Domain Name Stealing at Gunpoint
Posted on June 22, 2018 at 5:52 AM • 13 Comments
Posted on June 22, 2018 at 5:52 AM • 13 Comments
Do you still think that gdpr and private whois information is a super-bad thing?
you stressed everyone like "oh no the world is falling because without whois information we can't stop crime".
(don't want to be offsensive, just my bad english, can't write it better than this)
it was possible to hide whois information even before gdpr, maybe it was paid service but it was possible, or am i missing something?
i think too that it has downsides, but i see mostly positive sides having whois data protected.
Hermann • June 22, 2018 6:50 AM
The domain name was apparently doitforstate.com
JG4 • June 22, 2018 7:13 AM
I may have stopped just short of saying that gunpoints are yet another consensus algorithm. They also produce highly asymmetric trust.
Mao was not entirely correct, but he has provided a useful point for discussion.
Stonehenge Builders Used Pythagoras’ Theorem 2,000 Years Before He Was Born Tech Times
Bedrock in West Antarctica rising at surprisingly rapid rate Phys.org (Kevin W)
A Rare Look at Yemen’s War, Where Children Starve and Hospitals Are on Life-Support Intercept
Big Brother is Watching You Watch
Tech Giants Under Fire For Facial Recognition SafeHaven
Revealed: Canada uses massive US anti-terrorist database at borders Guardian
scot • June 22, 2018 7:51 AM
"Although doitforstate.com doesn’t currently return a web page, the Internet Archive’s Wayback Machine has a snapshot dating back to January 2015. The last snapshot before the website was taken down was a month after the robbery. The website described itself as serving up “College stories, College Life, College Snaps.”"
I think that "College Snaps" indicates that the website could have contained a significant amount of potential blackmail material.
Martin Diehl • June 22, 2018 8:41 AM
Another version of Rubber Hose Cryptology
Evan • June 22, 2018 9:23 AM
I think the main appeal of WHOIS is simply that it provided some measure of accountability - it's somewhat harder to do a lot of nefarious things on the net if the information about who owns or operates a domain is open for all. But, of course these days there are ways around that. Furthermore, as the Internet has consolidated into fewer and fewer companies providing platforms for content instead of content directly, essentially creating another layer of abstraction, that accountability has become less relevant. You can know who Facebook is, but you don't know who's behind a "True USA Patriots For TRUMP" group, whether it really is grassroots or run by foreign operatives or whatever. Although its loss provokes some nostalgia, the death of WHOIS is more a symptom of the changing values of the Internet than its cause.
>WHOIS simply provided some measure of accountability
yes, but now that it is not visible to anyone still does the same thing.
the only difference is that is visible only to police on specific motivated request and not just anyone.
>that accountability has become less relevant.
true... well i think that facebook runs the platform and "knows" who is behind any group: they have ip and police can ask facebook for ip, and isp for who physically own that ip. but i don't know how police work, and anyway the fact that is international slow down everything.
Petre Peter • June 22, 2018 10:51 AM
Pointing a site under gun point seems like another form of dereferencing the pointer. What's the pointer? Forget about mice pointing the way and move to the right trackpad.
Major • June 22, 2018 11:41 AM
The first thing I thought of was the faceless people who hold data of dubious accuracy about me, spreading it far and wide, and releasing key info that can be used in identity theft against me, collecting money all the while and having absolutely no accountability. They hold a gun to MY head. It's their business model.
Clive Robinson • June 22, 2018 11:46 AM
@ Bruce, Even, me,
Speaking of illegal acts with regards Domain Names, have you looked into what ICANN has been upto with regards compleatly failing despite well over two years warning to become Compliant with the GDPR?
Apparently ICANN decided that a good prevarication approach having been rejected several times by the EU is taking legal action against a subsidury of Tucows that is a Internet Register for ICANN and thus pays the supposed "non-profit" income.
The German court unsprisingly took little or no time to reject ICANN's delaying tactic as it was an obvious "hot potato" issue.
ICANN are now trying to rather dumbly "double down" on their failings basically chalenging the German judiciary to push it up to the ECJ...
All that it will take to destroy ICANN will be for one European to make a formal complaint about the ICANN Whois service, and a big fat fine will be on it's way...
Oh and if the US Gov or other entity tries to bail out ICANN that leaves ICANN open to further EU legislation that is backstopped not by fines but prison time...
ICANN by failing to take any proactive action before the GDPR deadline then trying to prevaricate subsequently have basically not just shot themselves in the foot they have also given the European courts sufficient rope to "hang'em high"...
It's no secret that the real driver behind ICANN's position over the Whois service is the data agrigators that aid the US Gov IC in it's "collect it all" policy and the worst floating scum "shysters" pretending to be legitimate IP lawyers, that send out all sorts of "shakedown" letters as a way of earning a living.
Interestingly the only arguments being made by the security researchers and journalists like Brian Krebs are identical but opposit to a subset of privacy campaigners thus actually cancel out, leaving the privacy campaigners ahead of the game.
The classic argument is "tracking down criminals", however it would be a dumb criminal that did not use either fake or stolen credentials (major method currently). Brian Krebs argues that in some small number of cases the criminals make mistakes and cross contaminate their criminal IDs with tiny fragments of their pre-criminal activities that might provide small threads that can be pulled upon. Whilst this might be true, it's the way Brian earns his living thus the fact that the bulk of the crimal usage is with stolen IDs or Domains means way way more innocent people are left very very vulnerable for his convenience. But I suspect that Brian maybe being economical with the truth, I very much doubt that the use of Whois is the only way he can track supposed criminals down, just the easiest cost/effort for him.
But as Brian has demonstrated in one of his pieces the likes of the Scientology Cult has payed people to make false applications for a few dollars such that they can run faux rehab centers that are not just dangerous (ie causing death) but push the Cult of Scientology with all the damage and debt that brings into peoples lives.
 There is an old saying about "The impossibility of persuading a man of the wrongness of his opinion, when his living depends on his being wrong".
Erasmus B Dragon • June 22, 2018 1:59 PM
You can kill or rape someone in the US and be sentenced to less than 20 years.
What an f-d up world this is.
JG4 • June 23, 2018 4:54 PM
I missed the two best pieces on the first pass:
The Billionaire Class is Not Fit to Rule – Paul Jay Real News Network. A fundraising pitch, but very good regardless. And if you are flush, TRNN is a worthy cause.
The man who was fired by a machine BBC
The story about being fired by a machine has elements of Robert DeNiro in the movie Brazil, Catch-22 and 1984 all mixed together.
We might cut to the chase and say that humans are not fit to rule other humans, which would be a libertarian viewpoint. It is clear that the machines are not yet ready, but may someday be fit for purpose.
justinacolmena • June 25, 2018 5:44 PM
someone tried to steal a domain name at gunpoint.
Nice try. Who are going to shoot for a domain name? Is it part of some grand scheme to get around all the military types at the Pentagon who control the "." at the top level of the hierarchy?
Someone might have made some sort of threat of the type we have to be oh-so-careful of in America's post-9/11 red-light district, or perhaps even pointed a firearm at someone, and a domain name may even have been involved in the dispute, but in reality, you cannot "steal" or even "rob" abstract intellectual property rights to a "domain name" at gunpoint. The lawyers are going to get in deep trouble with the bar on this one.
20 years in jail
Outrageous, far out of proportion, cruel, and unusual, unless someone was actually shot and seriously hurt or killed. The attorneys on both sides of this case as well as the judge are definitely in trouble with the bar on this one.
At most, "brandishing" a firearm, if it even went that far. A misdemeanor at most.
Can someone just grab these lawyers by the knot of their necktie, shake them until their heads are flopping loose, hold them up to the wall, and talk some sense into them? Even that wouldn't be enough to get you 20 years in the slammer.
The Mob took over the D.O.J.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.