What’s in a (domain) name? For generic TLD hackers, a lot
By Byron Acohido, ThirdCertainty
For most of its existence the Internet was limited to no more than 20 or so top-level domains, or TLDs, including .com and .org., as well as national TLDs, like .ca for Canada and .ru for Russia.
Today, thanks to a 2013 rule change, there are 635 so-called generic top-level domains, or gTLDs. This new tier of the Internet represents fertile ground for folks to register new websites appended to .eat, .bike, .love and many other cool terms.
ICANN, the group that oversees Internet standards, introduced gTLDs hoping to alleviate pressure on .com. The degree to which that’s been accomplished is debatable.
Free IDT911 white paper: Breach, Privacy and Cyber Coverages: Fact and Fiction
But what is clear—and what should come as no surprise—is that cyber criminals are moving to take advantage, as shown by research from network security firm Blue Coat.
Blue Coat researcher Chris Larsen has examined website traffic flowing in and out of the networks of Blue Coat’s clients, keeping close tabs on the new gTLDs.
Larsen discovered a pattern of websites attached to legit-sounding gTLDs that are being used to conduct activities that are shady at best, malicious at worse.
New tool for cyber criminals
For instance, Larsen has discovered numerous websites using the .science and .work gTLDs that are set up primarily to broadcast spam and help carry out social engineering scams.
“It’s clear that there is nobody on guard at the shack for these gTLDs,” Larsen told ThirdCertainty.
Anyone theoretically can propose a new, generic TLD, but gaining approval from ICANN isn’t cheap or easy. The application fees are steep and the approval process lengthy. Google, for instance, reportedly spent nearly $2 million to submit 101 TLD names last year and gain control of .android and .youtube, among many others.
Google presumably wants to keep squatters away from gTLDs associated with its flagship products. But other gTLD investors may simply want to make a return on their investment by selling website domains to whoever wants to pay a fee determined by market forces, Larsen says.
The number of gTLDs is expected to steadily increase for a while more, as ICANN has received a total of 1930 applications, of which just 630 have been approved.
“It’s an expensive process to apply for and to be granted one of these gTLDs,” Larsen says. “There appear to be people with dollar signs in their eyes thinking, ‘Hey, we can set up this cool generic TLD, and then we’ll get lots of people registering domains here, then we’ll make back our investment.”
Will new gTLDs be used or abused?
The risk question for consumers and businesses is this: Will mostly legitimate organizations and businesses populate gTLD websites; or will gTLDs become infested with websites operated by spammers and hackers?
The latter represent two powerful forces that can clearly make profitable use of additional tiers of domain names in support of pitching questionable products, spreading PC infections, and ramping up identity theft and online scams
Spammers and hackers are in constant need of fresh websites because Google and the tech security vendors are continually and intensively seeking out and blacklisting websites associated with malicious activity.
“The bad guys have to have new domains to support the next spam run,” Larsen notes. “So they keep refreshing their supply of websites and domains to use in their attacks.”