Analytics // Security Monitoring
12/2/2010
08:39 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Feds' Crackdown Of Online Counterfeit, Copyrighted Goods Meets DNS Backlash

Alternative DNS systems emerge to pick up seized domains

In the wake of federal crackdowns, such as the U.S. Immigration and Customs Enforcement's (ICE) mass seizure yesterday of 82 domain names of websites illegally selling and distributing counterfeit and copyrighted items, a group is building out a new point-to-point DNS system as a way for sites to dodge future domain takeovers by the feds.

The so-called "LostServers" website is also hard-coding IP addresses of the deleted domains into its DNS system to help visitors access the sites whose domains have been shuttered. "The U.S. government is going to have to have ISPs start blocking access to these alternative domain servers or I think this will become popular," says Chris Wysopal, CTO at Veracode.

Meanwhile, the new Dot-P2P Project says its goal is to combat DNS-level censoring with a decentralized, Bit Torrent-powered system. "By creating a .p2p TLD that is totally decentralized and that does not rely on ICANN or any ISP's DNS service, and by having this application mimic force-encrypted bittorrent traffic, there will be a way to start combating DNS level based censoring like the new US proposals as well as those systems in use in countries around the world including China and Iran amongst others," the Dot-P2P Project page says.

The U.S. ICE's Operation In Our Sites v. 2.0 announcement yesterday is the latest move by federal officials to crack down on online sales of counterfeit sports equipment, shoes, handbags, athletic apparel, sunglasses, and illegal copies of copyrighted DVDs, music, and software. In June, the feds seized nine domains that streamed first-run movies online.

Yesterday's domain takedowns came with the help of VeriSign. "VeriSign received sealed court orders directing certain actions to be taken with respect to specific domain names, and took appropriate actions," a company spokesperson said in a statement. VeriSign declined to comment further on the case.

Among the domains seized were names like coachoutletfactory.com, louis-vuitton-outlet-store.com, nfljerseysupply.com, and dvdscollection.com. A full list of the seized domains is here (PDF).

"By seizing these domain names, we have disrupted the sale of thousands of counterfeit items, while also cutting off funds to those willing to exploit the ingenuity of others for their own personal gain," said Attorney General Eric Holder, in a statement. "Intellectual property crimes are not victimless. The theft of ideas and the sale of counterfeit goods threaten economic opportunities and financial stability, suppress innovation and destroy jobs. The Justice Department, with the help of our law enforcement partners, is changing the perception that these crimes are risk-free with enforcement actions like the one announced today."

Garth Bruen, founder of KnujOn, says there has been a general shift the past six months in cracking down on cybercrime in the U.S. "This has been a strange case since it did not happen at the registrar level -- GoDaddy, in this case -- it happened at the registry-level, with VeriSign, which handles .com," Bruen says. "This only worked probably because VeriSign is a U.S. company...Customs must have made a compelling case to VeriSign because they have been previously uncooperative in this area."

Bruen, whose organization helps track phony online pharmacies, says if ICE were to go after .com pharmacy sites in this manner, there would be tens of thousands of these domains to take over.

Meanwhile, the new Dot-P2P DNS system in the works will be free to users, but participants must demonstrate they are legitimate and own a similar domain before registering, according to a blog post on TorrentFreak. Users of the system will run an application on their system to access domains.

Veracode's Wysopal says the peer-to-peer sharing concept is obviously nothing new and could be done today. "P2P is a much better use of resources, and it's more resilient. You can transfer a file without going over the Internet backbone," he says. "Will we see other services start to move to that?"

But the real challenge, he says, is trusting the data in a shared host file as well as the sender of the file. "There would need to be some way for a person to authenticate that they were the valid owner of a domain and could give the correct information to be added to the file, " Wysopal says. "With the LostServers.com method, [for example], you are basically trusting LostServers to do the right thing. Something people don't often think about is you are trusting your ISP to give you the correct DNS information and send you to the correct site."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4594
Published: 2014-10-25
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

CVE-2014-0476
Published: 2014-10-25
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

CVE-2014-1927
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928....

CVE-2014-1928
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulner...

CVE-2014-1929
Published: 2014-10-25
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.