British police remove drop from ocean.

British law enforcement today completed a project dubbed Operation Papworth, aimed at reducing the exposure of the British online shopping public to fraudulent websites in the run up to Christmas. The Metropolitan Police Central e-Crime Unit have been widely reported in the media as “shutting down” or “taking down” more than 1200 websites peddling fraudulent designer goods such as Ugg boots, ghd hair straighteners and Tiffany jewellery at temptingly low prices. I’m sure in many cases you’ve seen the “tempting” spam for yourselves.

 

The sites were registered with .co.uk domain names so as to appear more credible and attractive to UK based buyers, even though in many cases both the sites and the domain registrations themselves were outside the UK. Obviously people tempted into buying from these shops risked not only receiving sub-standard goods with no chance of recompense, but also having their financial details or identities stolen, abused and/or traded on the underground economy. So before I go on, let me make it clear that despite my reservations about its effectiveness, I applaud and support this initiative by UK law enforcement (I’m sure they’ll be relieved to hear that).

 

But (and you knew there was going to be a “but”) this represents at best a stopgap measure and at worst a simple waste of time. The root cause remains unaddressed and I fully expect these same sites to reappear under different names in the very near future. The sites themselves have not been “taken down” at all as far as I can tell. What has happened is that Nominet, the body responsible for the .uk top-level domain has simply broken the link between the domain name and the server the site is based on. What does that mean? It means when you type www.globalugg.co.uk into your browser it doesn’t go anywhere anymore.

 

If it was your criminal operation, what would you do? You’d register another domain name of course!

 

Here are the current details for a dodgy looking site, notice the Registration status is SUSPENDED, perhaps this was one of those 1200 sites.

WHOIS query for globalugg.co.uk

WHOIS query for globalugg.co.uk

 

 

There are a few other interesting bits to this registration though, look at the Registrant’s address, how can they be a “UK individual”? Notice too that the domain was not even registered in the UK, the Registrar is eNom Inc. a (totally legitimate) US-based registrar. The Name servers responsible for this domain belong to US Web Hosting, another totally above board US provider. So we have a scammer with a Chinese address, registering a .co.uk domain with an American registrar and hosting their server with another US outfit.

 

To bring my whole scam back to life all I have to do is register a new domain and point it to the same server as before, maybe just for variety’s sake this time with a Ukrainian registrar, just like this:

Domain availability through Ukranian Registrar Imena

Domain availability through Ukranian Registrar Imena

 

 

And that is the real issue, far too many DNS domains, including .co.uk and those of many other countries, are operated as “open” domains and in the words of Nominet:

We do not impose restrictions on your status as applicant for the registration of a Domain Name in the following SLDs (“Open SLDs”):

   1. 4.4.1 .co.uk; or

   2. 4.4.2 .org.uk.

In the SLD Charter of the SLD Rules for the Open SLDs we do set out certain intentions regarding the class of applicant or use of registrations of the Domain Name which we assume you will comply with when applying for a registration of a Domain Name within an Open SLD. However, we do not forbid applications, and will take no action in respect of registrations that do not comply with the SLD Charters

 

Until regulation is tightened and international cooperation is improved then well-intentioned initiatives like Operation Papworth will be um, micturating in the tempest.

7 thoughts on “British police remove drop from ocean.

  1. Pingback: 你累了嗎?狂歡後,眼睛疲勞,小心按錯鍵,電腦成犯罪集團操​縱的傀儡電腦 | 雲端防毒是趨勢

  2. Pingback: 聖誕網路購物,按錯一個鍵,電腦成殭屍網路一員 | 雲端防毒是趨勢

  3. Pingback: 聖誕網路購物,按錯一個鍵,購物網成殭屍網 | 雲端防毒是趨勢

  4. Pingback: ‘tis the season to be squatting — Get Safe Online (The Blog)

  5. Domain Registrations

    I think that it is possible that these same sites to reappear under different names in the very near future

    Reply
  6. Pingback: British police remove drop from ocean. » CounterMeasures « Jared Rimer’s Technology blog and podcast

  7. Anonymous Hero

    Whack-a-mole at it’s finest..a search for “Cheap Ugg boots” shows that the top 10 sites have been suspended. Google will update it’s rankings and more domain names selling imitations will bubble to the top….and repeat…

    I just hope this isn’t meant to be used as evidence that the Digital Britain Bill (being discussed in the British courts) as being ‘needed’

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>