Directi Corporate Blog

Directi sponsored IIT Mumbai’s Techfest that was held over the weekend. We were the Golden Edition sponsor, sponsor for Technoholix as well as Codecamp, all rolled into one. At the Technoholix night, 3Run from UK enthralled the audience the audience by fusing Martial Arts, Free-running and Parkour and Action Team from Turkey put up a unique acrobatic-basketball performance.

Techfest also served as a soft launch pad for CodeChef.com – our nation wide coding contest portal. Our booth was bustling with the computer science legion eager to attempt the questions and win freebies.

Although it was a Sunday, the lecture hall was packed with students excited to attend sessions on Automated Testing v/s Manual Testing by Bhavin, amongst others. You can browse through the PPT as well as download it from our wiki.

All in all, Techfest was a pleasant experience. Kudos to our team of enthusiastic developers and community evangelists that made this a success!

It had been more than a month since the last TechCamp and so we were all eagerly looking forward to the fourth episode, scheduled for 11th October, in Mumbai. It promised to be a good one for the geeks and techies, with interesting sessions on User Experience and Web 2.0 Security, both being conducted by experts in their respective domains.

The first session was An Introduction to User Experience, by Mr. Aniruddha Joshi, a faculty member in the Industrial Design Centre, IIT Bombay, who teaches and does research in the field of human-computer interaction design, user studies and usability evaluation. He started off by explaining the different elements of User Experience. Those of us who had attended Jesse James Garrett’s master class on the same subject at GIDS were familiar with the concepts involved, but Mr. Joshi covered them well and raised quite a few thought provoking questions and discussions with the audience. We then participated in an exercise that involved identifying user experience issues at different levels, and another one which demonstrated a possible approach to setting user experience goals for a product and evaluating their relative importance in the product design process.

Next in the agenda was a session on Web 2.0 Security – Defending Next Generation Applications, by Mr. Shreeraj Shah, Founder and Director at Blueinfy Solutions. Mr. Shah first talked about the differences that have been brought about in the underlying technology beneath the new breed of Web 2.0 applications with respect to application architecture, frameworks, components, protocols, data exchange formats etc. He then briefly explained various application attack vectors, including SQL injection, AJAX based Cross Site Scripting (XSS), Cross Site Request Forgery (XSRF), RSS injections and many more. He also demonstrated methodologies, tools and techniques to scan applications for vulnerabilities against these vectors. Most of the developers in the audience were eager to see live demonstrations of every possible hacking technique, but it was not possible to cover each and every one in detail, given the limited amount of time we had. While this was a bit of a disappointment, all in all it was a very interesting and informative session.

Jart Armin of HostExploit.com & Bhavin Turakhia, CEO of Directi are pleased to jointly report on the outcome of community actions against abuse of Directi’s domain registry and PrivacyProtect.

The above in figures review of the actions that Directi, in conjunction with HostExploit, have recently taken to track down and stop abusive domain names and registrants from abusing Directi’s services.
Registrar Abuse

• Over 50,000 domain names have been suspended that were either involved in abusive activity or registered by customers/registrants exhibiting persistent patterns of abuse.
• These domain names (and/or their registrants) were involved in various types of abuse, such as spamming, phishing/spoofing, malware perpetration, suspected pedopornography, financial frauds and falsified ‘Whois’ information.
• All other services utilized by any of these domain names have also been revoked.
• Over the past three months, certain resellers have been identified who have been the destination of choice for bad actors; among these are Vivids Media GMBH, Klikdomains, MyNick.name, and Webst.ru. Approximately 125,000 domain names registered through these resellers have been suspended so far.

PrivacyProtect

• A large incentive for bad actors to use Directi’s services has been PrivacyProtect.org. This service has been disabled for over 27,000 abusive domain names.
• The service had been permanently disabled for all existing and new registrations through resellers/registrars that have seen high volumes of abusive registrations – notable being the ones mentioned above and Estdomains. This has amounted to approximately 500,000 domain names which had privacy protection canceled.

Analysis

When suspending domain names on receiving complaints about their involvement in abuse, HostExploit is pleased to report that, Directi, while reviewing the complaints over the past few months, even before the ‘Atrivo-Cyber Crime USA’ report, found certain trends:

• Domain names registered with the same/similar contact information (name, address patterns)
• Bulk registrations of domain names with a slight variation in the domain name e.g. 018xyz.com, 018xyza.com, 018xyzb.com, 018xyzc.com …. by abusive registrants/customers
• Same blacklisted name servers being repeatedly utilized.
• Registrations in the same customer account involved in various forms of abuse
• Based on these, we reviewed all domain names, first in the customer’s account, then in the reseller’s account and then across the databases. Based on these similarities, 35,000 domain names were identified and have been labeled as co-network.

Discussion

Directi’s strengthened abuse team continues to review complaints and revoke privacy protection for abusive domain names, while also forwarding the complaint to the Registrars for whom Directi provide software and other services for them to take action. Where reports of abuse emerge from security community blogs or forums, Directi are now proactively making searches for such comments and investigating any issue that may involve Directi or a reseller.

One advantage of this exercise has been the development of active communication channels between us and the community. We’ve been able to refresh contacts with organizations e.g. StopBadware, Knujon, CastleCops, Spamhaus, and Artists Against 419, among others, sharing intelligence on abuse activity.

In scouring for more such cases however, every emphasis is made on avoiding any false positives. With this is mind and with the view on net-neutrality all actions are based upon ACM (Association of Computing Machinery) http://www.acm.org/about/code-of-ethics e.g.

1.2 Avoid harm to others.“Harm” means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts. This principle prohibits use of computing technology in ways that result in harm to any of the following: Internet users, and the general public.

An active list of directly suspended domains is available for down load from HostExploit.com

HostExploit and Directi have agreed to maintain their cooperative collaboration to clamp down spam and other forms of abuse on the Internet as rapidly as possible. HostExploit confirms that they are pleased to work directly with the Directi abuse desk in helping Directi identify any miscreants that maybe using Directi’s services. The partnership includes sharing investigative processes and intelligence data on an ongoing basis.

We welcome any concerns or reports related to the abuse of Directi’s registry services forward to abuse(at)directi.com or admin(at)hostexploit.com

Together with the community we hope to continue taking steps to make the Internet a better and safer place.

Directi not only has a vibrant work atmosphere but also embraces a multi-cultural work environment, simply because we believe that neither technology nor geeks are bound by nationality.

As an expat working at Directi, you can enjoy top notch amenities and benefits. To learn more about these, check out our Expat Recruitment Program.

Sebastiaan from Belgium photographed with his Vietnamese hat in our Mumbai office.

In light of recent developments, Jart Armin of HostExploit.com, Bhavin Turakhia, CEO of Directi and Garth Bruen of Knujon have had an open dialogue and mutually agreed to release this joint statement as an accurate representation of facts, clearing any previous misconceptions and reaffirming their common goal to combat abuse on the Internet. Here are few of the points they would like to jointly make -

• Directi, HostExploit, and Knujon recognize and confirm that they share the common goal of continuing to combat spam and abuse on the Internet through cooperation, collaboration and proactive action.
• Directi clarified to HostExploit that, LogicBoxes (a Directi business) is not hosting any of Atrivo’s websites. Atrivo runs its web infrastructure under the name of Hostfresh.com which is not affiliated with Directi in any manner.
• Directi clarified to Knujon that ESTDomains is not a Directi company, and Directi does not control the actions or clients of ESTDomains, a fact that HostExploit and Knujon are aware of.
• HostExploit confirms that its report was not meant to allege that LogicBoxes is directly sponsoring Internet abuse, rather its report was meant, in good faith, only to provide relevant parties with all information and data which can be used to clean up websites that were violating principles of ethical behavior. HostExploit hopes that other Internet news sites which may have taken the data in the HostExploit report out of context in assuming that LogicBoxes is directly affiliated with Atrivo rectify this misconception. Directi confirms that LogicBoxes is simply a software provider to various ICANN Accredited Registrars, and its only role was providing software for domain registration and DNS management.
• HostExploit and Knujon did share with Directi a separate list of additional web sites known for badware that belong to Atrivo, enabling Directi’s abuse team to swiftly suspend them. Directi HostExploit and Knujon intend to continue this information exchange to speedily resolve abuse issues, and to further demonstrate transparency the community can contact either Directi or / and HostExploit to ensure action is taken.
• Directi has clarified to Knujon and HostExploit that privacyprotect.org is merely a privacy protection service used by many of Directi’s legitimate clients, not unlike the privacy protection services offered by other Registrars. Directi further confirmed that privacy protection had already been disabled on a large percentage of Atrivo’s domain names over a month ago. Since Directi offers privacy protection free of cost, there are miscreants who use it to cloak their malicious activities. However Directi reaffirmed that its abuse team will suspend privacy protection on any domain for which they receive a genuine complaint in less than 24 hours. In fact a few months ago, based on reports and data obtained from the antispam community, Directi ceased to offer its privacy protection services to all customers of ESTDomains and to tens of thousands of other domains obtained through the community. Currently over half a million genuine customers of Directi use privacy protection services to prevent their whois data from being harvested.
• Knujon acknowledges that the 48 Registrars that it thought were phantom are actually in existence as delaware incorporated legitimate companies with a valid ICANN Accreditation and accurate contact information. Knujon’s confusion stemmed from the fact that ICANN does not require these companies to publically report their incorporation details.
• Directi confirmed that it is in no way supporting illicit online pharmacies. KnujOn confirms that Directi has suspended the list of clients obtained from Knujon who had registered pharmacy domains through Directi. Directi and KnujOn jointly call on the Internet community, private industry, and government to help develop policy and methods to put a stop to the fake pharmacy menace since Registrars cannot do this alone.
• Directi and HostExploit have discussed further ways to enhance their cooperative collaboration to clamp down spam and other forms of abuse on the Internet as rapidly as possible. Directi acknowledges and applauds HostExploit and Knujon’s continuous efforts in tracking down miscreants. HostExploit and Knujon confirms that they are pleased to work directly with the Directi abuse desk in helping Directi identify any miscreants that maybe using Directi’s services. The partnership includes sharing investigative processes and intelligence data on an ongoing basis.

Together with the community we hope to continue taking steps to make the Internet a better and safer place.