Spam-linked Chinese domain registrar caught in porn cleanup
A Chinese domain registrar long criticized for serving malicious domains promised stricter oversight on Tuesday after being censured in a government crackdown on Internet porn.
China's own domain registry regulator last week became the latest source to criticize Xinnet.com, a Beijing-based registrar, as the agency stepped up efforts to stop false user information from being used to register new domains. The criticism came as the agency took other moves as well, including barring individuals from registering domain names, that appeared to be part of a growing government campaign against all forms of online pornography.
Xinnet has since removed from its database nearly 3,000 domain entries created with false information, it said in a statement, showing the initial effect of the moves by the domain regulator, the China Internet Network Information Center (CNNIC).
The crackdown could make it more difficult in the short term for local users to register and use a domain for porn or malicious goals, but its effects will not be permanent, said one local security researcher.
"Blocking individual users from registering domains is just a temporary solution," said Zhao Wei, CEO of KnownSec, a Beijing security company. "Otherwise the growth of the Internet would be limited."
Cybercriminals could also work around the new measures. Lax regulation in China has been partly blamed for attracting the large number of attackers worldwide who use domains ending in .cn, the Chinese national domain suffix, to send spam or engage in cybercrime. Passive domain registrars have also been blamed, and among them Xinnet has been listed as the most abused registrar worldwide for the last two years by KnujOn, a spam-fighting organization. In its most recent report, KnujOn said it found more than 34,000 illicit domains linked to Xinnet between June 2008 and early this year, with content ranging from unregulated prescription drugs to pirated software.
Domain registrars like Xinnet sell domain names and the related services that allow a Web site to be found on the Internet.
The drive by CNNIC against bad domain registrations is not new. But the agency has cranked up its efforts since China's state broadcaster last week criticized it in a news program on mobile porn, the latest front in a government campaign against erotic Web sites. The program detailed how the owner of a porn Web site, when faced with a domain closure, could simply transfer its content to a new domain to continue operations. Widespread use of false information to register domains has made that even easier, the report said.
CNNIC responded by ordering registrars to patch holes in the domain approval process and criticizing a short list of registrars including Xinnet. It also announced that buyers of new domains will have to start providing written applications with company credentials, including a stamped seal.
Being required to furnish more information and company credentials could make it riskier for cybercriminals to operate from China-based domains and could raise their costs of business, Zhao said. But some are still likely to get away with false applications, and China's crackdowns in areas like porn and piracy often come in cycles that see enforcement wane after weeks or months.
The accuracy rate for information used to register new domains has been subpar in China. Authorities previously called for a rise in that rate to just 87 percent by the end of the year.
The quickest route for criminals is simply to start using domains based in another country, Zhao said.
"The Internet makes this easy," he said. "These people are global."
More from IDG: