DNS - Russia Decides to Do Something about DNS Crime

Russia has decided it’s in its best interests to tighten up its domain name registration policies, in a move The Frontline warns “could spell bad news for DNS scammers and cyber criminals operating in the region.”

Reading between the lines there is the tacit admission that there’s a whole lot of scammin’ and spammin’ being winked at in Russia today.

Indeed. As The Register (News - Alert) reports, “according to many in computer security and US law enforcement circles, Russia is a haven for cybercrooks because it is so hard to bring criminal charges in that country. As a result, spammers, malware scammers and other online criminals often operate with near impunity there.”

Starting from 1 April, Frontline says, “.ru registry the Coordination Center has decided that registrants must be verified according to a strict criteria before their registrations can be processed.”

Strict indeed – you’ll have to, at least according to the written policy, show a copy of your passport, while businesses wanting to register a .ru “must show a copy of the certificate that shows state registration issued by the state authority.”

Gone are the wild, freewheeling days when anyone could register a .ru domain without verification. Russian officials pronounce themselves surprised to find that this hands-off policy led to exploitation by cyber criminals, “using their fake domains to send spam or control botnets,” Frontline says.

No doubt they’re shocked, shocked to find hanky-panky going on here (“Your winnings from last night, sir.”)

It might be that other entities have let Russia know if they don’t start policing their own back yard, somebody might find ways to retaliate. “The move comes as Russia's FSB internal security service arrested three men suspected of orchestrating a $9 million cyber-raid on RBS WorldPay that involved cloned payroll cards. The audacious hack allegedly involved taking the money from an estimated 2,100 cash machines in 280 cities worldwide during a 12-hour cash-out operation,” The Register said.

Russia’s Serious and Organized Crime Agency said DNS abuse “lies at the heart of” many of the problems it has to deal with, according to Frontline, adding that “nearly 30 million domain names exist today with untraceable registrations.”