[governance] US gov's Domain seizing activities

parminder parminder at itforchange.net
Mon Nov 29 04:24:30 EST 2010 


On Monday 29 November 2010 02:52 PM, parminder wrote:
> (For some reason, domain seizing activities of governments of 
> developing countries

correction. i of course meant developed countries here


> , done for IP enforcement, receives so much less attention that that 
> of developing countries done for political and cultural reasons.  See 
> below.)
>
>
>     The Background Dope on DHS Recent Seizure of Domains
>
> http://rulingclass.wordpress.com/2010/11/28/the-background-dope-on-dhs-recent-seizure-of-domains/
>
> As has been reported, it looks like ICE 
> <http://www.ice.gov/iprcenter/>, which is the principal investigative 
> arm of DHS, has begun seizing domains under the pretext of IP 
> infringement. But it’s actually not ICE who is executing the mechanics 
> of the seizures. It’s a private company, immixGroup IT Solutions 
> <http://www.immixgroup.com/>. Here is what is going down.
>
> In May of this year, immixGroup IT Solutions 
> <http://www.immixgroup.com/news/pr_display.cfm?ID=117> is awarded a 
> one year IT Services contract with DHS. The particulars of this contract:
>
>     Under this new contract, immixGroup will provide information
>     technology operational services and support, implementation, and
>     maintenance of DHS ICE C3′s software applications, network and
>     CyberSecurity systems, as well as the maintenance and enhancement
>     of applications that support law enforcement activities.
>
>     The contract includes one base year, one 12-month option period,
>     and two six-month option periods; covers all four divisions of C3
>     (Child Exploitation, Cyber Crimes, Computer Forensics, and Cyber
>     Training); and is critical to C3′s pursuit of criminal activity.
>     immixGroup’s services in this effort include network maintenance,
>     application development and support, forensic lab assistance, data
>     storage maintenance, and information assurance.
>
> On November 24th, immixGroup IT Solutions registered the domain 
> SEIZEDSERVERS.COM, and primary and secondary nameservers, 
> NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM, with Network Solutions, 
> which is the registrar for this domain. Since the DHS contract is 
> provisionally for one year only, the domain was only registered for 
> one year(expires in one year).
>
> immixGroup IT Solutions is using CaroNet <https://www.caro.net/> to 
> host their domain, including the authoritative name 
> servers(NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM) for this domain. 
> They have setup a simple web page, http://seizedservers.com/ or 
> http://74.81.170.110 which is the same “Notification of Seizure” page 
> you will get if you type in one of the seized domains in browser 
> address bar(if you’re paranoid: yes, they are tracking using both 
> Google analytics and piwik).
>
> ICE is not actually “seizing” any servers or forcing hosting companies 
> to remove web content from their servers; what they are doing is using 
> immixGroup IT Solutions to switch the authoritative name servers for 
> these “seized domains.” But they are not doing it at the Registrar 
> level(by contacting the registrar for the domain and forcing them to 
> update the authoritative name server info to point to 
> NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM), but rather through the 
> agency who controls the top level domain. In this case, all the 
> “seized domains” appear to be .com and the agency/company who has the 
> ICANN contract for this TLD is VeriSign(which also controls .net TLD). 
> The changes are being made at the top-level authoritative name servers 
> for the .com TLD, which would be the [a-m].gtld-servers.net. These are 
> controlled by VeriSign(note: these top-level name servers are also 
> authoritative for .net and .edu TLDs).
>
> So, VeriSign, the owner of the .com TLD, is working in cooperation 
> with DHS, and it appears immixGroup IT Solutions has what we might 
> call an “IT Support Ticket system” setup with VeriSign.
>
> That web servers are not being seized and web content not being 
> deleted can easily be verified by clicking this link, 
> http://208.101.51.57, which is the original IP Address of a seized 
> domain, *torrent-finder.com*. It’s still up, and it appears it has 
> registered a new domain, *torrent-finder.info*, that resolves to the 
> original IP address. This site is being hosted by SoftLayer 
> Technologies in Dallas, TX. So, it is certainly within US jurisdiction 
> to be shut down if there was “a case to be made.”
>
> Now the .info TLD is not controlled by VeriSign; it’s controlled by 
> Afilias <http://en.wikipedia.org/wiki/Afilias>. So, an interesting 
> little experiment would be to see if the *torrent-finder.info* domain 
> remains up. As of now, we can only conclude that there is back deal 
> between DHS and VeriSign that makes any .com or .net domain subject to 
> seizure by the actions of immixGroup IT Solutions.
>
> Lastly, there has been some speculation that this recent business of 
> “domain seizure” portends the same tactics being used to seize the 
> “wikileaks.org” domain. From a technical standpoint, understand that 
> the .org TLD is not controlled by VeriSign; it is controlled by the 
> Public Interest Registry. An interesting thing however: PIR has 
> contracted out the technical operations to Afilias. So, if we were to 
> see *torrent-finder.info* similarly seized, then this would mean that 
> Afilias is also in cahoots with DHS, which could imply the .org TLD 
> could be subject to the same type of “domain seizures.” As of now, 
> there is no evidence of that. And, it should be clear, these type of 
> domain seizures are completely different than the 2008 attempted 
> shutdown of wikileaks.org by the US government. In that case, a U.S. 
> District Court issued an injunction ordering Dynadot, which was the 
> registrar for the domain, to remove all traces of Wikileaks from its 
> records. That didn’t hold up.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20101129/a333237a/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list