Abstract

Abstract: I’ve recently completed a major study of the ‘whois’ contact details for domain names used in malicious or harmful Internet activities. ICANN wanted to know if a significant percentage of these domain registrations used a privacy or proxy services to obscure the perpetrator’s identity ? No surprises in our results: Yes!

What was perhaps surprising was that quite a significant percentage of domains used for lawful and harmless activities ALSO used privacy and proxy services.

But the real distinction is that when domains are maliciously registered, then contact details are hidden in a range of different ways so that 9 out 10 of these registrants are a priori uncontactable – whereas the uncontactable rate varies between a quarter and at most two- thirds for the non-malicious registrations.

This talk discusses how these results were obtained and what their implications are for the future of the whois system. It also gives some technical insight into the innovative design of whois parsing tool that has enabled some extremely variable reporting formats to be handled, at substantial scale, in an automated manner.

Bio: Richard Clayton came back to Cambridge in 2000 to study for a PhD on ‘Anonymity and Traceability in Cyberspace’. Since getting his degree he has stayed on as an academic PostDoc “because it’s more fun than working”. The main focus of his research is on cybercrime, and particularly on ‘phishing’. The ICANN project described in this talk was done during his recently completed three year collaboration with the National Physical Laboratory (NPL) on the EPSRC funded project “Internet Security”.