The DNS is a naming system for resources, such as personal computers or other devices, that connect to the internet via the World Wide Web. It coordinates internet addresses and domain names—the two kinds of unique identifiers that make internet connection possible. The study was funded by the auDA Foundation, which was established by the .au Domain Administration (auDA), the policy authority and industry self-regulatory body for the .au domain space in Australia. The aim was to support the objective of the Foundation by ‘promoting and encouraging educational and research activities that will enhance the utility of the Internet for the benefit of the Australian community’ (auDA Foundation 2015).
Public source, non-technical literature was comprehensively reviewed to identify instances of DNS misuse, the risks that led to the commission of these instances, and the crime prevention and regulatory measures available to address the problem. The study was particularly focused on exploring existing legal and criminological frameworks that could be used to conceptualise the problem of DNS misuse and provide a framework for developing effective control strategies.
The literature review was international and examined English-language resources including academic sources, legal databases and relevant policy documents. The review primarily focused on the risks of misuse of the DNS from an Australian perspective although, due to the global nature of the internet, all legitimate users would benefit in many ways from a more secure and trusted domain name system, both as domain name owners and consumers.
The results address current identified risks, but they could also inform further and more detailed cross-disciplinary research into the nature of the problem and appropriate solutions. The research was not intended to be an overly technical examination of the problem and does not address the architectural or programming features of particular examples of misuse. Rather, it explores the issue from a policy perspective that will be beneficial in devising appropriate legal and policy responses.
The research looks at the connections that exist between various forms of misuse and DNS governance. The discussion explores the internet as a network of networks based on an addressing system known as the Internet Protocol (IPv4 and IPv6), which creates IP addresses for resources within the DNS and is focused on what might be called the ‘open web’ or the World Wide Web (the public internet) most users commonly access when using the DNS. Resources which are accessed via the public internet, but located behind a barrier such as a paywall or an account login for hosted services, are included in the research. These hosted resources are from the DNS core and so are not directly subject to DNS regulation, but rather are immediately subject to any regulation the host imposes or any conditions imposed on the hosting service. Regulation at the level of a hosting service varies, and debate about whether service providers are responsible for the online activities of those who use their services continues. The report deals briefly with resources that are essentially invisible to or hidden from the open internet, or that cannot be accessed directly from the public internet. While these parts of the internet present the majority of regulatory challenges and are of significant concern for law enforcement, they are not analysed in detail in this report as they are too far removed from the limited scope of regulation through the operation and governance of the DNS.
These questions formed the basis of the current research.
• What is the DNS and how does it operate within the framework of internet governance?
• How has the DNS been misused for criminal purposes?
• What is known about perpetrators of DNS misuse? That is: –– What are their motivations and what benefits did they obtain? –– What are their countries of origin? –– Do they operate alone or with others? –– Why did they select the targeted domain name? –– How have instances of DNS misuse been dealt with and what were the outcomes of any investigations?
• What crime prevention strategies do domain name owners, DNS server owners and registrars currently use to prevent DNS misuse?
• What other crime reduction strategies could be implemented to prevent misuse of the DNS?
This section explains the internet’s development and operation and reviews the environment in which criminal misuse of the DNS has emerged. It explains the internet’s infrastructure and discusses the operation and governance of the DNS, highlights weaknesses in the regulatory framework that increase the potential for misuse, and identifies the strengths that may help prevent misuse. The internet’s nature and its governance structures result in weak regulatory responses to misuse of the DNS.
Criminal misuse of the DNS
This section explores criminal misuse of the DNS by firstly considering illegal acts that do not amount to cybercrime offences, including property offences like the theft of hardware and domain names, and, secondly, misuse that falls within the general classification of cybercrime. It presents a tentative analytical model that relates forms of misuse to particular aspects of the DNS, namely to:
• the DNS architecture;
• domain names (or domains);
• domains as virtual spaces; and
• other layers at some remove from the DNS.
This model helps to explain misuse occurring within the architecture of the internet (software engineering) as well as misuse facilitated through human interaction (social engineering). The section then examines opportunities for misuse in terms of the DNS’ primary purpose, which is to overcome restrictions created by the internal architecture of the early internet. This misuse concerns how machines use internet addressing to make connections between resources. Misuse through software engineering is further classified according to whether the DNS is itself the target of misuse or is used to facilitate other offending; facilitating other offending may involve misusing the DNS as a mechanism to do harm, a vector to transmit harm or a platform from which to commit harm.
The outward appearance and presentation of internet for human users is then considered. A division can be drawn between misuse intended to manipulate machines through software engineering and misuse intended to manipulate people through social engineering. To distinguish between abuses of the DNS and abuses that exploit applications layered above the DNS, DNS misuse may also be categorised according to the architecture of the internet. This helps identify who could potentially prevent misuse and potential points for regulatory intervention.
Perpetrators of misuse
The many and varied forms of DNS misuse identified in this study make it difficult to describe a typical offender or criminal justice response, particularly given the absence of criminological research in this area. The limited research so far conducted has found a high incidence of organised crime activity. This often involves loose groups of people, usually young men with limited technical abilities who rely on online guidance. Perpetrator profiles also differ according to the extent of the perpetrator’s involvement in the darkweb. There is limited evidence to indicate where those misusing the DNS are located.
Legal responses to DNS misuse
Although some instances of misuse can be addressed through the criminal justice system, there are many impediments to harnessing the criminal courts as a regulatory response. Few conventional crime categories are relevant apart from, arguably, some property crime offices such as theft of domain names, or the criminal infringement of intellectual property rights. Of greater relevance are specific offences created under cybercrime legislation that governs unauthorised access to networks, data interference and acts of online dishonesty associated with domain name misuse. There are also criminal offences arising from social engineering, including identity misuse, misleading and deceptive conduct, and fraud. To date, these have not been used due to problems of evidence and proof, jurisdiction, and the limits of law enforcement resources in identifying suspects, seeking mutual legal assistance and mounting prosecutions. Over time, as the jurisprudence of DNS criminality develops, criminal proceedings may be more successful. Whether this would deter criminals from committing DNS crime remains conjectural.
In addition to criminal justice responses to DNS misuse, there are a number of avenues for redress through the use of the civil laws relating to obligations and intellectual property. ‘Webjacking’, and disputes about the registration of domain names that could lead to legal action about ‘cybersquatting’ or ‘domain name squatting’, can be resolved by taking action under the Uniform Domain-Name Dispute-Resolution Policy (UDRP) adopted by domain name registrars. In appropriate cases of infringement of contractual rights or intellectual property related to registered names, where economic loss can be quantified and proved, civil action can be taken in relation. Where business interests are at stake, injunctive relief can also be useful.
Preventing misuse of the DNS
A number of environmental crime prevention strategies could be used to reduce the harms associated with DNS misuse, including routine activities theory, crime pattern theory and rational choice theory. Crime prevention is considered by reference to various regulatory touchpoints within DNS regulation. Importantly, these regulatory touchpoints often lie outside the scope of national laws, which creates opportunities for exploiting regulatory weaknesses for criminal purposes. Some strategies to reduce the risk of DNS abuse include:
• enhancing identification checks when registering domain names;
• using Domain Name System Security Extensions;
• making DNS abuse less profitable by coordinating reporting mechanisms and controlling online profit centres;
• neutralising offender rationalisations; and
• improving user education on the risks of DNS misuse.
The DNS is fundamental to the functioning of the internet, and its potential for misuse is one of the most important legal and regulatory challenges facing internet governance in the years ahead. A failure of the DNS would impede machine-to-machine communication, and make it difficult for users to navigate the internet.
However, the capacity to regulate possible misuse of the DNS is limited. While the DNS requires centralised authority, no single global entity is responsible for the regulation of all its aspects. This is because regulation of the DNS, like other aspects of the internet, occurs under a multistakeholder model of governance and a distributed administration model. It is also a result of the fact that much of what happens on the internet is beyond the jurisdictional reach of the criminal law of individual nations.
Nonetheless, regulating DNS registration and addressing the security weaknesses of internet architecture would provide some limited means of controlling the environment to prevent criminal misuse of the DNS and the internet. Although there will always be a place for criminal justice responses to internet abuse, in the global regulatory environment in which the DNS operates prosecution of DNS misuse will be difficult, and is likely to be reserved for the most serious and obvious infringements. As with other online crime, enacting a uniform set of policies to prevent misuse before it arises is likely to be the most effective strategy.The 2018 WIPO report on cybersquatting indicates that banking and finance (12% of all cases), fashion, 'internet and IT' account for around one-third of all cybersquatting disputes handled by WIPO’s Arbitration and Mediation Center in 2017. Trade mark owners filed 3,074 cases under the Uniform Domain Name Dispute Resolution Policy (UDRP). Cybersquatting disputes relating to new generic Top-Level Domains (New gTLDs) accounted for more than 12% of WIPO’s 2017 caseload (some 6,370 domain names.) with registrations in the .STORE, .SITE, and .ONLINE new gTLDs,the most-commonly disputed.
WIPO Director General Francis Gurry states
By abusing trademarks in the Domain Name System, cybersquatting undermines legitimate commerce and harms consumers. This is true especially where squatters use domain names to offer counterfeit goods or for phishing, as is seen in numerous WIPO cases. The availability of the highly effective UDRP procedure is an indispensable support for the credibility of commerce on the Internet and for protection against fraudulent practices.The US (with 920 cases filed in 2017) remained the country where most WIPO UDRP cases originated, followed by France (462), the UK (276), Germany (222) and Switzerland (143). Complainants asserted fraud, phishing or scam in almost one-third of banking and finance-related decided cases filed in 2017.
WIPO notes that Philip Morris leads the list of filers with 91 cases, followed by Michelin, Electrolux, Andrey Ternovskiy (Chatroulette), Sanofi, Zions Bank, Carrefour, Virgin, Accor, BASF and LEGO.