New reports from KnujOn, SpamHaus and others detail the way bent and phantom Internet Registrars shelter sites that promote illegal drug sales, malware, and pornography I’m going to name some names of bad actors on the Internet, companies that foster, promote, and benefit from cybercrime. I didn’t do the original research, but I trust the people who did, including KnujOn, SpamHaus, StopBadware, and the Washington Post.Let’s start with The Directi Group. A company called PDR (PublicDomainsRegistry) was #9 on the list of 10 worst Internet registrars, with a registration address given in Beaverton, Oregon. PDR turns out to be one of 48 ICANN-accredited Registrars that did not seem to exist as companies when KnujOn searched for them. The address in Beaverton is a phony. The company is part of the Directi Group, which also owns 40 other phantom registrars, most of which claim the same address in Beaverton. Directi now claims to operate from Mumbai, but they don’t exist as a company in India, either.Next up, PrivacyProtect.org. KnujOn found over 19,000 domains advertised through spam that use PrivacyProtect to hide their ownership. With further digging, KnujOn isolated 1,820 fake pharmacy domains that use PrivacyProtect and are registered through Directi/PublicDomainsRegistry. They all resolved to a single IP address at McGill University in Canada; they have since been moved to a different single IP address at DongHai University in China. KnujOn continues: The service that shields ownership of the unlicensed pharmacies, PrivacyProtect.org, is itself a phantom with undisclosed ownership. It was revealed in a Washington Post article that the Directi Group actually owns PrivacyProtect.org, a fact they did not deny when they responded to the article.Directi claims that it suspends illicit domains, but KnujOn has documented the fact that they report them suspended, and then reinstate them at another IP address.EstDomains is another registrar that sponsors illicit pharmacy domains, porn domains, and malware domains, and is clearly in bed with PrivacyProtect. It’s probably owned by Directi, but that hasn’t been proven, as EstDomains is incorporated in Delaware. It may be one step up from the phantom registrars, since it actually exists as a corporation, but it’s pulling the same scams.And finally, Atrivo. From StopBadware: Jart Armin, StopBadware.org community volunteer and intrepid security researcher, released a report today that concludes that Intercage and Atrivo, a California-based family of companies that operate web hosting, domain registration, and other online services, are a hub of badware activity: Atrivo is a major hub of cyber crime based within the USA, and has been known as such within the Internet community for many years. Within this study we provide detailed evidence not only for public and community awareness but also to provide evidence for action. … Atrivo’s reach in the cyber crime community and the Internet as a whole runs deep. From their partners in crime, to the domain registration and hosting services it has to be remembered this is deliberately misleading to avoid detection. Some of the companies included in the report have built a reputation in the security community as being havens for this type of activity, and Jart’s extensive research raises questions about the degree to which these companies are aware of, and turn a blind eye to, badware activity on their systems.SpamHaus confirms this story:Without exception, all of the major security organizations on the Internet agree that the ‘Home’ of cybercrime in the western world is a place known as Atrivo/Intercage. We ourselves have not come to this conclusion lightly but from many years of dealing with criminal operations hosted by Atrivo/Intercage, gangs of cybercriminals – mostly Russian and East European but with several US online crime gangs as well – whose activities always lead back to servers run by Atrivo/Intercage. We have lost count of the times we have tracked a major virus botnet’s “command and control” to Atrivo/Intercage servers, readers can view here some of the current and historic SBL records for Atrivo for a taste of what has been happening in this network. At almost every Internet security conference, or law enforcement seminar on cyber-crime, a presentation will detail some attack, exploit, phish or financial crime that has some nexus at Atrivo/Intercage.There has been some outcry about all this from the ICANN At-Large Committee, but as of this writing there has been no response from ICANN’s Tim Cole. Perhaps that has something to do with the fact that LogicBoxes, a Directi-owned registrar, has sponsored ICANN meetings in LA and Delhi.[ See the update on this story ] Software Development