that accurate information, it really limits the ability of anyone to figure out who’s behind these websites and get it stopped. I don’t know if the two of you have any more insight on that piece. Yeah.

Tara Harris: I think in the previous session also on DNS abuse, I think it may have been a Brazilian regulator. I joined a bit late. But he was also saying that, you know, not everyone needs to have that information, but at least the platforms do. And I think that should extend to DNS providers and registrars and registries as well. They should also have the right information. I don’t believe that it should necessarily be published. Of course, that would not be GDPR compliant. But I think that if there was at least some mechanism to have that in place, it would assist, especially when a crime is being committed. Because at the moment, it could be that Mickey Mouse from California owns the domain name. And then when you try and uncover the who is, that’s, of course, hidden. And then when you try and even look for where it’s hosted, that’s usually hidden as well behind CloudFare. And so you’re just hit with constant walls when you’re trying to enforce harmful content. And that can be very frustrating when you have customers that are very upset, that are hurt, that have lost money. Similarly, we have HR personnel who are being cloned. And so even our staff are upset. because their privacy is being invaded, people are pretending to be them. So I think, certainly from my side, it’s just, it feels sometimes like multiple walls that block you. And then the normal enforcement mechanisms, if the criminals know what they’re doing, are not always effective.

Speaker 1: You’re very right. And normally in these situations, especially with scams, phishing attacks, time is of the essence, right? I mean, the longer they’re perpetrated, the more, the bigger the harm is. And often it takes quite significant amounts of time to deal with it, to find the information, to get behind it, if you can at all, and then hope that the hosts or the registrars you’re dealing with are actually compliant and see what you’re seeing, right? Or have, sometimes it’s also an issue of internal education of the people dealing with these complaints. Investment by the companies in their workforce to deal because it’s not always that easy. And I understand also from their perspective, sometimes it’s borderline. Are you gonna make that call and take a whole website down that then there might be backlash from the other end, right? That you’re inhibiting speech. It’s not easy, of course. These are not easy questions often to deal with. But that’s why regulation or clearer rules are important to give guidelines on how to deal with such situations.

Alexis Crawford Douglas: Is there anything? You know, open this up. We have one comment from the online participants. Keith Drasic from Verisign. He just added to the. So.

Audience: Thank you. Hi, everybody. My name is Keith Drazek. I’m with VeriSign, the registry operator for .com and .net. Thank you for having this session. It’s very important. I’ll just paraphrase in my comment is that under the ICANN’s new agreements with registries and registrars, a phish is a phish whether there’s IP infringement or not. And ICANN’s GTLD registries and registrars, and I’m drawing a distinction between GTLDs and CCTLDs that don’t have a contract with ICANN, but the GTLD registries and registrars do. And we, as contracted parties to ICANN, now have an affirmative obligation to mitigate these harms, these online harms, these DNS abuse definitions. Phishing is clearly one of them. And if there are registrars or registries in any region that are ignoring well-evidenced reports of phishing, they should be reported to ICANN because ICANN now has the tools to hold them to account. And they have said that if registrars continue to ignore well-evidenced reports of phishing, that they will take action and hold them to account, including deaccreditation. And that is an important tool now in ICANN’s toolbox that didn’t exist before Q1 of this year. So this is a really important conversation, but I wanted to note that ICANN now has the tools that they didn’t used to have. And we’re expecting ICANN to, you know, basically clean up the industry to the extent needed. Thank you.

Alexis Crawford Douglas: Thank you. That’s helpful. I do think that sometimes proving that the phishing – oh, sorry. I do think that sometimes proving the phishing, that connection, you know, having to give personal information about the consumer you know is harmed, what do you do? You know, do you give that email where they said they lost $15,000 with their personal information in it to, you know, prove that? So I think that’s where it gets a little bit fuzzier. It would be easier if you could just say my brand name is on that. That’s not my site. Take it down. But I totally – that’s definitely an excellent point, and we have a question in the front. Hi. put the count of you.

Audience: So my name is Nick Wendman-Smith. I’m the general counsel for Nominet, which is the .UK CCTLD registry. I oversee all of our dispute resolution. I think we have quite a good system. I think it has a good reputation in general terms. And in fact, we do have quite a wide definition under our terms and conditions, which would include any sort of unlawful content. But I just want to sort of just explain, and since we’ve got the FIFA here, I’ll use a football example. So we once had a situation where there was a football manager, quite a famous one called Alex Ferguson managed United. He published his autobiography. I guess it was a ghosted autobiography. Anyway, he had the copyright in it and it was extensively reported when it was published and including on the BBC’s website. And he was pretty cross and he claimed this was an infringement of his copyright on the BBC. So I just want to say that if you extend, if you need to be quite careful about creating firm rules, because operators like to follow firm rules, but if you’re not too careful about widening the scope to, yeah, obviously clear scams would be within scope, but a sort of an arguable copyright infringement, the logical consequence if that was determined, and maybe it was copyright infringement, right? But the DNS level action in that situation would be quite a severe one in the sense that the whole of the BBC’s website and all of their employees’ email addresses would stop working. So I’m just sort of testing the tires in the nicest possible way. The industry generally, certainly the people who participate in these sorts of practices are very responsible, very responsive, have a very strong self-interest, I guess, in terms of the reputation of their own infrastructure and resources. But you just need to be quite careful about over-broad definitions is the point I wanted to make. Thank you.

Alexis Crawford Douglas: And thank you for having the session. It’s very interesting. Thank you.

Speaker 1: Maybe, Tim. Maybe if I may, on that point, and I think you may. make a very good point because as now being on the side of a service provider, right, we sometimes see where we get from brands, you know, lists of websites that in their minds are infringing. And if you took it just for bare value and you go after them, we would have at one point taken out a major Australian retailer or at least tried to. So, yes, there needs to be scrutiny and there needs to be. And it’s often a fine line. And I totally understand from a registry perspective, you know, you are not you can’t take the point of a court. You know, I mean, that’s that’s not what you’re supposed to do. And I totally get that.

Alexis Crawford Douglas: Yeah, I think we have one question over here and then we’ll go back to the examples.

Audience: Hi, thank you, Andrew Campling, 419 Consulting and DNS enthusiast. Just a couple of quick points for the education absolutely helps pick up one of the points that was said by the panel. But when you’ve got mixed alphabets of say Latin and Cyrillic letters, even if you’re actively looking, it’s really difficult to spot it. So maybe we I can others need to think about whether we should not allow mixed alphabets in domain names. But then just two brief points. One is informational point, the speed of exploitation. And there’s research from early this year, which says that the sites are created and exploited within an hour. And if you don’t act within 24 hours, they’re no longer interested. They’ve stopped using them. They’re on to the next one. So it’s you have minutes before the exploits begin. It’s quite scary. And then the second one, which is building what’s been done already, let’s build some more friction into the system. So I know your customer is tremendously valuable here. If a domain isn’t linked to a real person or a legal entity. mark the reputation down on the threat feeds, then it’s hard to access the system for many internet users, then it becomes a lot less useful. So it raises good behavior. Those sites are more valuable and penalizes the registries, registrars that are allowing these bad practices. So, you know, build on the good practice of ICANN and Nominet and others, and make the bad actors less successful.

Alexis Crawford Douglas: You spoiled our punchline. I’m just kidding. The know your customer idea, I think we’ll get to that too, because I think that’s a good threshold.

Audience: Alexis, just if you allow me to answer one very important question he mentioned about the other languages, internationalized domain names, what we call sometimes. We were part from the beginning when they start, for example, some of this, and at the same time, I was part of the Arabic, for example, script, and we banned some characters, which sometimes looks a little bit different or similar to each other. I expect the other languages did something similar. For example, not allowed to say in French, the accent without something or something like this. So I think it’s, yes, it’s, but I agree with you. It needs more technical solutions. And to Nominet comment, if you allow me, I like that Tokyo cases runtime is one of the best, of course, in handling everything. So I know that many CCTLDs, INTA, for example, did something recently in the UAE, and the .ie now follows some kind of similar to UDRP to try to help these DNF abuses and so on. Just wanted to share this with you. Thank you.

Alexis Crawford Douglas: Discussing the other day, the short form that .uk has, it’s much simpler and easier to get things taken down. So definitely a leader. And I think we were also discussing recently that the NAS2 regulations coming into force in the EU or being adopted will also have an impact on understanding who’s behind domain names and having more veracity behind who’s registering these and getting them stopped. With other examples, I think we were talking yesterday to just get back into the examples a little bit to keep hitting at, it’s not just phishing or financial fraud. We were talking about the products last night. And if you could just mention that, the average consumer being online, how does that work? this affect them too?

Tara Harris: Okay, about counterfeits, I recently got asked by one of our platforms, we have multiple platforms, we have B2C but we also have you know classifieds where we’ve got consumers, but on one of our platforms we got some really bad press on one of the journalistic shows saying that we’re the place for counterfeits and of course the business was very upset, they sort of trademark program a bit like the Amazon program, it’s only relevant to African trademarks being that that’s their market and it turned out that there was a anti-choking device that was being sold and it was a counterfeit and of course we did not know that and the consumer when they bought the product realized, but the good thing in this situation was it was on our platform so we could immediately ban the seller, take appropriate legal action, but what we were talking about is the example of this, whilst it is a small device, it’s an anti-choking device, this is not something you want a counterfeit and if this was being sold on domain names for example, this could be very dangerous and given that this counterfeit product in circulation, it’s obviously being sold in many places, so in my view that’s an example of quite a dangerous product, I mean people talk about, we’ve spoken about baby car seats, we’ve heard of baby formula and all sorts of things that could really have sort of life or death, could be really dangerous.

Alexis Crawford Douglas: And I think the hook there too is that it’s so many, we talked about it before with AI and I’ve seen this explode in the last year, like my desk has gotten a lot busier with these kinds of issues because it’s gotten a lot easier to put up websites that look like a real website selling this anti-choking device and people think this must be authentic, this must be real, let me go in here and put an order in and nothing ever comes or they get something that doesn’t work, so it’s so much easier to pretend to be real and Daniel touched on that earlier also. Daniel, I don’t know if you have more examples of those kinds of issues with domain names. I mean, what do you also, Tom?

Speaker 1: sometimes see where it’s also smaller companies, right? Where then it gets more difficult because they might not even have trademark protection. You know, they’re up and coming startups, but that get, you know, quite prominent or successful in their small area, in their region only, but haven’t even gotten to that point yet. And then if you don’t have a trademark, then it gets more difficult to take action. And I mean, we had a case with an asset manager that just never thought about it really. They didn’t need it. They were like, well, I only work in a small area, but somehow their site got cloned. Wasn’t a one-to-one, but their address was on there, their information. And instead of being able to buy whatever financial products they were offering, it related to crypto. And it just had wallet addresses. They were like, oh, you want to now invest with us here? Just send it to us. I mean, if you do that, your money’s gone. As simple as that, right? And in that situation, we were just lucky that the host that was hosting the site was very compliant and understood very quickly. Yeah, we see it. This is a scam, took it down, was over. But, you know, maybe the infringer there wasn’t even that smart because they used a compliant host. Often the infringers know what they’re doing. The scammers know that they go to hosts where it will take a while for things to disappear online. So, you know, it happens every day. And I think it, and it can happen to anyone. I mean, often the scams are so sophisticated that we might be duped.

Alexis Crawford Douglas: Well, yeah, but I was also thinking about, some of the discussions we’ve had, and I’d welcome the audience’s participation in inclusion and digital literacy and more people getting online and having access to the internet and not understanding, you know, what’s real and what’s fake. You know, there’s these products. There’s also, you know, services, fake tech support, fake customer service attack. You know, attackers might impersonate the customer service portals of legitimate companies. You know, I’m not gonna name any because I don’t have any examples, but, you know, you think of the biggest tech companies you can think of and someone, you know, mistypes their name in and, you know, they have a fake chat service, fake phone numbers. Someone might contact these consumers thinking, you know, and they’re, you’re new to the internet. Think if you never, you know, saw this before and you’re like, oh, I know, I’ve heard of that big tech company. Maybe I’m online. This must be their tech support helping me with my new email account or something like that. And pretending to be these agents, the victims tricked into giving remote access on their device or paying for services that aren’t needed. You know, and malware, of course, is covered by the new definition. But, you know, there’s things that are not as bad as phishing or malware, still bad, and it’s still harming consumers. And so I guess, have you guys had, taking it from the counterfeit piece really to the services piece where it’s not as tangible, right, it’s not as here’s the evidence of this, you know, financial harm, but also hurts the brand owner who the customers now think, you know, this is a, what’s going on here, you know, they’ve taken my information. So Tara, can you weigh in?

Tara Harris: Yeah, I think one of the big ones, big problems we have at the moment, Daniel, Samantha, we’ve got two types of scams, investment scams and job scams. And job scams, I think really, you know, people talk about fundamental human rights and the right to work is one of them. And so people are desperate, right? And what happens is these scammers tend to advertise these remote jobs with our company, and they’re really, you know, targeting vulnerable people that are desperate, that are looking for money. And then they make them apply for the jobs, they get all their personal information. And, you know, I spoke to an external lawyer about this, and he said that some of his big clients, the person has been tricked and have actually gone on a plane. And so this almost becomes a sort of human trafficking issue. This has not happened to us. But you can see how easily this could happen. Someone who’s desperate, and so I’ve got this offer, and I’m getting some money, because they do start paying in the beginning, they only hook you in a little bit later. The other one is, of course, investment scams. And we’ve, we had, you know, whilst we were whilst we’re a public listed company, you know, you have to go to your broker and buy the stocks, we don’t sell them. And what we found were people were going offline, first of all, and going into retirement homes and other sort of places where very vulnerable people were, and then showing them all these ways that they can invest with us and then bringing them back to work. websites that either look like ours to try and get information to either get a hold of their own shares. So these are the kind of things we see where vulnerable people are targeted.

Alexis Crawford Douglas: That’s perfect. And I think developing those kinds of secure, standardized access mechanisms for entities like yours and others to get the information as to who’s behind this and how do we stop it, it needs to be more clear and it needs to be more accessible. Daniel, did you have more services? And I don’t wanna ignore people online if there’s anything going on.

Speaker 1: One final thing is that what we’ve seen quite a lot in the past is impersonation issues where CEOs of big companies, et cetera, their identities are stolen in that sense and used again for scams, mostly investment stuff. And it’s not about quenching criticism of a company often, they’re really used, the personas are used to drive certain behaviors from consumers that are harmful for them. And I think that’s quite a big topic at the moment with a lot of companies that impersonation has excelled but to be honest, mostly on social media, rather than from my experience, rather than websites, but it’s definitely a field that is being watched right now. And then you have the whole deepfake issue, that personas are created, interviews are being put out there on websites, et cetera, that are just made up.

Alexis Crawford Douglas: And the way that that ties back into, rather than moderating content, but tying back to that idea of being able to put up these websites at domain names that look legitimate, right? With the deepfakes or even, I’m thinking of websites that you can put up, technology that’s available now, you can put up websites that aren’t, that have photos on them or things like that that aren’t even copyright infringement, right? You can’t take it down through a host because the photo isn’t real, because AI made it and it was an amalgamation of numerous photos. And so, those kinds of issues that have just gotten more sophisticated and make it, really necessary for more policing and more effective, I think, abilities to take action online. I don’t know if Dr. Sameh, if you had any more examples or thoughts on what was being said here this afternoon. Is he unmuted? Oops, sorry. Technical issues. If anyone in the room has any examples of this or dealt with this in their own region, we’d really be interested in hearing about it because I think it’s not just a US or European issue. Hello?

Sameh Salem: Sorry, I’m just trying to say to stop what you are using me. We have similar issues. I agree with my colleagues about what was being said. The key concern, especially for fake stores, and showing scams, and impersonation, is, for example, for fake stores and counterfeit goods, actually, it damages the customer trust and compromises safety and undermines the business. So, actually, we should consider, again, as my colleague said, you have to enhance the consumer awareness. You have to increase the customer, the consumers, and the finders, and simply through official channels and avoiding unofficial marketplaces. Also, there is a need for cross-sector collaboration. We need to encourage that collaboration between brands and the governments and the platforms to lift and help against counterfeit activities. Actually, we… we need also to strengthen intellectual property laws. Actually, we have an issue in Egypt happened in July before. Actually, suddenly there are fake Apple stores in Egypt. So, the Apple Inc. filed a lawsuit against the stores in Egypt using its logo and selling counterfeit products. So, actually, in Egypt, they already have a legislation for that, for the intellectual property rights, law number 284 in 2002. So, actually, it is already protected. There are many stores already and we already did actions against the fake stores. Also, we have the same in Egypt for the pharma, for the medicines, especially for the fake medicines. Actually, there are some social media and Facebook accounts selling out-of-date medicines and fake medicines as well. But actually, we already, the government, again, the government did an announcement for establishing the Egypt-owned drug authority just to come at a good time to stop the cases of fake drugs in the country. So, the legal remorse already is necessary and the education and educate the consumers just to be clear about most of the scams. So, the ambition for the third one is the technology-driven solution. We have to leverage the blockchain and the R&D. especially as my colleagues said, the defect, we have to use new techniques and the AI just to discover any malicious activity. Thank you.

Alexis Crawford Douglas: Thank you. I think those are excellent points. And the idea of the fake drugs brought me to another example, medicine. And we talked about this a lot in our committee as we were preparing for this presentation. There are people that are part of pharmaceutical companies and I’ve had issues on behalf of pharmaceutical companies where the website, again, looks like a good website and it’s selling steroids or drugs that are very harmful. And do you wait and do a fake purchase to see if it’s an actual site or do you just get it taken down? And these are regulated companies, right? The medicine, the pharmaceutical companies are regulated companies. They are worried about these products. They do not want consumers to be harmed. They don’t want people taking these. They want these down quickly. And so doing a whole UDRP proceeding again, which turned out to be the only option in one of our examples, it just, it takes a long time and someone could be hurt in the process. So I think that’s what all of the people’s go to, but I think another comment from the audience. Yeah.

Audience: Thank you. So thanks again, Keith Drezik with VeriSign. Again, I typed into chat, but I’ll just paraphrase. As we refer to domain names throughout this conversation, I think it’s really important to recognize the distinction between domains that have been registered with the purpose of and the exclusive use to perpetrate or propagate harm, right? DNS abuse, phishing, farming, malware, botnet command and control, whatever it may be. you know, in the instance where there’s a domain that is being registered and used exclusively for that purpose, then absolutely the registrar registry is in the most appropriate position to deal with that because you take the domain name down, everything associated with that domain name is, you know, being used or intentionally used for harm, then that’s appropriate. However, if you’re talking about a compromised website where a perfectly legitimate website has been hacked and malware is being distributed or a portion of that website is being used for phishing or for illegal activity, then the most appropriate actor in that case is the web host because they’re able to, in a very targeted way, deal with that bit of harm on the website or, you know, in that hosting platform. Whereas if you were to take the domain name down in that case, everything associated with that domain name would be negatively and disproportionately impacted. Email was an example that was used, right? You know, and so I think as we in the registry and registrar in the DNS space think about it, the distinction between a maliciously registered name or a name that’s been registered for exclusive malicious use versus the compromised website is just an important distinction and that really points you to who the most appropriate actor is when it comes to the mitigation. Thanks. Thank you. That’s an excellent point. So we’re heading up on time. I think we have one more. We can, yeah, go ahead, Charles. Is it okay? Okay. Thank you very much. Thank you for giving me this opportunity to share the experience of the .cm ccTLD on those issues. We have included in our .cm charter some measures to mitigate the case of misuse of domain names. And when we are informed of an abusive use of domain name, and when we have enough evidence, we just suspend the name. And I think that it can be a very good way of dealing with this kind of problem. So thank you very much. DotCM is dotCameron. Thank you. Thank you very much.

Alexis Crawford Douglas: Thank you for that. Excellent. Well, now that we’re done on time, is there anybody else over here? Great. Oh, come on. Thank you. My name. Thank you. Can you hear me?

Audience: My name is Thuy. I’m from .vn. And I just thank you for giving the time. And I would like to have a question that for .vn, for example, for abuse domain name, we suspend and we can come to delete at the colleagues from Habitat there. But I would like to ask ICANN and Registry and Registrar like the very side. As you share, ICANN and Registry and Registrar apply the, how to say, many way to shut down the domain, but by our observation, there are still quite a lot website using in Vietnam that is a fake website. Even they fake even the governmental website. So can you have for us, in such situation, what the best method to shut them down? Thank you.

Alexis Crawford Douglas: I think you’re welcome. I don’t know if you guys wanna weigh in on that, but I think that’s the very issue here is what is the best way? Sorry, no, you’re just putting your headset on. What is the best way to shut down testing? a website that isn’t a .vm or a .country domain name. And that is what we were talking about here today is the .coms and the .sites, .everything else. I think it happens less on the country domain name issues. So the processes that we discussed is contacting the registrar, contacting the hosts or using a UDRP or other mechanism for transferring the domain names. I don’t know if you guys have more to add on that piece, but I know we’re coming up on time. So I think we’ll put our takeaways together, but thank you everyone for joining us and for this opportunity. Thank you.

Agreement Points

DNS abuse extends beyond traditional cybersquatting

Alexis Crawford Douglas

Tara Harris

Daniel Zani

DNS abuse extends beyond cybersquatting to fraudulent activities harming consumers

Job scams and investment scams target vulnerable populations

Sophisticated scams using AI and deepfakes are harder to detect

The speakers agree that DNS abuse has evolved to include a wide range of fraudulent activities that directly harm consumers, going beyond simple cybersquatting.

Current mechanisms for addressing DNS abuse are insufficient

Alexis Crawford Douglas

Tara Harris

Daniel Zani

ICANN’s narrow definition of DNS abuse limits ability to address broader harms

Difficulty in quickly taking down fraudulent websites due to complex processes

Need for clearer rules and guidelines on addressing DNS abuse

The speakers concur that existing mechanisms and definitions for addressing DNS abuse are inadequate to deal with the evolving nature and scope of the problem.

Similar Viewpoints

Both speakers highlight the dangers of counterfeit products sold online, emphasizing the safety risks these pose to consumers, particularly in critical areas like medicine and safety devices.

Tara Harris

Sameh Salem

Counterfeit products sold online pose safety risks to consumers

Fake online pharmacies selling harmful counterfeit medicines

These speakers agree on the need for advanced technological solutions and proactive measures to combat increasingly sophisticated forms of DNS abuse.

Tara Harris

Daniel Zani

Sameh Salem

Need for proactive domain monitoring and quick takedown procedures

Sophisticated scams using AI and deepfakes are harder to detect

Leveraging new technologies like AI to detect malicious activity

Unexpected Consensus

Importance of balancing abuse mitigation with legitimate use

Audience

Daniel Zani

Overly broad definitions of DNS abuse could lead to censorship of legitimate content

Need for clearer rules and guidelines on addressing DNS abuse

There was an unexpected consensus between an audience member and Speaker 1 on the need for careful consideration in defining and addressing DNS abuse to avoid unintended consequences for legitimate content and services.

Overall Assessment

Summary

The main areas of agreement centered on the evolving nature of DNS abuse, the inadequacy of current mechanisms to address it, and the need for more sophisticated and proactive approaches to combat these issues.

Consensus level

There was a moderate to high level of consensus among the speakers on the core issues surrounding DNS abuse. This consensus suggests a growing recognition of the problem’s complexity and the need for collaborative, multi-stakeholder approaches to address it effectively. However, there were also nuanced differences in perspectives, particularly regarding the balance between combating abuse and protecting legitimate online activities.

Different Viewpoints

Definition and scope of DNS abuse

Alexis Crawford Douglas

Audience

ICANN’s narrow definition of DNS abuse limits ability to address broader harms

Overly broad definitions of DNS abuse could lead to censorship of legitimate content

While Alexis Crawford Douglas argues for a broader definition of DNS abuse to address a wider range of harmful activities, an audience member cautions that overly broad definitions could potentially lead to censorship of legitimate content.

Unexpected Differences

Balancing consumer protection and freedom of expression

Alexis Crawford Douglas

Audience

DNS abuse extends beyond cybersquatting to fraudulent activities harming consumers

Overly broad definitions of DNS abuse could lead to censorship of legitimate content

While the main focus of the discussion was on combating DNS abuse and protecting consumers, an unexpected point of contention arose regarding the potential impact on freedom of expression. This highlights the complex balance between consumer protection and preserving online freedoms.

Overall Assessment

summary

The main areas of disagreement centered around the definition and scope of DNS abuse, the speed and effectiveness of takedown procedures, and the balance between consumer protection and freedom of expression.

difference_level

The level of disagreement among the speakers was moderate. While there was general consensus on the need to address DNS abuse more effectively, there were significant differences in opinions on how to achieve this goal. These disagreements highlight the complexity of the issue and the need for careful consideration of various stakeholder perspectives in developing policies and strategies to combat DNS abuse.

Partial Agreements

All speakers agree on the need for faster and more effective mechanisms to address DNS abuse, but they differ on the specific approaches. While some advocate for broader definitions and quicker takedown procedures, others emphasize the need for clearer guidelines and distinctions between different types of abuse.

Alexis Crawford Douglas

Tara Harris

Daniel Zani

Audience

Difficulty in quickly taking down fraudulent websites due to complex processes

Need for proactive domain monitoring and quick takedown procedures

Need for clearer rules and guidelines on addressing DNS abuse

Time is critical – exploitation of fraudulent sites happens within hours

Similar Viewpoints

Both speakers highlight the dangers of counterfeit products sold online, emphasizing the safety risks these pose to consumers, particularly in critical areas like medicine and safety devices.

Tara Harris

Sameh Salem

Counterfeit products sold online pose safety risks to consumers

Fake online pharmacies selling harmful counterfeit medicines

These speakers agree on the need for advanced technological solutions and proactive measures to combat increasingly sophisticated forms of DNS abuse.

Tara Harris

Daniel Zani

Sameh Salem

Need for proactive domain monitoring and quick takedown procedures

Sophisticated scams using AI and deepfakes are harder to detect

Leveraging new technologies like AI to detect malicious activity

Key Takeaways

DNS abuse has expanded beyond cybersquatting to include sophisticated fraudulent activities that harm consumers

Current definitions and mechanisms for addressing DNS abuse are often too narrow or slow to effectively combat evolving threats

Fraudulent websites, counterfeit products, and scams targeting vulnerable populations are major forms of DNS abuse

Quickly identifying and taking down abusive sites is critical, but challenging due to complex processes and lack of accurate registrant data

Consumer education and awareness are important components in combating DNS abuse

New technologies like AI are being leveraged both by scammers and those fighting abuse

Resolutions and Action Items

ICANN now has tools to hold registrars accountable for ignoring well-evidenced reports of phishing

Some ccTLDs like .cm have implemented measures to quickly suspend abusive domain names

There is a need to strengthen intellectual property laws and increase cross-sector collaboration to combat counterfeit activities

Unresolved Issues

How to balance broad definitions of abuse with protecting legitimate speech and content

Best practices for quickly identifying and taking down abusive sites across different TLDs and jurisdictions

How to effectively combat sophisticated scams using AI and deepfakes

Addressing the lack of accurate WHOIS data while maintaining privacy protections

Suggested Compromises

Registrars and registries should have access to accurate registrant data, even if it’s not publicly available

Distinguish between maliciously registered domains and compromised legitimate websites when taking action

Balance consumer protection with the need for due process in domain takedowns

Nowadays with AI, people create websites in minutes, put them up, they look perfect. Go down, next one is put up.

speaker

Daniel Zani

reason

This comment highlights how AI has dramatically increased the sophistication and speed of online scams, making them much harder to detect and combat.

impact

It shifted the discussion to focus more on the technological challenges of combating modern DNS abuse, rather than just legal or policy approaches.

We have several incidents happened in Egypt, especially related to the financial proofs. For example, in 2023, the authorities arrested 29 individuals, including 13 criminals involved in a major online fraud operation, linked to an app and a mobile application called HomePod.

speaker

Dr. Sameh Salem

reason

This comment provided a concrete, real-world example of DNS abuse and its consequences, grounding the theoretical discussion in practical reality.

impact

It broadened the conversation to include perspectives from different regions and highlighted the global nature of the problem.

Under the ICANN’s new agreements with registries and registrars, a phish is a phish whether there’s IP infringement or not. And ICANN’s GTLD registries and registrars… now have an affirmative obligation to mitigate these harms, these online harms, these DNS abuse definitions.

speaker

Keith Drasek

reason

This comment introduced important information about recent policy changes that give ICANN more tools to combat DNS abuse.

impact

It shifted the discussion towards the role of policy and regulation in addressing DNS abuse, and highlighted the progress being made in this area.

I think we need to be quite careful about creating firm rules, because operators like to follow firm rules, but if you’re not too careful about widening the scope… the logical consequence if that was determined… would be quite a severe one in the sense that the whole of the BBC’s website and all of their employees’ email addresses would stop working.

speaker

Nick Wendman-Smith

reason

This comment raised an important counterpoint about the potential unintended consequences of overly broad definitions or rules for combating DNS abuse.

impact

It added nuance to the discussion and highlighted the complexity of balancing effective action against abuse with protecting legitimate online activity.

Overall Assessment

These key comments shaped the discussion by broadening its scope from a focus on defining DNS abuse to exploring its practical impacts, technological challenges, policy responses, and potential pitfalls. They helped to create a more comprehensive and nuanced understanding of the complexities involved in combating DNS abuse effectively while minimizing unintended consequences.

How can the process of taking down harmful websites be expedited?

speaker

Alexis Crawford Douglas

explanation

The current process of taking down harmful websites can take weeks, allowing continued harm to consumers. A faster process is needed to mitigate damage.

How can smaller companies without large budgets effectively combat DNS abuse?

speaker

Tara Harris

explanation

Smaller companies often lack the resources and knowledge to use sophisticated tools for combating DNS abuse, leaving them vulnerable.

What mechanisms can be implemented to ensure accurate WHOIS data while maintaining GDPR compliance?

speaker

Tara Harris

explanation

Accurate WHOIS data is crucial for identifying bad actors, but privacy concerns under GDPR make this challenging.

How can mixed alphabet domain names (e.g., Latin and Cyrillic) be regulated to prevent deception?

speaker

Andrew Campling

explanation

Mixed alphabet domain names can be used to create deceptive websites that are difficult for users to identify as fraudulent.

What technology-driven solutions, such as blockchain and AI, can be leveraged to combat DNS abuse?

speaker

Sameh Salem

explanation

Emerging technologies may offer new ways to detect and prevent malicious online activities.

How can cross-sector collaboration between brands, governments, and platforms be encouraged to fight against counterfeit activities?

speaker

Sameh Salem

explanation

Collaboration across different sectors could lead to more effective strategies for combating DNS abuse and counterfeit activities.

What are the most effective methods for shutting down fake websites, especially those impersonating government sites?

speaker

Thuy (audience member)

explanation

There is a need for clear, effective processes to shut down fraudulent websites, particularly those impersonating official government sites.