29 Jun 2011

Domain name change raises possibility of cyber scams

The June 22 decision of the Internet Corporation for Assigned Names and Numbers to expand the internet's domain name system has spurred concerns about how such a change will affect internet security.

Starting in 2012, businesses will be able to brand their websites by using their company name as the top-level domain name. A June 28 article in the Massachusetts Institute of Technology publication Technology Review uses the examples ".coke," which would replace "coke.com."

This same Technology Review article addresses concerns about how this new way of naming sites will impact security. Cyber criminals who are willing to pay a $185,000 registration fee, and whose applications win approval from ICANN, could register a domain using the name of a well-known business and set up a bogus website to scam users. The Technology Review uses the example, ".wellsfargobank."

Though ICANN's board approved the domain name expansion in a 13-1 vote, the official ICANN document regarding the security implications of making this change acknowledges a dearth of research about how disruptive the change will actually be.

Under current United States law, false registration of a domain name in the course of committing a felony either doubles or adds seven years, whichever is less, to a convicted criminal's sentence.