Blog


Would you like to share an article on cybercrime? Please contribute!
 

These articles do not necessarily reflect official positions of the Council of Europe

Blogi Blogi
Nazaj

How reliable and accurate is the WHOIS Database ? What is being done ?

How reliable and accurate is the WHOIS Database ?

Law Enforcement very often starts cyber investigation by looking for information on WHOIS DATABASE. It is noticed that in many cases where enquiry are required, registrants’ information are not accurate or not sufficient to help investigations. Many domain registrars grant domain names without validation of applicant’s data furnished at time of registration; things happen at mouse clicks and payments effected for the domain name requested electronically. Each domain registrar keeps their own WHOIS database which doesn't include domains registered by competing registrars. Putting all this together makes it a big question; How reliable and accurate is the Whois Database ?

Representatives of Law Enforcement Authorities ( LEA) started discussions with ICANN (Internet Corporation for Assigned Names and Numbers) on the subject matter. Consultations and discussions were held at the International ICANN 44 meeting in Prague, Czech Republic in June 2012 on how ICANN may revisit the policies in place for Domain Name Registrars worldwide. The discussions were taken again with ICANN Security and Stability Advisory Committee (SSAC) at the International ICANN 45 meeting in Toronto in October 2012. The SSAC very conscious of the issue is working on the subject matter. Representations are also being carried out at other forums within ICANN on the WHOIS DATA VALIDATION issue. Though very complex, LEA is looking forward for a very pragmatic approach for the validation of registrants at all Domain Name Registrars. Cyber crime detection and cyber security is what matters for us all !!!

Comments
Please sign in to comment.
Victor VOELZOW
Comment by Victor Voelzow on March 15, 2013 at 10:12pm

Narayan, that is a really interesting post. Do you know of any details on how the pragmatic approach to validate the registrants' information could look like? Are there also plans to face the challenge of privacy domain hosters or bulletproof hosters?
Objavljeno 3.3.15 16:53.
Narayan GANGALARAMSAMY
Comment by Narayan Gangalaramsamy on March 16, 2013 at 8:42am

Thanks for the question Victor. I mentioned that it is a complex issue as millions of registrants are already on WHOIS database at different ends. Who validates the Data, How and when are issues that i am sure ICANN is working on. Still there would be the question of privacy of registrants information and credentials that would come into play. and likewise abuse on part of those accessing such data.
Objavljeno 3.3.15 16:55 kot odgovor na Victor VOELZOW.
Tools on Cybercrime & Electronic Evidence Empowering You!
Prikaz spletne vsebine Prikaz spletne vsebine

This tool is co-funded  by the GLACY  and Cybercrime@Octopus projects