Last week, Krebs on Security reported on how 50% of online pharmacies’ domains are registered on only two different registrars – Internet.bs (what a curious name) and Ukranian Names.  Internet registrar watchdog Knujon also released a report about it’s listings of bad registrars.

I went through the report and checked it out and the section I’m drawn to is the “Where are they now” section.  For registrars they named and shamed in 2008 and 2009, have they cleaned up their act?  Below is a list of ones that have:

  1. Xinnet Bei Gong Da Software (2008 & 2009)
  2. BEIJING Networks (2008)
  3. Todaynic (2008)
  4. Network Solutions (2009)
  5. PDR/Directi (2008)
  6. Register.com (2009)
  7. PLANETONLINE (2009)
  8. Wild West/Godaddy (2008)
  9. HICHINA Web Solutions (2009) – Abuse rates have stabilized and dropped.

This goes to show you that if you are a bad registrar, you can clean up your act. 

Numbers 1, 2 and 9 on this list are all Chinese registrars (or at least have China in their names).  A couple of years ago, the Chinese government started reviewing all domain registrations manually and required people to fill out application forms by hand.  That caused abuse of the *.cn domain to plummet almost overnight.

Thus, there are two ways to clean up – do it voluntarily through technology or have government dictate something inefficient but effective.

Why don’t bad registrars clean up their act? I can think of a couple of reasons:

  1. Ignorance

    Some registrars are new to the business and don’t have anti-abuse expertise. But once they find out that spammers are abusing their services, they take steps to clamp down.

  2. Money

    Other registrars don’t care that they are spamming. In fact, they are fully aware of it and get money from it. Says Internet.bs president Marco Rinaudo (quoting from Krebs):

    >>>>
  3. Reached via phone at his home in Panama, Rinaudo said he was under no obligation to police whether his customers’ business may be in violation of some other nation’s laws, absent clear and convincing evidence that his registrants were operating illegally from their own country.

    “Even though I understand they could bother some pharmacy lobby, if an industry likes us, what’s the problem with an online pharmacy, as long as they are operating legally from their own country?” Rinaudo asked. “We cannot accept pressure to shut down a legitimate business just because it is not pleasing to some political lobbying group. We and I personally make sure that all the domains that are in breach of an applicable law and for which we receive a complete report, will be acted on the same day.”
    <<<<

    You can read a bit more of Rinaudo’s response, but he never directly addresses the question that he is registering spamming pharmaceutical operations. Knowing what I know about deception (one of my interests is in reading body language and detecting deception), the evading a question like this is one of the signs of a liar. For example, let’s say that there’s an empty cookie jar on the counter and you ask me “Did you eat this cookie?” even though I wasn’t supposed to.

    I reply “Why would you ask such a thing? I know it’s wrong!”

    The implication is that I didn’t do it, but I never explicitly said no. People who lie do this all the time. Based upon this, I’m pretty sure Internet.bs knows what they are doing and they’re in it for the money.


Another registrar that has not cleaned up its acts is eNom.  A few months ago, I knew that eNom had been bad but didn’t if they still were.  According to Knujok, they “continues to be a major abusive Registrar and haven for illicit pharmacies.”

Even more interesting is that they are located close to where I live and work!  According to the report, below are the addresses of eNom:


Purported Location: 15801 NE 24th St Bellevue WA 98008
Alternate Location: 5808 Lake Washington Blvd, Ste 300, Kirkland, WA 98033

Isn’t it weird that the purported location of eNom is just down the street from Microsoft (1 Microsoft Way)?  According to Bing Maps, it’s less than a mile away from the head office:

image

 

What about their alternate location?  The area is a nice part of time, kind of upscale.  Below is a screenshot from Google Maps:

image

image

I can see you!

Good research from Knujon.