Network News

X My Profile
View More Activity

ICANN De-Accredits EstDomains for CEO's Fraud Convictions

The entity responsible for overseeing the Internet's domain name system said Tuesday that it was revoking the right of registrar to process new domain names, citing the company CEO's recent conviction on cyber crime charges.


The move by the Internet Corporation for Assigned Names and Numbers (ICANN), comes less than two months after Security Fix published a report translated from Estonian into English showing that EstDomains CEO Vladimir Tsastsin (pictured at right) was convicted in February of credit card fraud, document forgery and other cyber crime charges -- and that EstDomains was a haven for cyber criminals who wanted to register Web sites that supported a range of criminal activity.

Apparently, a section of the legal contracts that all registrars must sign with ICANN states: "Thou Shalt Not Have a Cyber Crook As Your CEO."

Okay, it doesn't quite say it like that. Here's what ICANN did say, in a letter to EstDomains (pdf):

Dear Mr. Tsastsin,

Be advised that the Internet Corporation for Assigned Names and Numbers (ICANN) Registrar Accreditation Agreement (RAA) for EstDomains, Inc., is terminated. Consistent with subsection 5.3.3 of the RAA, this termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction. This termination shall be effective within fifteen calendar days from the date of this letter, on 12 November 2008.

ICANN said the 281,000 or so domain names under EstDomain's control could be transferred to an ICANN-accredited registrar as early as Nov. 6. It is currently accepting statements of interest from registrars who might be willing to take on EstDomains' former clients.

"I don't think anyone in their right mind is going to want to take on these domain names," said Chris Barton, research scientist for McAfee AVERT Labs. "A registrar would have to be either very reckless or very brazen to consider it."

Kudos to ICANN, and to others -- particularly and Knujon -- who contributed to shining a light on EstDomains' storied history and practices.

Interestingly, I contacted EstDomains on Monday to inquire about a curious press release they had just published, an apparent last-ditch effort to convince regulators at ICANN that they were serious about departing from their previous ways. I guess I should have known then that they had already received notice from ICANN about the contract termination. Konstantin Poltev, the registry liaison for EstDomains, wrote back:

As you know, it all came to an end and there is no sense to discuss this once more.

You didn't wish to listen to me when you contacted us for the first time and I do really doubt that you will consider our words now.

What's done is done, your article had a significant impact. And unfortunately, it's impossible to turn back time.

I asked a couple of sources what they thought of this development, and whether it would have any lasting impact. Suresh Ramasubramanian, head of anti-spam operations at Hong Kong based, sees this action as a mere speed bump for the bad guys, who won't soon make the same mistake of putting all of their criminal domains in one registrar's basket.

"While the Russkiy mob might resurrect EstDomains with a different patsy than Tsastsin, my suspicion is that they'll do something I have observed for quite a while - shift to spreading the load among a large number of dumb registrars," Ramasubramanian said. "I think there will be no further big juicy targets. No Intercage/Atrivo, no Estdomains, no recognizable entity called the Russian Business Network. These guys got cocky and were allowed to operate that way, but they can just as easily spread the load around and operate hidden in plain view."

By Brian Krebs  |  October 29, 2008; 11:11 AM ET
Categories:  Cyber Justice , Fraud , From the Bunker , Web Fraud 2.0  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Java Update Promises to Remove Older Versions
Next: GAO: Localities Expose Social Security Numbers Online


The Internet is only "lawless" if we allow it to be. There are rules, laws, and policy that govern cyberspace. Every consumer should know they do not have to tolerate spam, fraud, and counterfeit product distribution. You can demand a better Internet.

Brian Krebs has done some of the best research in this area. SecurityFix is just that, an unparalleled service for the community at-large.

HostExploit's spotlight on the dark corners of the 'net goes places where those actually charged with the task refuse to for whatever reason.

Keep in mind who drove this: journalists and researchers not connected to big security companies or well-funded projects. As for KnujOn, our information was derived from millions of junk email messages submitted by the public, the same long-suffering public largely ignored in their pleas to stop spam and electronic abuse. We've been fighting for the unrepresented Internet user and will continue to do so.

Thanks, Garth Bruen, CEO

Posted by: gbruen | October 29, 2008 12:06 PM | Report abuse

Mr. Bruen,

I agree with you to an extent, but having to deal with this type of traffic on a daily basis, knowing where its coming from and actually getting a foreign country to act is an ordeal in and of itself.

Until a global agreement is made for all that plug into the net or until infrastructure on our shores can stop things dead in their tracks as WE deem it, there will be no way to even slow it down once they get going in force again ;)

Posted by: indep2 | October 29, 2008 3:16 PM | Report abuse

Excellent work Brian. It must be gratifying to see your work actually doing some good. Thanks for your efforts...keep it up!

Posted by: hokiealumnus | October 29, 2008 4:31 PM | Report abuse

As Mr Poltev said, "..your article had a significant impact".

Who's next? Keep it up. Kudos to you, sir!

Posted by: xabbu | October 29, 2008 11:03 PM | Report abuse

Well, I'll be darned. ICANN is really an "I-Can" outfit, thanks in no little part to your work, Brian!

Posted by: peterpallesen | November 3, 2008 9:31 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company