More than five years after domain registrars began redacting personal data in all public domain registration records, the nonprofit group that oversees the domain industry has launched a centralized online service designed to enable researchers, law enforcement and others to It is easier for personnel to request information directly from the registrar.
May 2018, Internet Corporation for Assigned Names and Numbers (ICANN) – the not-for-profit entity that manages the global domain name system – instructs all registrars to redact their customers’ names, addresses, phone numbers and emails from WHOIS, the system used to store domain registrants and the Internet. Road block database system. address range.
ICANN made this policy change in response to the General Data Protection Regulation (GDPR), a law enacted by the European Parliament that requires companies to obtain explicit consent to collect any personal information from people in the European Union. In the meantime, registrars will continue to collect data but not publish it, and ICANN has committed to developing a system to facilitate access to this information.
At the end of November 2023, ICANN launched the Registration Data Request Service (RDRS), which is designed to serve as a one-stop service for submitting registration data requests to participating registrars. This video from ICANN explains how the system works.
Accredited registrars are not required to participate, but ICANN requires all registrars to participate and says participants can opt out or cease use at any time. ICANN believes that using a standardized request form will make it easier to provide the correct information and supporting documentation to evaluate requests.
ICANN stated that RDRS does not guarantee access to requested registration data and that all communications and disclosures between registrars and requesters occur outside the system. This service cannot be used to request WHOIS data related to country code top-level domains (CCTLDs), such as domains ending in .de (Germany) or .nz (New Zealand).
as Catalin Simpanu write to High Risk Business NewsCurrently, investigators can submit legal requests or abuse reports to each individual registrar, but the idea behind RDRS is to create a place where requests from “verified” parties can be fulfilled faster and with more trust.
The registrar community generally views public WHOIS data as a nuisance for their domain customers and an unwelcome cost center. Privacy advocates insist that cybercriminals will never provide real information in registration records anyway, and that requiring the release of WHOIS data will only expose domain registrants to spammers, scammers, and stalkers.
At the same time, security experts believe that even if Internet abusers deliberately provide misleading or false information in WHOIS records, this information can still be very useful in determining the scope of their malware, phishing and scamming activities. What’s more, the vast majority of phishing is carried out with the help of compromised domains, and the primary method of clearing these compromises is to use WHOIS data to contact the victim and/or their hosting provider.
Anyone looking for extensive examples of both can simply search for the term “WHOIS” on the site, which will produce dozens of stories and investigations that would be impossible without the data available in global WHOIS records. and investigation was simply impossible to achieve.
KrebsOnSecurity remains skeptical that participating registrars will be more likely to share WHOIS data with researchers because the request comes from ICANN. But I expect to err on the side of this, and if RDRS proves useful, I will certainly mention it in my report.
Regardless of the success or failure of RDRS, there is another European law set to take effect in 2024 that may put additional pressure on registrars to respond to legitimate requests for WHOIS data. EU member states must implement the new Network and Information Security Directive (NIS2) by October 2024, which requires registrars to keep more accurate WHOIS records and respond to WHOIS data requests in as little as 24 hours, including online The impact of phishing, malware and spam on copyright and brand enforcement.