Analytics // Security Monitoring
12/2/2010
08:39 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Feds' Crackdown Of Online Counterfeit, Copyrighted Goods Meets DNS Backlash

Alternative DNS systems emerge to pick up seized domains

In the wake of federal crackdowns, such as the U.S. Immigration and Customs Enforcement's (ICE) mass seizure yesterday of 82 domain names of websites illegally selling and distributing counterfeit and copyrighted items, a group is building out a new point-to-point DNS system as a way for sites to dodge future domain takeovers by the feds.

The so-called "LostServers" website is also hard-coding IP addresses of the deleted domains into its DNS system to help visitors access the sites whose domains have been shuttered. "The U.S. government is going to have to have ISPs start blocking access to these alternative domain servers or I think this will become popular," says Chris Wysopal, CTO at Veracode.

Meanwhile, the new Dot-P2P Project says its goal is to combat DNS-level censoring with a decentralized, Bit Torrent-powered system. "By creating a .p2p TLD that is totally decentralized and that does not rely on ICANN or any ISP's DNS service, and by having this application mimic force-encrypted bittorrent traffic, there will be a way to start combating DNS level based censoring like the new US proposals as well as those systems in use in countries around the world including China and Iran amongst others," the Dot-P2P Project page says.

The U.S. ICE's Operation In Our Sites v. 2.0 announcement yesterday is the latest move by federal officials to crack down on online sales of counterfeit sports equipment, shoes, handbags, athletic apparel, sunglasses, and illegal copies of copyrighted DVDs, music, and software. In June, the feds seized nine domains that streamed first-run movies online.

Yesterday's domain takedowns came with the help of VeriSign. "VeriSign received sealed court orders directing certain actions to be taken with respect to specific domain names, and took appropriate actions," a company spokesperson said in a statement. VeriSign declined to comment further on the case.

Among the domains seized were names like coachoutletfactory.com, louis-vuitton-outlet-store.com, nfljerseysupply.com, and dvdscollection.com. A full list of the seized domains is here (PDF).

"By seizing these domain names, we have disrupted the sale of thousands of counterfeit items, while also cutting off funds to those willing to exploit the ingenuity of others for their own personal gain," said Attorney General Eric Holder, in a statement. "Intellectual property crimes are not victimless. The theft of ideas and the sale of counterfeit goods threaten economic opportunities and financial stability, suppress innovation and destroy jobs. The Justice Department, with the help of our law enforcement partners, is changing the perception that these crimes are risk-free with enforcement actions like the one announced today."

Garth Bruen, founder of KnujOn, says there has been a general shift the past six months in cracking down on cybercrime in the U.S. "This has been a strange case since it did not happen at the registrar level -- GoDaddy, in this case -- it happened at the registry-level, with VeriSign, which handles .com," Bruen says. "This only worked probably because VeriSign is a U.S. company...Customs must have made a compelling case to VeriSign because they have been previously uncooperative in this area."

Bruen, whose organization helps track phony online pharmacies, says if ICE were to go after .com pharmacy sites in this manner, there would be tens of thousands of these domains to take over.

Meanwhile, the new Dot-P2P DNS system in the works will be free to users, but participants must demonstrate they are legitimate and own a similar domain before registering, according to a blog post on TorrentFreak. Users of the system will run an application on their system to access domains.

Veracode's Wysopal says the peer-to-peer sharing concept is obviously nothing new and could be done today. "P2P is a much better use of resources, and it's more resilient. You can transfer a file without going over the Internet backbone," he says. "Will we see other services start to move to that?"

But the real challenge, he says, is trusting the data in a shared host file as well as the sender of the file. "There would need to be some way for a person to authenticate that they were the valid owner of a domain and could give the correct information to be added to the file, " Wysopal says. "With the LostServers.com method, [for example], you are basically trusting LostServers to do the right thing. Something people don't often think about is you are trusting your ISP to give you the correct DNS information and send you to the correct site."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant