Cybersecurity

ICANN Terminates EstDomains for CEO's Fraud Convictions

EstDomains logoICANN has revoked EstDomains’ right to register domain names, citing the CEO’s recent conviction on cybercrime charges for the reason for the decision. The Washington Post has been pushing this case in recent months and in an article announcing the decision by ICANN notes the move “comes less than two months after Security Fix published a report translated from Estonian into English showing that EstDomains CEO Vladimir Tsastsin was convicted in February of credit card fraud, document forgery and other cyber crime charges — and that EstDomains was a haven for cyber criminals who wanted to register Web sites that supported a range of criminal activity.”
“I don’t think anyone in their right mind is going to want to take on these domain names,” Chris Barton, research scientist for McAfee AVERT Labs told The Post. “A registrar would have to be either very reckless or very brazen to consider it.”
“Kudos to ICANN, and to others — particularly HostExploit.com and Knujon — who contributed to shining a light on EstDomains’ storied history and practices,” says The Washington Post.
ICANN terminated EstDomains’ agreement sayng that pursuant to Section 5.3 of the Registrar Accreditation Agreement (RAA), ICANN may terminate the RAA before its expiration when, “Any officer or director of [a] Registrar is convicted or a felony or of a misdemeanour related to financial activities, or is adjudged by a court to have committed fraud or breach of fiduciary duty, or is the subject of judicial determination that ICANN deems as the substantive equivalent of any of these; provided such officer or director is not removed in such circumstances.”
There are approximately 281,000 domain names registered by EstDomains, and ICANN “will take all reasonable measures to protect the interests of registrants during the stay period and the subsequent termination process that may follow.”
When The Washington Post contacted EstDomains, they told The Washington Post their earlier article “had a significant impact. And unfortunately, it’s impossible to turn back time.” The Post then contacted some sources, with Suresh Ramasubramanian saying it was a mere speed bump for the bad guys and they would “do something I have observed for quite a while – shift to spreading the load among a large number of dumb registrars.”
Meanwhile The Register says that as negative news reports become more prominent, EstDomains became more responsive to reports of abuse. “They started dumping anything we’d tell them about and it almost seemed like it was out of a panic,” said Garth Bruen of Knujon. But it seems from ICANN’s point of view it was too little too late.
Security pundit, Gadi Evron, said, “I believe this is a very positive step from ICANN, showing it is indeed an active part in shaping the Internet, as well as responsible to its constituents, The Tech Herald reports. “While I am sure this can not be an easy move to make, it is warranted in this case and I believe it to be a brave one. While such decisions must not be made rashly, it is my deepest regret WHOIS information is the only way to reach such ends.”
For media coverage of ICANN’s decision to revoke EstDomains’ right to register domain names, see:

ICANN’s announcement it was revoking EstDomains’ registration agreement with them is available from icann.org/en/announcements/announcement-2-29oct08-en.htm.