mail mail mail
Domain names

AFNIC new procedures for fighting against identity theft!

[11/06/2019]

AFNIC creates a new system to fight against identity theft in Whois data.

A disguised anonymity

This practice is unfortunately common and concerns all extensions. Many extrajudicial procedures (Syreli, UDRP) reveal these actions, which can be explained by two main reasons:

  • Hiding a fraudulent reservation

The Whois is declarative: no serious verification is imposed on registrars. Cybersquatters and counterfeiters therefore regularly abuse this system by entering false information so as not to reveal their identity. To avoid flagrant cases (John Doe, 52 Champs Elysées 75008 Paris), using an existing identity is common.

The practice is booming with the development of phishing campaigns and, in particular, Spear Phishing, where the domain name used is often registered in the name of the CEO / CTO in order to deceive, hide, or delay the detection of the fraudulent nature of the registration.

For example, Philip Morris was a victim of this practice, as highlighted in decision UDRP D2017-0782:

This is evidently a fraudulent misidentification by the unknown person who actually registered the Domain Name, who shall be referred to hereafter as the Respondent. The name given by the Respondent at that time is that of the Complainant’s president and CEO, and the postal address given for the registrant is the address of the Complainant’s headquarters”

  • Respecting the conditions of eligibility

To "apparently” comply with the eligibility conditions of .FR domain names, non-European holders steal identities on the internet, including directories. This practice has particularly developed over the last years with the booming of the SEO sector, counterfeiters’ interest for expired domain names, and the explosion of the BackOrder market.

In order not to be identified, while complying with the conditions of eligibility, these individuals massively file domain names under the identity of French citizens.

This sometimes leads to original cases, such as the recovery of the domain name <cocusdenicolassarkozy.fr> (<cukfoldsofnicolassarkozy.fr>) to sell infringing tongs, using Whois data which were apparently stolen.

(@163.com which is a very popular free webmail in China shows the real identity of the holder)

A growing practice

From 2015 to 2017 AFNIC identified 50 applications related to this practice for 115 domain names.

While the French registry was already dealing with this type of disputes and communicated about this topic, the process was simplified on 4 June 2019 with two new procedures.

AFNIC new procedures

AFNIC has just published two new procedures allowing both to identify potential cases of infringement, and to act against them. These procedures can therefore be cumulative or alternative.

It should be recalled that, by default, AFNIC opts for a restricted distribution of data relating to natural persons, in accordance with its charter and the legislation on personal data:

    “In  compliance  with  the  request  of  the  France's  data  protection  authority  (CNIL)and according  to  GDPR,  when  a  domain  name  is  registered  by  an  individual,  the  registrant may opt by default for the "restricted distribution" option.

.When this option is chosen, no personal data (name, address, telephone, fax, and e-mail  address)  is  distributed  online  within  the  Whois  database,  except  for  technical information only (technical contact -Registrar details and DNS servers).”

Therefore, it is difficult, if not impossible, to identify domain names registered under a given identity.

Reverse Whois: identifying domain names that use my personal data

First, AFNIC provides a form allowing to identify all .FR domain names whose Whois data contain personal data of natural persons.

    “This  form  allows  you  to  request  that  Afnic communicate the   information about you   in the   Whois database and thus to know exactly which domain names have been registered using your identity under the TLDs operated by Afnic, namely: fr,  .pm, .re, .tf, .wf, and .yt.”

However, this procedure will be limited to information provided to registrars by potentially fraudulent reservists. It is also not clear whether the information is searched cumulatively or alternatively:

  • exact combination: name + first name + phone + address
  • or, search on the phone number only, sole combination of name and surname, etc.

Procedure for the deletion of domain names filed under a false identity

Following the first step, the French register allows to highlight disputed domains and to ask for their deletion.

Filing a complaint will nevertheless be a prerequisite for the processing of the application:

As  a   victim,  you    must     file   a   complaint  with    a   police  station or  gendarmerie citing  the   known  domain names  and associated identifiers for  which your  personal data    have   been used without your    knowledge”.

If the registrar is unable to validate the identity of the owner, AFNIC will delete the domain names using this information. More precisely, the HANDLES NICs identified will be deleted, and the registrar will delete such domain names due to the lack of validation of identity (subsequent control).

Actions at the expenses... of the victims!

A disputed domain name registered under a false identity was the subject of legal proceedings before the Paris Court of first instance. The individual mentioned in the Whois data and whose identity had been stolen had to respond to this infringement before the Court of first degree.

ln a surprising decision dated of 2 March 2017, the Paris Court recognized the responsibility of this individual, who was the victim of an identity theft in the whois data, because the same did not act strongly enough to request the deletion of the domain name.

Accordingly, this individual will be condemned by the Court:

"As the losing party in the dispute, Mrs. Y. who did not take with sufficient diligence the steps necessary for the transfer or deletion of the disputed domain name will be ordered to pay Mrs. X. the sum of Euros 800 pursuant to Article 700 of the Code of Civil Procedure and to bear the entire costs of the proceedings.” 

It is a double punishment for the victim to be unduly associated with a legal action and to bear the costs therefor.

Further to this case law precedent, we can only welcome these two new AFNIC procedures and invite any victim to proceed shortly with the verification of their data within the Whois data, and request the deletion of the domain names at issue.

L’auteur :

Gaël Mancec | ICT expert
Germain Maureau
gael.mancec@germainmaureau.com
+ 33 (0) 4 72 69 84 30

Share on