[governance] US gov's Domain seizing activities
McTim
dogwallah at gmail.com
Mon Nov 29 06:17:13 EST 2010
Click on it only if you want to be tracked by the USG contractor
running the web server! Rgds, mctim
On 11/29/10, parminder <parminder at itforchange.net> wrote:
> BTW, do click on http://www.torrent-finder.com/ to see the seizure notice .
>
> As the article mentions, the seizure of the domain space is done not at
> Registrar level but at TLD owner level, a privilege only available to US
> gov for most top TLDs.
>
> On Monday 29 November 2010 02:54 PM, parminder wrote
>>
>>
>> On Monday 29 November 2010 02:52 PM, parminder wrote:
>>> (For some reason, domain seizing activities of governments of
>>> developing countries
>>
>> correction. i of course meant developed countries here
>>
>>
>>> , done for IP enforcement, receives so much less attention that that
>>> of developing countries done for political and cultural reasons. See
>>> below.)
>>>
>>>
>>> The Background Dope on DHS Recent Seizure of Domains
>>>
>>> http://rulingclass.wordpress.com/2010/11/28/the-background-dope-on-dhs-recent-seizure-of-domains/
>>>
>>> As has been reported, it looks like ICE
>>> <http://www.ice.gov/iprcenter/>, which is the principal investigative
>>> arm of DHS, has begun seizing domains under the pretext of IP
>>> infringement. But it’s actually not ICE who is executing the
>>> mechanics of the seizures. It’s a private company, immixGroup IT
>>> Solutions <http://www.immixgroup.com/>. Here is what is going down.
>>>
>>> In May of this year, immixGroup IT Solutions
>>> <http://www.immixgroup.com/news/pr_display.cfm?ID=117> is awarded a
>>> one year IT Services contract with DHS. The particulars of this contract:
>>>
>>> Under this new contract, immixGroup will provide information
>>> technology operational services and support, implementation, and
>>> maintenance of DHS ICE C3′s software applications, network and
>>> CyberSecurity systems, as well as the maintenance and enhancement
>>> of applications that support law enforcement activities.
>>>
>>> The contract includes one base year, one 12-month option period,
>>> and two six-month option periods; covers all four divisions of C3
>>> (Child Exploitation, Cyber Crimes, Computer Forensics, and Cyber
>>> Training); and is critical to C3′s pursuit of criminal activity.
>>> immixGroup’s services in this effort include network maintenance,
>>> application development and support, forensic lab assistance,
>>> data storage maintenance, and information assurance.
>>>
>>> On November 24th, immixGroup IT Solutions registered the domain
>>> SEIZEDSERVERS.COM, and primary and secondary nameservers,
>>> NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM, with Network Solutions,
>>> which is the registrar for this domain. Since the DHS contract is
>>> provisionally for one year only, the domain was only registered for
>>> one year(expires in one year).
>>>
>>> immixGroup IT Solutions is using CaroNet <https://www.caro.net/> to
>>> host their domain, including the authoritative name
>>> servers(NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM) for this
>>> domain. They have setup a simple web page, http://seizedservers.com/
>>> or http://74.81.170.110 which is the same “Notification of Seizure”
>>> page you will get if you type in one of the seized domains in browser
>>> address bar(if you’re paranoid: yes, they are tracking using both
>>> Google analytics and piwik).
>>>
>>> ICE is not actually “seizing” any servers or forcing hosting
>>> companies to remove web content from their servers; what they are
>>> doing is using immixGroup IT Solutions to switch the authoritative
>>> name servers for these “seized domains.” But they are not doing it at
>>> the Registrar level(by contacting the registrar for the domain and
>>> forcing them to update the authoritative name server info to point to
>>> NS1.SEIZEDSERVERS.COM, NS2.SEIZEDSERVERS.COM), but rather through the
>>> agency who controls the top level domain. In this case, all the
>>> “seized domains” appear to be .com and the agency/company who has the
>>> ICANN contract for this TLD is VeriSign(which also controls .net
>>> TLD). The changes are being made at the top-level authoritative name
>>> servers for the .com TLD, which would be the [a-m].gtld-servers.net.
>>> These are controlled by VeriSign(note: these top-level name servers
>>> are also authoritative for .net and .edu TLDs).
>>>
>>> So, VeriSign, the owner of the .com TLD, is working in cooperation
>>> with DHS, and it appears immixGroup IT Solutions has what we might
>>> call an “IT Support Ticket system” setup with VeriSign.
>>>
>>> That web servers are not being seized and web content not being
>>> deleted can easily be verified by clicking this link,
>>> http://208.101.51.57, which is the original IP Address of a seized
>>> domain, *torrent-finder.com*. It’s still up, and it appears it has
>>> registered a new domain, *torrent-finder.info*, that resolves to the
>>> original IP address. This site is being hosted by SoftLayer
>>> Technologies in Dallas, TX. So, it is certainly within US
>>> jurisdiction to be shut down if there was “a case to be made.”
>>>
>>> Now the .info TLD is not controlled by VeriSign; it’s controlled by
>>> Afilias <http://en.wikipedia.org/wiki/Afilias>. So, an interesting
>>> little experiment would be to see if the *torrent-finder.info* domain
>>> remains up. As of now, we can only conclude that there is back deal
>>> between DHS and VeriSign that makes any .com or .net domain subject
>>> to seizure by the actions of immixGroup IT Solutions.
>>>
>>> Lastly, there has been some speculation that this recent business of
>>> “domain seizure” portends the same tactics being used to seize the
>>> “wikileaks.org” domain. From a technical standpoint, understand that
>>> the .org TLD is not controlled by VeriSign; it is controlled by the
>>> Public Interest Registry. An interesting thing however: PIR has
>>> contracted out the technical operations to Afilias. So, if we were to
>>> see *torrent-finder.info* similarly seized, then this would mean that
>>> Afilias is also in cahoots with DHS, which could imply the .org TLD
>>> could be subject to the same type of “domain seizures.” As of now,
>>> there is no evidence of that. And, it should be clear, these type of
>>> domain seizures are completely different than the 2008 attempted
>>> shutdown of wikileaks.org by the US government. In that case, a U.S.
>>> District Court issued an injunction ordering Dynadot, which was the
>>> registrar for the domain, to remove all traces of Wikileaks from its
>>> records. That didn’t hold up.
>>>
>
--
Sent from my mobile device
Cheers,
McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there." Jon Postel
____________________________________________________________
You received this message as a subscriber on the list:
governance at lists.cpsr.org
To be removed from the list, send any message to:
governance-unsubscribe at lists.cpsr.org
For all list information and functions, see:
http://lists.cpsr.org/lists/info/governance
Translate this email: http://translate.google.com/translate_t
More information about the Governance
mailing list