Thursday, January 25, 2007

How to kill an Internet Domain

Yesterday in a posting to the nmap-hackers mailing list, Fyodor described a very chilling attack against his domain. This wasn't a technical attack, it didn't require any special software or programming knowledge. All it took was that you have a name behind you to bully somebody else.

I woke up yesterday morning to find a voice message from my domain registrar (GoDaddy) saying they were suspending the domain One minute later I received an email saying that has "been suspended for violation of the Abuse Policy". And also "if the domain name(s) listed above are private, your Domains By Proxy(R) account has also been suspended." WTF??! Neither the email nor voicemail gave a phone number to reach them at, nor did they feel it was worth the effort to explain what the supposed violation was. They changed my domain nameserver to "NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM". Cute, eh?

What could possibly cause such a response? The storage of the public mailing list (Full Disclosure) for all to see via HTTP or RSS-feeds.

A user on 01/15/07 posted a long text file of phished Myspace accounts which included e-mail addresses and passwords. This kind of data is often traded in underground circles, usually free porn logins, but rarely do we see these things so brightly displayed for all to see and archive.

Full Disclosure is freely open to all. It's supposed to be that way for a multitude of reasons. Unfortunately this means child-minded individuals sometimes feel it's their duty to troll. Fyodor recently has been the receiver of DMCA requests from the infamous Michael Crook to remove posts from, claiming to hold the copyright of a picture of a penis posted by previously mentioned trolls.

Because Michael Crook is not the Fox Corporation he couldn't sufficiently bully a domain provider into closing down a domain and potentially all other registered domains. Lucky for all of us.

Something is seriously wrong here. Are we so afraid that we shoot first and ask questions later? This isn't DMCA here, this is simple bullying and hiding behind "Terms of Service" wording. I think Fyodor has a strong legal case against GoDaddy and Fox for this action but since he charges no money it might be difficult to show any damages. Of course I'm no lawyer and live in Berkeley so take it as you will.. :)

There have been other cases, mostly against 'whistleblower' sites and blogs, of strong-arm tactics being used against somebody who can't fight back. Scientology and the Internet have a very rocky history for example. Had Fox simply sent an e-mail to Fyodor he would have probably removed it or heavily modified it to be of no use. I'm just guessing here.

The cat is out of the bag on the list anyways (like OTIII already is). Mailing lists like Full Disclosure are sent to thousands of e-mail addresses so the good and the bad already have this information. By publicly posting the list the phishers have invalidated those accounts and brought to the public just how easy and troublesome phishing truly is. It's easy to find yourself caught because if it's done well you'll never know it happened.