<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#333333" bgcolor="#ffffff">
<font face="sans-serif">BTW, do click on <a class="moz-txt-link-freetext" href="http://www.torrent-finder.com/">http://www.torrent-finder.com/</a></font>
to see the seizure notice . <br>
<br>
As the article mentions, the seizure of the domain space is done not at
Registrar level but at TLD owner level, a privilege only available to
US gov for most top TLDs. <br>
<br>
On Monday 29 November 2010 02:54 PM, parminder wrote
<blockquote cite="mid:4CF3714E.90907@itforchange.net" type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<br>
<br>
On Monday 29 November 2010 02:52 PM, parminder wrote:
<blockquote cite="mid:4CF370BC.8040201@itforchange.net" type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title></title>
(For some reason, domain seizing activities of governments of
developing countries</blockquote>
<br>
correction. i of course meant developed countries here <br>
<br>
<br>
<blockquote cite="mid:4CF370BC.8040201@itforchange.net" type="cite">,
done for IP enforcement, receives so much less
attention that that of developing countries done for political and
cultural reasons. See below.)<br>
<h2 class="pagetitle">The Background Dope on DHS Recent Seizure
of Domains</h2>
<p><a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://rulingclass.wordpress.com/2010/11/28/the-background-dope-on-dhs-recent-seizure-of-domains/">http://rulingclass.wordpress.com/2010/11/28/the-background-dope-on-dhs-recent-seizure-of-domains/</a></p>
<p>As has been reported, it looks like <a moz-do-not-send="true"
href="http://www.ice.gov/iprcenter/">ICE</a>, which is the principal
investigative arm of DHS, has begun seizing domains under the pretext
of IP infringement. But it’s actually not ICE who is executing the
mechanics of the seizures. It’s a private company, <a
moz-do-not-send="true" href="http://www.immixgroup.com/"
target="_blank">immixGroup IT
Solutions</a>. Here is what is going down.</p>
<p>In May of this year, <a moz-do-not-send="true"
href="http://www.immixgroup.com/news/pr_display.cfm?ID=117"
target="_blank">immixGroup IT Solutions</a> is awarded a one year IT
Services contract with DHS. The particulars of this contract:</p>
<blockquote>
<p>Under this new contract, immixGroup will provide information
technology operational services and support, implementation, and
maintenance of DHS ICE C3′s software applications, network and
CyberSecurity systems, as well as the maintenance and enhancement of
applications that support law enforcement activities.</p>
<p>The contract includes one base year, one 12-month option
period,
and two six-month option periods; covers all four divisions of C3
(Child Exploitation, Cyber Crimes, Computer Forensics, and Cyber
Training); and is critical to C3′s pursuit of criminal activity.
immixGroup’s services in this effort include network maintenance,
application development and support, forensic lab assistance, data
storage maintenance, and information assurance. </p>
</blockquote>
<p>On November 24th, immixGroup IT Solutions registered the domain
SEIZEDSERVERS.COM, and primary and secondary nameservers,
NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM, with Network Solutions,
which is the registrar for this domain. Since the DHS contract is
provisionally for one year only, the domain was only registered for one
year(expires in one year).</p>
<p>immixGroup IT Solutions is using <a moz-do-not-send="true"
href="https://www.caro.net/" target="_blank">CaroNet</a> to host their
domain, including the
authoritative name servers(NS1.SEIZEDSERVERS.COM,
NS2.SEIZEDSERVERS.COM) for this domain. They have setup a simple web
page, <a moz-do-not-send="true" href="http://seizedservers.com/">http://seizedservers.com/</a>
or <a moz-do-not-send="true" href="http://74.81.170.110"
target="_blank">http://74.81.170.110</a>
which is the same “Notification of Seizure” page you will get if you
type in one of the seized domains in browser address bar(if you’re
paranoid: yes, they are tracking using both Google analytics and piwik).</p>
<p>ICE is not actually “seizing” any servers or forcing hosting
companies to remove web content from their servers; what they are doing
is using immixGroup IT Solutions to switch the authoritative name
servers for these “seized domains.” But they are not doing it at the
Registrar level(by contacting the registrar for the domain and forcing
them to update the authoritative name server info to point to
NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM), but rather through the
agency who controls the top level domain. In this case, all the “seized
domains” appear to be .com and the agency/company who has the ICANN
contract for this TLD is VeriSign(which also controls .net TLD). The
changes are being made at the top-level authoritative name servers for
the .com TLD, which would be the [a-m].gtld-servers.net. These are
controlled by VeriSign(note: these top-level name servers are also
authoritative for .net and .edu TLDs).</p>
<p>So, VeriSign, the owner of the .com TLD, is working in
cooperation
with DHS, and it appears immixGroup IT Solutions has what we might call
an “IT Support Ticket system” setup with VeriSign.</p>
<p>That web servers are not being seized and web content not being
deleted can easily be verified by clicking this link, <a
moz-do-not-send="true" href="http://208.101.51.57" target="_blank">http://208.101.51.57</a>,
which
is
the original IP Address of a seized domain, <b>torrent-finder.com</b>.
It’s
still up, and it appears it has registered a new domain, <b>torrent-finder.info</b>,
that
resolves
to the original IP address. This site is being hosted by
SoftLayer Technologies in Dallas, TX. So, it is certainly within US
jurisdiction to be shut down if there was “a case to be made.”</p>
<p>Now the .info TLD is not controlled by VeriSign; it’s controlled
by <a moz-do-not-send="true"
href="http://en.wikipedia.org/wiki/Afilias" target="_blank">Afilias</a>.
So,
an
interesting little experiment would be to see if the <b>torrent-finder.info</b>
domain remains up. As of now, we can only conclude that there is back
deal between DHS and VeriSign that makes any .com or .net domain
subject to seizure by the actions of immixGroup IT Solutions. </p>
<p>Lastly, there has been some speculation that this recent
business
of
“domain seizure” portends the same tactics being used to seize the
“wikileaks.org” domain. From a technical standpoint, understand that
the .org TLD is not controlled by VeriSign; it is controlled by the
Public Interest Registry. An interesting thing however: PIR has
contracted out the technical operations to Afilias. So, if we were to
see <b>torrent-finder.info</b> similarly seized, then this would mean
that Afilias is also in cahoots with DHS, which could imply the .org
TLD could be subject to the same type of “domain seizures.” As of now,
there is no evidence of that. And, it should be clear, these type of
domain seizures are completely different than the 2008 attempted
shutdown of wikileaks.org by the US government. In that case, a U.S.
District Court issued an injunction ordering Dynadot, which was the
registrar for the domain, to remove all traces of Wikileaks from its
records. That didn’t hold up. </p>
</blockquote>
</blockquote>
</body>
</html>