Tag Archives: SWITCH

SWITCH Deletes 5,000 Online Shops in .CH in 2017

SWITCH logoIf the price is too good to be true, well, it’s almost certain the be a fraud. But there are plenty of online shoppers who are only too willing to let the temptation of a bargain tempt them. And they often end up with counterfeit goods. And it’s a problem that many TLD managers take seriously. After all, they have a reputation to protect, for themselves and their customers with legitimate businesses using their domain names.
The problem of counterfeit goods and fraudulent websites has been growing rapidly and SWITCH, the .ch (Switzerland) ccTLD manager, has been working hard to deal with it. In 2016, SWITCH deleted around 700 .ch domain names for online shops. By August 2017, the figure had leapt past the 5,000 mark.
“Thanks to close cooperation with the authorities and improved processes, our targeted campaign allowed us to remove 4,500 fraudulent .ch online shops in August 2017 alone,” said Michael Hausding, a security expert in domain name fraud and a member of the 14-person SWITCH-CERT team of security experts.
“The fraudsters running these shops were attempting to steal money from internet users or gain access to their credit card information. By taking this approach, we are one step ahead of other domain endings, such as .com. We want internet users in Switzerland to continue to rely on a high level of security and trustworthiness of .ch web addresses.”
Internet users who visit fraudulent websites are exposed to several risks: they provide their credit card information along with email and postal addresses to criminal organisations. After making payment, they receive merchandise of inferior quality – if they receive anything at all.
To better protect internet users against threats when visiting .ch websites, the SWITCH Foundation has intensified its cooperation with the Federal Office of Police (fedpol) and other Swiss authorities, and has automated the processes for assisting the authorities. The SWITCH security experts have also created a list of five tips for secure online shopping. They are:
1. Security features
Legitimate online shops are protected by a secure web connection. When you arrive at the ‘Checkout’ process, at the very latest, you should be able to recognise a legitimate webshop by its security attributes, such as a green lock icon and use of https:// instead of http://. Both security attributes are visible in the address line of your browser.
2. Promises of discounts
Be suspicious of brand-name product offerings with unusually big discounts.
3. Internet address
Have an overall look at the provider: does its name, logo and web address seem credible? If you are unfamiliar with the shop, ask around to see whether other people have had a good experience with it. Fraudsters like to use web addresses of legitimate, albeit defunct, websites. This allows them to exploit the recognition factor and a better Google ranking.
4. Imprint
Switzerland requires websites to include an imprint (Impressum). Websites that offer merchandise, works or services must disclose their identity with a name and contact address. The link to the imprint is usually found at the bottom of a website. Be suspicious if a link, such as in this example, is missing or if the information provided does not seem credible. If in doubt, check the website address with www.nic.ch; this website operated by SWITCH lists the contact address given by the holder of the domain name when it was registered. But beware: this address may be fictitious. Avoid a webshop if this information seems dubious to you.
5. Reporting form
Always report fraudulent and suspicious websites to the Federal Office of Police (fedpol) by completing the reporting form: https://www.fedpol.admin.ch/fedpol/en/home/kriminalitaet/cybercrime/meldeformular.html
Removal procedure – close cooperation with authorities
If a Swiss authority (e.g. fedpol, MELANI, Comlot, ESBK, SECO, Swissmedic) comes across a .ch website that is potentially in violation of the law in the course of its work, it attempts to contact the owner of the .ch domain name. This requires a contact address in Switzerland. If the domain name owner has registered an invalid address or an address outside the country in the SWITCH database, the authority contacts SWITCH. The foundation then gives the owner 30 days to provide a valid address in Switzerland. If the deadline passes without a response, SWITCH deletes the domain name and the fraudulent website is no longer accessible. This procedure is in line with the Federal Ordinance on Internet Domains (IDomsO).
Protecting Europe’s most secure address
The security experts at SWITCH have been very proactive in fighting cybercrime for several years now, particularly in the case of malware and phishing. As a result, .ch has become Europe’s most secure domain ending. Together with partners in the Swiss internet industry, SWITCH also started the Safer Internet initiative. SWITCH is also working closely with the Swiss authorities in the area of white-collar crime. The goal is always the same: to offer Swiss internet users maximum protection against threats.

.CH Celebrates 30 Years As Europe’s Safest TLD

The Swiss ccTLD, .ch, celebrated 30 years of existence last Saturday, with the SWITCH Foundation, the current registry, being established later the same year.

The .ch country code top level domain entered the domain name system on 20 May 1987, and on 22 October the SWITCH Foundation was established. In the intervening 30 years, .ch has become the safest ccTLD in Europe, according to SWITCH.

One of the key reasons for .ch being so safe has been the establishment of SWITCH-CERT over 20 years ago, Switzerland’s first computer emergency response team. CERTs specialise in identifying abuse and attacks and fixing security incidents.

No other ccTLD has security experts that take such a proactive and systematic approach to combating malware and phishing. In 2016 alone, SWITCH-CERT’s 14 experts removed malware and phishing from .ch websites in 1,900 cases in conjunction with authorities such as the Federal Office of Communications (OFCOM) and the Swiss Reporting and Analysis Centre for Information Assurance (MELANI) as well as registrars, hosting providers and the website owners affected. This was done within 24 hours in 70% of cases. SWITCH-CERT provides those affected with precise instructions, ensuring that problems are solved much more quickly. Internet users are thus actively guarded against malware infections and attempted fraud. This protection is making .ch an increasingly unattractive target for cybercriminals compared with other domain endings.

Protecting the Swiss Internet is of vital importance. The Swiss Federal Council has declared .ch to be a critical infrastructure. High availability and stability are hugely important for the Swiss population, not least due to the fast pace of digitalisation in all areas of life.

SWITCH will continue to be responsible for the security and stability of .ch websites for at least the next five years. The foundation won OFCOM’s public tender to operate the registry in 2016 with security being a key component of the winning tender. Announcing that SWITCH had won the tender at the time the government noted how important security was and that SWITCH had the best security concept.

OFCOM noted SWITCH’s tender stood out with a combination of an excellent concept for combating cybercrime and a good price/performance ratio. Other criteria that were part of the tender process were experience, community, economic independence and DNSSEC.

SWITCH Retains .CH Registry For Five More Years [updated]

The SWITCH Foundation has once again won the right to operate the .ch (Switzerland) ccTLD for the five years from 2017 to 2022, the Federal Office of Communications (OFCOM) announced with its proposals for dealing with cybercrime one of the key reasons it won the tender.In announcing winning the tender on Twitter, SWITCH said they are “very proud”. And it means SWITCH will continue to operate .ch as it has since 2003.”We are very proud that OFCOM has decided in our favour and will continue to work hard to ensure that .ch domains remain among the most secure in the world,” said SWITCH’s Managing Director Andreas Dudler later in a statement. “To this end, we work closely with authorities and partners in the Internet industry throughout the world, not just in Switzerland.”SWITCH won the public tender process launched in mid-April 2016. OFCOM noted its tender stood out for the combination of an excellent concept for combating cybercrime and a good price/performance ratio. Other criteria that were part of the tender process were experience, community, economic independence and DNSSEC.The Swiss Federal Council has declared .ch a critical infrastructure. It was determined that .ch requires special protection because large parts of public life would grind to a halt if it were to break down, which is the case with most of the country code Top Level Domains (ccTLDs) around the world.SWITCH in announcing they had won the tender noted they had always endeavoured to keep this infrastructure operating securely and stably. The foundation has played a pioneering role in the fight against cybercrime. It was the first registry to begin taking decisive action against the distribution of malicious software and the theft of personal login details for online services.It means that from July 2017 to at least 2022 the SWITCH Foundation will continue to manage the national database of .ch domain names. Its tasks include the assignment and revocation of the right to use internet addresses with the ending “.ch”. The contract can be extended for a further five years by mutual consent.SWITCH won the tender, OFCOM said, because its bid achieved the highest score of the bids which were submitted.

Swiss Government Puts .CH Registry Out To Tender

Swiss Confederation government logoThe Swiss Federal Office of Communications (BAKOM/OFCOM) has put out the management of the .ch registry to tender. The current contract with the SWITCH Foundation expires in mid-2017.

The SWITCH Foundation has expressed its desire to retain its role. In a statement, SWITCH note how they have “made .ch one of the most secure top-level domains in the world and is confident that it will remain the best choice for Switzerland going forward.”

SWITCH believe they are most suited to continue in the role. “Ever since it first created the registry, [SWITCH] has worked hard to ensure the secure, stable and uninterrupted operation of .ch. No other organisation in Switzerland has similar experience or a comparable record of success. It is no accident that .ch domains are among the most secure in the world.”

“SWITCH is the first registry in the world to adopt an active stance against cybercrime – in particular the use of .ch domains to spread malicious software and the theft of personal access details for online services. Over many years of fighting cybercrime, SWITCH has built a network of contacts with authorities and Internet service providers and established and optimised processes based on mutual trust.”

In mid-April, BAKOM will launch the public invitation to tender for the roll of .ch registry manager. The company which wins the contract will assume the registry function as of northern summer 2017. On this basis it will have to manage the national database of .ch domain names and ensure the electronic connection with the global domain name system (DNS). It will also be responsible for the assignment and revocation of the right to use an internet address. Since 2003, this task has been entrusted to the SWITCH Foundation.

In order to apply for the registry function, candidate companies will have to be able to prove that they are capable of providing the services defined in the Ordinance on Internet Domains (OID). In particular they will have to demonstrate that they have the skills and personnel essential for the satisfactory operation of the technical infrastructure, i.e. the DNS.

With approximately two million registered domain names, .ch is regarded as a critical resource for Switzerland. The requirements in relation to guaranteeing stability and security are consequently very stringent. For example, the registry is required to put in place measures to combat cybercriminality and to ensure the system’s security and accessibility. In order to guarantee integrity and data protection in accordance with the national legislation, the public invitation to tender is open only to companies based in Switzerland which themselves (along with their parent companies) have no dependent relationship with a foreign legal system requiring excessive disclosure of data.

Interested companies will be able to submit their candidature until mid-July 2016. In the autumn, OFCOM will designate the company which will perform the registry function from mid-2017 onwards.

Cybercrime on .CH Websites Declines In 2015, But Increases On Swiss Companies Using Other TLDs

SWITCH logoThe number of incidents of cybercrime on websites using .ch (Switzerland) and .li (Liechtenstein) domains decreased in 2015 while there was an increase in the number of phishing attacks on Swiss companies’ websites with other domain endings, the SWITCH Foundation, which operates the registry for both ccTLDs, announced.

According to the cybercrime report, “SWITCH took action to remove malware from 698 .ch and .li websites in 2015, down from 1,839 in 2014. The situation as regards phishing was more or less stable: 329 .ch and .li websites were affected, compared with 323 in 2014. Meanwhile, there was an increase in the number of phishing attacks on Swiss companies’ websites with other domain endings.”

“Cybercriminals are driven by money. We are quick in identifying domain misuse and acting to stop it, so attacking Swiss websites is becoming less and less worthwhile,” explains SWITCH security expert Serge Droz.

Droz sees new challenges where phishing is concerned.

“Phishing attacks did not focus solely on banks in Switzerland last year, they were primarily targeted at online shops. Our goal for 2016 is to be even more efficient in dealing with phishing. Since we can only have a direct influence on .ch and .li, we are all the more dependent on cooperation with colleagues in Switzerland and abroad when it comes to other domain endings.”

For more on the SWITCH cybercrime report, see:

Domain Pulse 2016 Coming To Switzerland In February

It’s now less than a month to go until 2016’s Domain Pulse conference, this year to be held in Lausanne, Switzerland on 1 and 2 February.As usual there is a wide range of presentations over the two day conference, the largest German-language conference that is aimed at the domain name community, and presentations will be translated into English for the non-German speakers, or into German where presentations are in English.Presentations over the two days include on the .swiss gTLD, Keeping the Domain Ecosystem Clean, Keeping .ch Safe and Sound on day one along with sessions on internet surveillance and a keynote speech by Mikko Hyppönen, the Chief Research Officer for F-Secure.Day two includes a session with the technical heads and CEOs of the registries DENIC, nic.at and SWITCH answering questions from the audience and then has a focus on internet governance with presentations by Wolfgang Kleinwächter and a panel that will include Janis Karklins and William Drake.For more information and to register, go to:

SWITCH, With DENIC and nic.at, Wins CENTR Security Award

SWITCH logoSWITCH and its counterparts in Austria (nic.at) and Germany (denic) have been rewarded for their joint efforts to protect the Domain Name System. They have won the Security Award from the Council of European National Top Level Domain Registries (CENTR).

[news release] The Austrian, German and Swiss registries joined forces to improve their processes for protecting the Domain Name System (DNS). SWITCH, nic.at and denic have won the CENTR Award in the category Security for this new form of collaboration. The award is for innovative projects and cooperations in the field of top-level domain registries. Urs Eppenberger, Head of Commercial Customers at SWITCH, is delighted by this honour: “SWITCH endeavours to make the Internet safe in Switzerland. The award from CENTR vindicates these efforts and shows that we are on the right track.”

Improved processes thanks to collaboration with German and Austrian registries

SWITCH had the information security management system (ISMS) for the DNS certified according to ISO 27001 just over a year ago. This is the global standard for ISMSs. The .ch registry is among the first in Europe to be certified. In order to meet the high standards required for ISO certification, SWITCH must continually review and optimise its own security processes. It made the decision to share the tasks of internal auditing under the ISO standard and assessing compliance with the registries in Austria and Germany. SWITCH, nic.at and denic thus meet three times a year to check each other’s security processes and draft recommendations for greater security.

Continual optimisation of security levels

The Domain Name System (DNS) is a critical infrastructure. It links Internet addresses with the servers hosting the associated websites. Should it be hacked or fail to work for any other reason, many areas of day-to-day life in Switzerland would practically grind to a halt. Payment transactions and large parts of the public transport network are just two examples that would be hit hard by a breakdown. SWITCH works to protect the DNS against downtime and continually optimise its security. Its efforts regarding security are bearing fruit: .ch domains are among the most secure throughout the world.

Explanation of terms


A registry is an organisation that centrally administers the operation of a country’s Domain Name System (DNS). In particular, it is in charge of registering the country’s domain names. Examples include nic.at in Austria and denic.de in Germany. SWITCH is contracted by OFCOM in Switzerland to register domain names ending in .ch and by the Office for Communications in the Principality of Liechtenstein to register domain names ending in .li.

This SWITCH news release was sourced from:

SWITCH Launches Website Aiming To Improve Security On The Internet

SWITCH logoSWITCH has created a website with a focus on prevention to help safeguard domains in Switzerland. Under the title Safer Internet, SWITCH informs domain name holders about the dangers lurking on the Internet and explains how they can protect their website against attacks. SWITCH is tasked by the Federal Office of Communications (OFCOM) with registering domain names ending in .ch and also works to ensure a secure and stable Internet in Switzerland.

[news release] Dangers lurking on the Internet include drive-by attacks and phishing. Many domain name holders are unaware of the threats posed by cybercriminals or how to prevent them. One of the SWITCH foundation’s main goals is to make the Internet safe in Switzerland. With this in mind, it has created the new website www.switch.ch/saferinternet. SWITCH security expert Michael Hausding explains: “Safer Internet is an information platform aimed at everyone who has a .ch website. It offers tips on preventing domain name misuse and information on risks relating to online content.” Available in English, German, French and Italian, the Safer Internet website is intended for a broad audience.

Preventing drive-by and phishing attacks

Most damage to .ch websites is caused by drive-by infections and phishing. In a drive-by attack, users visiting a website infect their computers with malware placed on the site by hackers. Phishing, meanwhile, is an attempt to gain access to Internet users’ personal information using fake websites, e-mails or instant messages. These types of attacks cause a huge amount of damage online. SWITCH’s new website tells domain name holders how they can protect their websites against cybercriminals. Under the heading ‘Make your website safer’, SWITCH offers advice on how to prevent such attacks. Safer Internet also includes details of the risks these attacks bring with them and why more and more websites are being targeted.

About Safer Internet

Safer Internet is a website containing information about how to prevent the misuse of domain names. It explains some common security issues and offers advice on dealing with them. If you have any questions about website security, please feel free to contact SWITCH.

This SWITCH news release was sourced from:

Phishing Goes Up, Malware Down, On .CH Websites

SWITCH logoThe incidences of malware on .CH websites went down by a third (33%) in 2014, but incidences of phishing went up five-fold to 323.

SWITCH, the Swiss registry, uncovered 1,839 cases of malware last year, roughly a third below the total of 2,718 recorded in 2013. In 1,493 of these cases, registrants removed the harmful code after receiving the first notification from SWITCH.

However, there was an increase in the number of phishing cases. The number of phishing cases increased almost fivefold between the first and fourth quarters. The removal process is the same as for malware: SWITCH checks websites for phishing and notifies the holder when it is found. In 2014, SWITCH recorded 323 cases of phishing, and the phishing site was removed after the first notification in 298 of these.

Serge Droz, Head of SWITCH-CERT, SWITCH’s security team, comments: “We saw a sharp increase in the number of phishing reports SWITCH received compared with 2013. This prompted SWITCH to start notifying holders of websites affected by phishing automatically via e-mail as of 1 October 2014.”

SWITCH Fighting Malware in Switzerland

Established process now covers phishing as well

SWITCH introduced a process for removing malware-spreading code from websites back in 2010. Various partner organisations in Switzerland and abroad warn SWITCH about websites that spread malware. Where there is a justified suspicion, the holder of a website is notified and requested to remove the harmful code within one working day. The domain name is temporarily blocked for up to five days in the interests of security if this is not done, and SWITCH demands identification from the holder if the infection is not removed from the website during this time. Should the holder also fail to meet this demand, the domain name is deleted after 30 days.

In view of the sharp increase in cases, phishing is now being handled with the same priority as malware. The process involved is partially automated. Phishing is an attempt to gain access to passwords or sensitive data by illegal means. Criminal organisations set up a phishing site on an existing website without the holder’s knowledge. Where addresses of phishing sites are identified on a .ch or .li domain, SWITCH notifies the holder and hoster. The phishing site is then removed within 24 hours in 92% of cases. Droz explains: “The most common phishing targets on .ch websites in 2014 were Apple and PayPal.” By cleaning infected websites of malware, SWITCH helps to ensure the security and stability of the Internet in Switzerland. The European Union Agency for Network and Information Security (ENISA) notes in its Threat Landscape 2014 report that phishing is on the increase worldwide.

SWITCH Phishing Domains in 2014

Use of Blackhole exploit kit drastically reduced

According to ENISA, the biggest threat comes from harmful code such as worms and Trojans, which hide on websites and infect the computers of users who visit these sites using an exploit kit. This is an electronic data processing toolkit that systematically exploits weaknesses in browsers and their plugins. SWITCH identified a variety of exploit kits from its analysis of infected websites in 2014. The most commonly used last year was Angler, which took advantage of loopholes in Adobe Flash and Java. SWITCH’s observations concerning Swiss websites corroborate the ENISA report’s claim that use of the Blackhole exploit kit has been drastically reduced since those responsible were caught.

Reporting suspected phishing:

SWITCH recommends reporting it directly to the Swiss Internet Security Alliance (SISA), a joint initiative of Swiss providers of Internet and financial services and security firms. SWITCH is a founding member of SISA.





SWITCH Gets .CH Registry Contract Extension To 2017

SWITCH logoOn 20 March 2015, the SWITCH foundation and the Federal Office of Communications (OFCOM) signed an extension of the existing registry contract to 30 June 2017. But a public tender will be called in 2016 for the operation of the registry from July 2017 onwards.

The contract extension means that SWITCH will retain responsibility for the administration of .ch domain names and support for customers in transferring their .ch domain names to the registrars.

Commenting on the contract extension, the SWITCH foundation said as it has more than 27 years’ experience in operating the registry it offers the best possible protection for the Swiss internet thanks to its dedicated team of security experts. SWITCH is therefore confident that it will continue to be the best choice to operate this critical infrastructure for Switzerland going forward.

There has also been a significant policy change that came into effect on 1 January 2015 that saw the registry stopping selling .ch domain names directly to registrants, and since then it has been handing over the related client support to registrars. At present, some 500,000 .ch domain names are still registered directly with SWITCH by 270,000 clients. SWITCH will in future focus on operating the .ch domain name directory and on ensuring that the Swiss internet remains secure and stable.