Security firm KnujOn (backwards for No Junk, reflecting the small outfit’s anti-spam roots) has a new report out this morning, pointing a finger at website registrars for facilitating a wide range of internet crime.
My story in today’s FT centres on the case KnujOn makes against eNom, the No. 2 seller of domain names and a profitable unit of Demand Media, which would probably prefer that any stink wait until after its anticipated IPO.
But the bigger picture is more important.
ENom comes under fire for allegedly handling domain services for about 4,000 rogue pharmacies, which illegally ship drugs, many of them bogus, to US residents without prescriptions. The company insists on court orders before disconnecting such clients, and those are hard to obtain because the websites in question are overseas and often aren’t violating the laws where they are based.
ENom has attracted other complaints about its customers as well. StopBadware had accumulated reports on 7,200 malicious sites on the eNom network as of last week, up from under 4,000 a year ago. That makes it the seventh-worst in the world in raw numbers, though better than top registar GoDaddy.
ENom and some other registars have eschewed taking a more proactive policing role, which would cost them paying customers and soak up employees’ time. And ICANN, which begins meeting today in Brussels, has acted against only a tiny number of small registrars, not powerhouses like eNom, for tolerating criminality.
The real problem is that security experts and law enforcement have little else they can try. Criminals have their own internet service providers and hosting companies, which only occasionally get shut down. Arrests are almost unheard of.
The weak link is their use of bigger service providers with mainly legitimate customers. Once in a while, solid research and the threat of bad publicity and peer disapproval can prompt some corrective action, as it has with GoDaddy, which is now cooperating with the fight against faux-Canadian pharmacies and other miscreants.
It’s not going to make crime go away, but it’s something. One has to wonder, though: if Demand Media doesn’t feel like making changes even ahead of an IPO, what exactly would it take to get the message through?
