ICANN De-Accredits EstDomains for CEO's Fraud Convictions
The entity responsible for overseeing the Internet's domain name system said Tuesday that it was revoking the right of registrar EstDomains.com to process new domain names, citing the company CEO's recent conviction on cyber crime charges.
The move by the Internet Corporation for Assigned Names and Numbers (ICANN), comes less than two months after Security Fix published a report translated from Estonian into English showing that EstDomains CEO Vladimir Tsastsin (pictured at right) was convicted in February of credit card fraud, document forgery and other cyber crime charges -- and that EstDomains was a haven for cyber criminals who wanted to register Web sites that supported a range of criminal activity.
Apparently, a section of the legal contracts that all registrars must sign with ICANN states: "Thou Shalt Not Have a Cyber Crook As Your CEO."
Okay, it doesn't quite say it like that. Here's what ICANN did say, in a letter to EstDomains (pdf):
Dear Mr. Tsastsin,
Be advised that the Internet Corporation for Assigned Names and Numbers (ICANN) Registrar Accreditation Agreement (RAA) for EstDomains, Inc., is terminated. Consistent with subsection 5.3.3 of the RAA, this termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction. This termination shall be effective within fifteen calendar days from the date of this letter, on 12 November 2008.
ICANN said the 281,000 or so domain names under EstDomain's control could be transferred to an ICANN-accredited registrar as early as Nov. 6. It is currently accepting statements of interest from registrars who might be willing to take on EstDomains' former clients.
"I don't think anyone in their right mind is going to want to take on these domain names," said Chris Barton, research scientist for McAfee AVERT Labs. "A registrar would have to be either very reckless or very brazen to consider it."
Interestingly, I contacted EstDomains on Monday to inquire about a curious press release they had just published, an apparent last-ditch effort to convince regulators at ICANN that they were serious about departing from their previous ways. I guess I should have known then that they had already received notice from ICANN about the contract termination. Konstantin Poltev, the registry liaison for EstDomains, wrote back:
As you know, it all came to an end and there is no sense to discuss this once more.
You didn't wish to listen to me when you contacted us for the first time and I do really doubt that you will consider our words now.
What's done is done, your article had a significant impact. And unfortunately, it's impossible to turn back time.
I asked a couple of sources what they thought of this development, and whether it would have any lasting impact. Suresh Ramasubramanian, head of anti-spam operations at Hong Kong based Outblaze.com, sees this action as a mere speed bump for the bad guys, who won't soon make the same mistake of putting all of their criminal domains in one registrar's basket.
"While the Russkiy mob might resurrect EstDomains with a different patsy than Tsastsin, my suspicion is that they'll do something I have observed for quite a while - shift to spreading the load among a large number of dumb registrars," Ramasubramanian said. "I think there will be no further big juicy targets. No Intercage/Atrivo, no Estdomains, no recognizable entity called the Russian Business Network. These guys got cocky and were allowed to operate that way, but they can just as easily spread the load around and operate hidden in plain view."
October 29, 2008; 11:11 AM ET
Categories: Cyber Justice , Fraud , From the Bunker , Web Fraud 2.0
Save & Share: Previous: Java Update Promises to Remove Older Versions
Next: GAO: Localities Expose Social Security Numbers Online
Posted by: gbruen | October 29, 2008 12:06 PM | Report abuse
Posted by: indep2 | October 29, 2008 3:16 PM | Report abuse
Posted by: hokiealumnus | October 29, 2008 4:31 PM | Report abuse
Posted by: xabbu | October 29, 2008 11:03 PM | Report abuse
Posted by: peterpallesen | November 3, 2008 9:31 AM | Report abuse
The comments to this entry are closed.