Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/30/2010
05:48 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Feds' Crackdown Of Online Counterfeit, Copyrighted Goods Meets DNS Backlash

Alternative DNS systems emerge to pick up seized domains

In the wake of federal crackdowns, such as the U.S. Immigration and Customs Enforcement's (ICE) mass seizure yesterday of 82 domain names of websites illegally selling and distributing counterfeit and copyrighted items, a group is building out a new point-to-point DNS system as a way for sites to dodge future domain takeovers by the feds.

The so-called "LostServers" website is also hard-coding IP addresses of the deleted domains into its DNS system to help visitors access the sites whose domains have been shuttered. "The U.S. government is going to have to have ISPs start blocking access to these alternative domain servers or I think this will become popular," says Chris Wysopal, CTO at Veracode.

Meanwhile, the new Dot-P2P Project says its goal is to combat DNS-level censoring with a decentralized, Bit Torrent-powered system. "By creating a .p2p TLD that is totally decentralized and that does not rely on ICANN or any ISP's DNS service, and by having this application mimic force-encrypted bittorrent traffic, there will be a way to start combating DNS level based censoring like the new US proposals as well as those systems in use in countries around the world including China and Iran amongst others," the Dot-P2P Project page says.

The U.S. ICE's Operation In Our Sites v. 2.0 announcement yesterday is the latest move by federal officials to crack down on online sales of counterfeit sports equipment, shoes, handbags, athletic apparel, sunglasses, and illegal copies of copyrighted DVDs, music, and software. In June, the feds seized nine domains that streamed first-run movies online.

Yesterday's domain takedowns came with the help of VeriSign. "VeriSign received sealed court orders directing certain actions to be taken with respect to specific domain names, and took appropriate actions," a company spokesperson said in a statement. VeriSign declined to comment further on the case.

Among the domains seized were names like coachoutletfactory.com, louis-vuitton-outlet-store.com, nfljerseysupply.com, and dvdscollection.com. A full list of the seized domains is here (PDF).

"By seizing these domain names, we have disrupted the sale of thousands of counterfeit items, while also cutting off funds to those willing to exploit the ingenuity of others for their own personal gain," said Attorney General Eric Holder, in a statement. "Intellectual property crimes are not victimless. The theft of ideas and the sale of counterfeit goods threaten economic opportunities and financial stability, suppress innovation and destroy jobs. The Justice Department, with the help of our law enforcement partners, is changing the perception that these crimes are risk-free with enforcement actions like the one announced today."

Garth Bruen, founder of KnujOn, says there has been a general shift the past six months in cracking down on cybercrime in the U.S. "This has been a strange case since it did not happen at the registrar level -- GoDaddy, in this case -- it happened at the registry-level, with VeriSign, which handles .com," Bruen says. "This only worked probably because VeriSign is a U.S. company...Customs must have made a compelling case to VeriSign because they have been previously uncooperative in this area."

Bruen, whose organization helps track phony online pharmacies, says if ICE were to go after .com pharmacy sites in this manner, there would be tens of thousands of these domains to take over.

Meanwhile, the new Dot-P2P DNS system in the works will be free to users, but participants must demonstrate they are legitimate and own a similar domain before registering, according to a blog post on TorrentFreak. Users of the system will run an application on their system to access domains.

Veracode's Wysopal says the peer-to-peer sharing concept is obviously nothing new and could be done today. "P2P is a much better use of resources, and it's more resilient. You can transfer a file without going over the Internet backbone," he says. "Will we see other services start to move to that?"

But the real challenge, he says, is trusting the data in a shared host file as well as the sender of the file. "There would need to be some way for a person to authenticate that they were the valid owner of a domain and could give the correct information to be added to the file, " Wysopal says. "With the LostServers.com method, [for example], you are basically trusting LostServers to do the right thing. Something people don't often think about is you are trusting your ISP to give you the correct DNS information and send you to the correct site."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.