Skip to main content
Springer Nature Link
Log in

Extortion or Expansion? An Investigation into the Costs and Consequences of ICANN’s gTLD Experiments

  • Conference paper
  • First Online:
Passive and Active Measurement (PAM 2020)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 12048))

Included in the following conference series:

Abstract

Since October 2013, the Internet Corporation of Assigned Names and Numbers (ICANN) has introduced over 1K new generic top-level domains (gTLDs) with the intention of enhancing innovation, competition, and consumer choice. While there have been several positive outcomes from this expansion, there have also been many unintended consequences. In this paper we focus on one such consequence: the gTLD expansion has provided new opportunities for malicious actors to leverage the trust placed by consumers in trusted brands by way of typosquatting. We describe gTLDtm (The gTLD typosquatting monitor) – an open source framework which conducts longitudinal Internet-scale measurements to identify when popular domains are victims of typosquatting, which parties are responsible for facilitating typosquatting, and the costs associated with preventing typosquatting. Our analysis of the generated data shows that ICANN’s expansion introduces several causes for concern. First, the sheer number of typosquatted domains has increased by several orders of magnitude since the introduction of the new gTLDs. Second, these domains are currently being incentivized and monetarily supported by the online advertiser and tracker ecosystem whose policies they clearly violate. Third, mass registrars are currently seeking to profit from the inability of brands to protect themselves from typosquatting (due to the prohibitively high cost of doing so). Taken as a whole, our work presents tools and analysis to help protect the public and brands from typosquatters.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Halvorson, T., Der, M.F., Foster, I., Savage, S., Saul, L.K., Voelker, G.M.: From .academy to .zone: an analysis of the new TLD land rush. In: Proceedings of the 2015 Internet Measurement Conference, pp. 381–394. ACM (2015)

    Google Scholar 

  2. Korczyński, M., et al.: Cybercrime after the sunrise: a statistical analysis of DNS abuse in new gTLDs. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pp. 609–623. ACM (2018)

    Google Scholar 

  3. Halvorson, T., Levchenko, K., Savage, S., Voelker, G.M.: XXXtortion? Inferring registration intent in the. XXX TLD. In: Proceedings of the 23rd International Conference on World Wide Web, pp. 901–912. ACM (2014)

    Google Scholar 

  4. Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581–590. ACM (2006)

    Google Scholar 

  5. Agten, P., Joosen, W., Piessens, F., Nikiforakis, N.: Seven months’ worth of mistakes: a longitudinal study of typosquatting abuse. In: Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015). Internet Society (2015)

    Google Scholar 

  6. Szurdi, J., Kocso, B., Cseh, G., Spring, J., Felegyhazi, M., Kanich, C.: The long “taile” of typosquatting domain names. In: USENIX Security Symposium, pp. 191–206 (2014)

    Google Scholar 

  7. Khan, M.T., Huo, X., Li, Z., Kanich, C.: Every second counts: quantifying the negative externalities of cybercrime via typosquatting. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 135–150. IEEE (2015)

    Google Scholar 

  8. Nikiforakis, N., Van Acker, S., Meert, W., Desmet, L., Piessens, F., Joosen, W.: Bitsquatting: exploiting bit-flips for fun, or profit? In: Proceedings of the 22nd International Conference on World Wide Web, pp. 989–998. ACM (2013)

    Google Scholar 

  9. Banerjee, A., Barman, D., Faloutsos, M., Bhuyan, L.N.: Cyber-fraud is one typo away. In: IEEE INFOCOM 2008: The 27th Conference on Computer Communications, pp. 1939–1947. IEEE (2008)

    Google Scholar 

  10. Banerjee, A., Rahman, Md.S., Faloutsos, M.: SUT: quantifying and mitigating URL typosquatting. Comput. Netw. 55(13), 3001–3014 (2011)

    Google Scholar 

  11. McAfee (2019). https://www.mcafee.com/en-us/index.html. Accessed 20 Oct 2019

  12. Holgers, T., Watson, D.E., Gribble, S.D.: Cutting through the confusion: a measurement study of homograph attacks. In: USENIX Annual Technical Conference, General Track, pp. 261–266 (2006)

    Google Scholar 

  13. Stout, B., McDowell, K.: System and method for combating cybersquatting. US Patent App. 13/612,603, 3 January 2013

    Google Scholar 

  14. ICANN Centralized Zone Data Service (2019). https://www.icann.org/resources/pages/zfa-2013-06-28-en. Accessed 20 July 2019

  15. ICANN-CZDS (2019). https://czds.icann.org/home. Accessed 20 Oct 2019

  16. Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1388–1401. ACM (2016)

    Google Scholar 

  17. GoDaddy (2018). https://www.godaddy.com/. Accessed 20 Aug 2018

  18. NameCheap (2018). https://www.namecheap.com/. Accessed 20 Aug 2018

  19. Nithyanand, R., Starov, O., Gill, P., Zair, A., Schapira, M.: Measuring and mitigating AS-level adversaries against Tor. In: 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, 21–24 February 2016 (2016)

    Google Scholar 

  20. Trade Mark Clearing House (2019). https://www.trademark-clearinghouse.com/. Accessed 29 Oct 2019

  21. EasyList (2018). https://easylist.to/. Accessed 20 Aug 2018

  22. Google AdSense (2019). https://www.google.com/adsense/. Accessed 20 Oct 2019

  23. OpenDNS (2018). www.opendns.com. Accessed 20 Aug 2018

  24. Virustotal (2018). www.virustotal.com. Accessed 20 Aug 2018

  25. Chen, Q.A., Osterweil, E., Thomas, M., Mao, Z.M.: MitM attack by name collision: cause analysis and vulnerability assessment in the new gTLD era. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 675–690. IEEE (2016)

    Google Scholar 

  26. Nikiforakis, N., et al.: You are what you include: large-scale evaluation of remote Javascript inclusions. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 736–747. ACM (2012)

    Google Scholar 

  27. Wang, Y.-M., Beck, D., Wang, J., Verbowski, C., Daniels, B.: Strider typo-patrol: discovery and analysis of systematic typo-squatting. In: SRUTI 2006, pp. 31–36 (2006)

    Google Scholar 

  28. Vissers, T., Joosen, W., Nikiforakis, N.: Parking sensors: analyzing and detecting parked domains. In: Proceedings of the 22nd Network and Distributed System Security Symposium (NDSS 2015), pp. 53–53. Internet Society (2015)

    Google Scholar 

  29. Plohmann, D., Yakdan, K., Klatt, M., Bader, J., Gerhards-Padilla, E.: A comprehensive measurement study of domain generating malware. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 263–278 (2016)

    Google Scholar 

  30. The Media Trust (2018). https://mediatrust.com/media-center/real-fake-news-spoofed-domains-are-targeting-major-media-outlets. Accessed 20 Aug 2019

  31. Domain Name Stat. Domain name registration’s statistics. https://domainnamestat.com/

  32. ICANN. About the program: ICANN new gTLDs. https://newgtlds.icann.org/en/about/program

  33. ICANN: gTLD Applicant Guidebook, June 2012

    Google Scholar 

  34. Burkert, H., et al.: Accountability and transparency at ICANN: an independent review (2010)

    Google Scholar 

  35. Association National of Advertisers: ICANN generic top level domain developments: ANA. http://www.ana.net/content/show/id/icann

  36. Leibowitz, J., Rosch, T., Ramirez, E., Brill, J.: Consumer protection concerns regarding new gTLDs, December 2011

    Google Scholar 

  37. ICANN: New gTLD auction proceeds: ICANN new gTLDs. https://newgtlds.icann.org/en/applicants/auctions/proceeds

  38. ICANN: Base registry agreement, July 2017

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Massachusets, Amherst, MA, USA

    Shahrooz Pouryousef & Phillipa Gill

  2. University of Iowa, Iowa, IA, USA

    Muhammad Daniyal Dar & Rishab Nithyanand

  3. University of Wisconsin-Madison, Madison, WI, USA

    Suleman Ahmad

Authors
  1. Shahrooz Pouryousef
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muhammad Daniyal Dar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Suleman Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Phillipa Gill
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Rishab Nithyanand
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shahrooz Pouryousef .

Editor information

Editors and Affiliations

  1. University of Twente, Enschede, The Netherlands

    Anna Sperotto

  2. University of California, San Diego, CA, USA

    Alberto Dainotti

  3. University of Zürich, Zürich, Switzerland

    Burkhard Stiller

Appendix

Appendix

1.1 A.1 ICANN and gTLD Expansions

In this section, we provide a high-level overview of how gTLDs have been expanded over the years and the role that ICANN plays in regulating these expansions. Since 1998, the Internet Corporation for Assigned Names and Numbers (ICANN), has been responsible for administering the Internet Domain Name System (DNS). This role has included the authority for establishing new top-level domains (TLDs). TLDs have historically been classified into: (1) TLDs reserved for countries and territories (country-code TLDs or ccTLDs), (2) a TLD reserved for Internet infrastructure (infrastructure TLD: .arpa), and (3) TLDs that may be used for other purposes (generic TLDs or gTLDs).

gTLD Expansion Between 1984 and 2012. Between 1984 and 2000, the number of gTLDs increased from five to seven with .net and .int added to the “core” set (.com, .edu, .gov, .mil, and .org). Of these seven, three TLDs – .com, .net, and .org – have always been open to public registration with the other TLDs being reserved for use by specific organizations such as universities (.edu) and government entities (.gov). Starting in 1998, ICANN began considering a more “open” gTLD program which would allow private entities to act as registries and manage new gTLDs. Following a public call for proposals in August 2000 and a two-month period for public comment, ICANN announced seven new gTLDs in November 2000 (.aero, .biz, .coop, .info, .museum, .name, and .pro). The process was repeated again in 2004, resulting in the introduction of six new gTLDs (.asia, .cat, .jobs, .mobi, .tel, and .travel). Between 2004 and 2012, only two other gTLDs – .xxx and .post – were added. By the end of 2012, the Internet had 22 gTLDs – of which 15 were open to public registration. As of August 2013, the 15 additions to the 7 core gTLDs accounted for 3% of all domain registrations while the 7 core gTLDs accounted for 51% of all domain registrations on the Internet (ccTLD domain registrations accounted for 35%) [31].

The 2012–2013 gTLD Expansion. In 2008, citing the success of the previous gTLD expansions in 2000 and 2004, ICANN approved new policies to facilitate the large-scale creation of new gTLDs with the stated goal of “enhancing innovation, competition, and consumer choice” [32]. Following the creation and multiple revisions of a guide for the application process of new gTLDs, in 2011 steps were taken to enable the registration of new gTLDs. These guidelines are still applicable today. In order to register a new gTLD, a registry needs to demonstrate capabilities to handle technical, operational, and business operations related to the handling of registrar relationships and submit a $185K application and evaluation fee [33]. Applications for new gTLDs were opened in 2012 following criticism and protest from Internet societies, including Harvard’s Berkman Center for Internet & Society [34], the Association of National Advertisers [35], and the United States Federal Trade Commission [36] which primarily cited the lack of transparency in the evaluation process, potential for trademark infringement and other generally malicious conduct. By 2013, over 1,900 applications were received of which 1,543 were granted and 1,208 are still active today. Contested gTLD registration applications were resolved by a bidding process. As of July 2016, the ICANN netted a profit of $233M from the bidding process alone [37]. As of August 2018, the 1,208 active new gTLDs accounted for 9% of all domain registrations on the Internet [31]. We note that statistics regarding the registration of new gTLD domains have not been updated on the ICANN website since 2015 and are only available through other third-party services.

Registry Responsibilities and Guidelines. Following the delegation of a gTLD, a registry is required to perform certain responsibilities related to maintenance of the gTLD. A full specification of these requirements is available online [38]. We summarize the requirements that are relevant to our study below.

  • WHOIS services. Registries are required to maintain a fully responsive and searchable WHOIS service available via port 43 and through a web-based interface.

  • Zone files. Registries are required to provide public access to their current zone files via the Centralized Zone Data Access (CZDA) provider [14]. In order for a member of the public to gain access to the zone file, they need to provide “information sufficient to correctly identify and locate” themselves. These may include an organization name and address, IP address, etc. There is no specified time within which a registry is required to provide a response.

  • Protected domains. All registries owning and operating an open gTLD are subject to a sunrise period of 30 days. During this period, domains may only be registered by organizations registered with ICANNs Trade Mark Clearing House (TMCH). Following this period, all domains are open for public registration – regardless of their trademark status and any trademark disputes are to be resolved using ICANN services. All costs associated with disputes, trademark verification, and TMCH registration are to be paid by the trade mark holder. Further, the TMCH will only accept domains as trademarked if the following criteria are met (examples are demonstrated with the organization “ICANN Example”): (1) exact match rule—icannexample.org is a valid trademark domain, (2) hyphen for spaces/special characters rule—icann-example.org is a valid trademark domain. All other domain variations, including plurals are considered invalid (e.g., icann-examples.org).

We note that we were unable to find documents relating to how compliance with these responsibilities were to be monitored or enforced.

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pouryousef, S., Dar, M.D., Ahmad, S., Gill, P., Nithyanand, R. (2020). Extortion or Expansion? An Investigation into the Costs and Consequences of ICANN’s gTLD Experiments. In: Sperotto, A., Dainotti, A., Stiller, B. (eds) Passive and Active Measurement. PAM 2020. Lecture Notes in Computer Science(), vol 12048. Springer, Cham. https://doi.org/10.1007/978-3-030-44081-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-44081-7_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-44080-0

  • Online ISBN: 978-3-030-44081-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics