analysis Shielding Brands: An In-depth Analysis of Defensive Domain Registration Practices against Cyber-squatting

[Future Sensors]

Shielding Brands: An In-depth Analysis of Defensive Domain Registration Practices against Cyber-squatting

Ben Chukwuemeka Benjamin, Jan Bayer, Simon Fernandez, Andrzej Duda, Maciej Korczynski

TMA Conference
May 21-24, 2024, Dresden, Germany

2024 Conference website: https://tma.ifip.org/2024/
2024 Program: https://tma.ifip.org/2024/program/

Session: Domain Use and Misuse

Abstract

In the digital era, establishing a robust online presence is paramount for brand recognition and trust. However, malicious actors may abuse trust in brand domains with cyber-squatting—registering domain names resembling legitimate ones to deceive users. To counter this threat, brand owners defensively register domain names similar to the original ones, but this protection technique results in increased complexity and financial burden. This paper investigates defensive registration strategies by analyzing 370 prominent brands targeted by cyber-squatters. We provide insight into the activities of leading defensive registrars and highlight the insufficient usage of defensive mechanisms provided by ICANN. Our findings reveal the need for stronger defensive strategies and result in recommendations to enhance brand protection against cyber-squatting.

PDF Link

https://tma.ifip.org/2024/wp-content/uploads/sites/13/2024/05/tma2024-final44-1.pdf

 

[CraigD]

Thanks Future Sensors, a very interesting study.

I must say the the section of cybersquating by utilising "bit-squatting" techniques (section B/5) piqued my interest. I wonder how often bit-flips actually occur in DNS servers? Is there any history of this actually occuring where domain traffic was bit-flipped to a bad-actor domain?

 

[Future Sensors]

Hi @CraigD!

Glad to hear you enjoyed reading this in depth.

The interesting thing about this research is that it essentially brings together different disciplines, like brand protection, cyber security, legitimate domain investing, and domain squatting.

A domain can be registered without any malicious intent and look very similar to that of a well-known company due to just one character difference, but it can also be registered with malicious intent to be used in phishing attacks, or bitflip attacks. Or a domain can be registered to immediately put up for sale via a marketplace and make some profit that way.

The exact intent behind a registration is important to understand, as domain name attorney @jberryhill will be able to confirm from his field of expertise in UDRP matters. Sometimes it is immediately clear that one wants to mislead, divert, or profit, other times it is more difficult to assess. Studying patterns and circumstances is important.

Regarding the specific bitflip operation as discussed in section B5, I'm not able to provide current figures, since I have not done any research into this myself. Moreover, as mentioned, the intent of a particular domain registration is not always clear.

There is a very educational Defcon video from 2015, in which the operation of this principle is fully discussed. Note in particular that bitflips can occur not only on DNS servers, but also on home computers and countless other devices along the way. This is also discussed in the video.

The risks involved will vary from company to company. Companies will need to remain aware of all modern techniques (attack vectors) used, and protect their property accordingly. Fortunately, various commercial solutions offer assistance in flagging suspicious types of domain registrations, regardless of intent, and bringing them to the attention of clients.

Sometimes, something does not have to be widespread for it to be taken seriously.

On a major forum like NamePros, many naming professionals from all disciplines come together. Not only the numerous individual domain investors and domain brokers, but also the largest domain registrars, domain registries, IETF engineers who create protocols, policy makers at ICANN, security vendors and branding agencies. Fortunately, if NamePros members behave irresponsibly or unethically during domain registrations, they will be addressed by the community and the excellent moderation teams. As it should be.