The net’s authority over domain names is set to pull the plug on an Estonia-based seller of domain names that security researchers say has been a refuge for cyber-criminals for years.
ICANN told the EstDomains on Tuesday that it was revoking its accreditation since it learned the company’s president Vladimir Tsastin had been convicted in February in Estonia for online credit card fraud and money laundering.
The Tuesday notice (.pdf) said that ICANN, which controls the distribution of the net’s names and IP addresses, was immediately freezing EstDomain’s ability to register new domain names and looking to find stewards for the 281,000 domain names that EstDomains manages.
ICANN put the action on hold on Wednesday, however, to investigate EstDomain’s immediate appeal, which claimed that it had changed its CEO months ago without telling anyone.
Security experts have long accused EstDomains of being too friendly with online criminals, including the ultra-professional Russian Business Network.
In a recent blog post, F-Secure’s Mikko Hypponen says he first learned of EstDomains when researching a particularly damaging attack in 2005, and its association with malicious sites never stopped.
“Since then, tens of thousands of malicious domains have been registered with EstDomains,” Hypponen wrote. “These include drive-by-download sites, botnet command-and-control servers, spammed domains and so on.”
EstDomains quickly responded to ICANN (.pdf) that it had already removed Tsastin as CEO on June 25, but had simply failed to tell ICANN. In fact, according to Konstontin Poltev — the new CEO — it had decided to remove him as president before the conviction, but did not due to “some judicial aspects.”
Poltev said it didn’t tell ICANN about the change since it didn’t see it in their contract. Moreover, Tsastin is appealing his “unjust” conviction to the Supreme Court and in Estonia, that means the previous verdict is canceled until a ruling is made.
Even if those claims are true, Trend Micro researcher Paul Ferguson hopes ICANN finds some technicality to revoke EstDomains’s accreditation — comparing it to the Treasury Department busting 1920s gangster Al Capone for tax evasion.
“I personally hope ICANN finds some reason to terminate their accreditation, even if it is a Breach of Contract for failure to correct bogus WHOIS information, as they did with Joker,” Ferguson said, referring to ICANN’s decision in September to revoke the license of a Chinese domain name company that allowed fake information to be used to register domain names. “There has been demonstrable evidence for several years that Russian and Ukrainian criminals have used EstDomains services — and even preferred to use them — and I am hard-pressed to believe that EstDomains did not have explicit knowledge of their operations.”
“The notification about the change of the EstDomains, Inc. Director has not been sent to ICANN as we have not found this point to be obligatory for the registrar company,” Poltev wrote (.pdf). The letter includes a resignation and nomination documents for Tsastin and Poltev that are signed only by themselves.
News of Tsastin’s conviction came to ICANN’s attention through the Washington Post‘s Brian Krebs, who focused on EstDomains as part of a series of investigations into the net’s most notorious web hosters and name sellers.
Attempts to reach EstDomiains by phone, email and its online support system were unsuccessful.
Related Posts: On this day...
- Circusleaks: Docs show cruelty to elephants at Ringling Bros - 2011
- Bon-Aire Ultimate Hose Nozzle - 2010
- Happy Halloween - 2009
- Accept credit card payments from your iPhone - 2008
- You don't really own the stocks and bonds you think you own - 2008
- Gmail Labs Adds Text Messaging Feature... KTHXBAI. - 2008
- Recovering Windows passwords with Linux - 2007