Analytics // Security Monitoring
12/2/2010
08:39 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Feds' Crackdown Of Online Counterfeit, Copyrighted Goods Meets DNS Backlash

Alternative DNS systems emerge to pick up seized domains

In the wake of federal crackdowns, such as the U.S. Immigration and Customs Enforcement's (ICE) mass seizure yesterday of 82 domain names of websites illegally selling and distributing counterfeit and copyrighted items, a group is building out a new point-to-point DNS system as a way for sites to dodge future domain takeovers by the feds.

The so-called "LostServers" website is also hard-coding IP addresses of the deleted domains into its DNS system to help visitors access the sites whose domains have been shuttered. "The U.S. government is going to have to have ISPs start blocking access to these alternative domain servers or I think this will become popular," says Chris Wysopal, CTO at Veracode.

Meanwhile, the new Dot-P2P Project says its goal is to combat DNS-level censoring with a decentralized, Bit Torrent-powered system. "By creating a .p2p TLD that is totally decentralized and that does not rely on ICANN or any ISP's DNS service, and by having this application mimic force-encrypted bittorrent traffic, there will be a way to start combating DNS level based censoring like the new US proposals as well as those systems in use in countries around the world including China and Iran amongst others," the Dot-P2P Project page says.

The U.S. ICE's Operation In Our Sites v. 2.0 announcement yesterday is the latest move by federal officials to crack down on online sales of counterfeit sports equipment, shoes, handbags, athletic apparel, sunglasses, and illegal copies of copyrighted DVDs, music, and software. In June, the feds seized nine domains that streamed first-run movies online.

Yesterday's domain takedowns came with the help of VeriSign. "VeriSign received sealed court orders directing certain actions to be taken with respect to specific domain names, and took appropriate actions," a company spokesperson said in a statement. VeriSign declined to comment further on the case.

Among the domains seized were names like coachoutletfactory.com, louis-vuitton-outlet-store.com, nfljerseysupply.com, and dvdscollection.com. A full list of the seized domains is here (PDF).

"By seizing these domain names, we have disrupted the sale of thousands of counterfeit items, while also cutting off funds to those willing to exploit the ingenuity of others for their own personal gain," said Attorney General Eric Holder, in a statement. "Intellectual property crimes are not victimless. The theft of ideas and the sale of counterfeit goods threaten economic opportunities and financial stability, suppress innovation and destroy jobs. The Justice Department, with the help of our law enforcement partners, is changing the perception that these crimes are risk-free with enforcement actions like the one announced today."

Garth Bruen, founder of KnujOn, says there has been a general shift the past six months in cracking down on cybercrime in the U.S. "This has been a strange case since it did not happen at the registrar level -- GoDaddy, in this case -- it happened at the registry-level, with VeriSign, which handles .com," Bruen says. "This only worked probably because VeriSign is a U.S. company...Customs must have made a compelling case to VeriSign because they have been previously uncooperative in this area."

Bruen, whose organization helps track phony online pharmacies, says if ICE were to go after .com pharmacy sites in this manner, there would be tens of thousands of these domains to take over.

Meanwhile, the new Dot-P2P DNS system in the works will be free to users, but participants must demonstrate they are legitimate and own a similar domain before registering, according to a blog post on TorrentFreak. Users of the system will run an application on their system to access domains.

Veracode's Wysopal says the peer-to-peer sharing concept is obviously nothing new and could be done today. "P2P is a much better use of resources, and it's more resilient. You can transfer a file without going over the Internet backbone," he says. "Will we see other services start to move to that?"

But the real challenge, he says, is trusting the data in a shared host file as well as the sender of the file. "There would need to be some way for a person to authenticate that they were the valid owner of a domain and could give the correct information to be added to the file, " Wysopal says. "With the LostServers.com method, [for example], you are basically trusting LostServers to do the right thing. Something people don't often think about is you are trusting your ISP to give you the correct DNS information and send you to the correct site."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.