The Internet Corporation for Assigned Names and Numbers (ICANN) terminated on Tuesday its contract with Estonia-based EstDomains, blocking the company's ability to offer Internet registration services, but temporarily stayed the judgment the following day to assess the firm's response to the accusations against it.
The move by ICANN, which accredits companies to manage the Internet's domain-registration process, comes after numerous complaints that malicious sites had registered through EstDomains and after the CEO of the company, Vladimir Tsastsin, was found guilty of credit-card fraud by a county court in Estonia. The Computer Emergency Response Team for Estonia has linked the company with Russian organized crime, according to an article in the Washington Post's SecurityFix blog.
Having an officer convicted of a felony is grounds for terminating the Registrar Accreditation Agreement, ICANN stated in a letter (pdf) sent to EstDomains's Tsastsin on Tuesday.
"The attached Estonia Court records state that you were convicted of credit card fraud, money laundering and document forgery on 6 February 2008," the letter stated. "EstDomains' has submitted official documents to ICANN that state that you are the President of EstDomains. Absent receipt by ICANN of any document indicating that you were removed from the position of President, ICANN concludes that you maintained the position of President at EstDomains since the date of your conviction."
On Wednesday, ICANN delayed the termination process to "assess the merits of the claims made in EstDomains response" to the group's letter. The company claimed (pdf) that Tsastsin had appealed the country court's verdict to the nation's Supreme Court on June 16, 2008, an act that would delay the legal effects of the verdict. The company also claimed that Tsastsin had stepped down as CEO about a week later, pending the outcome of the appeal.
Security firms F-Secure and McAfee lauded ICANN's decision to terminate EstDomains' registrar agreement. F-Secure's Mikko Hyppönen charged the firm with being a major hub for cybercrime activity.
"Tens of thousands of malicious domains have been registered with EstDomains," Hyppönen said in a blog post on Wednesday. "These include drive-by-download sites, botnet command-and-control servers, spammed domains and so on. Many of the recent fake antivirus tools as well as rogue codecs have been running via EstDomains. In fact, EstDomains is among the largest registrars in the world and they've registered over 280,000 domains. Not all of them are bad, of course. But a big part of them are."
In a posting sent earlier this month to the mailing list of the North American Network Operators Group (NANOG), a person claiming to represent EstDomains took issue with the criticism that network operators had leveled against his company.
"I won't deny that we *did* have abuse issues -- that is the problem when your customers are mostly located in Eastern Europe -- there are quite a few bad apples," said the e-mail message sent by Konstantin Poltev, a purported employee of EstDomains. "Payment systems used in Eastern Europe tend to favor anonymity -- which, obviously is also favored by criminals. However, it's the exception and not a rule. We've stopped accepting all anonymous payment systems quite awhile ago, and have new arrangement with one of Russia's largest payment systems where, if we report abuse, they will lock the criminal's account and accounts linked to it.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos