The organization that oversees the Internet’s domain name system is going to have to find a new leader.

Today at the opening session of ICANN’s international meeting in Mexico City, Paul Twomey announced his intention to step down as the group’s president and CEO by the end of the year.

Twomey has headed the organization since 2003, following a four-year stint as chairman of ICANN’s Governmental Advisory Committee. At the request of the board of directors, Twomey said he plans to remain with the group for a transitional period after his replacement is named. During that time, he will serve in the new position of senior president.

Tributes poured in from Internet luminaries in response to Twomey’s announcement.
“I can think of no other person who has had more influence on the course of ICANN’s evolution than Paul,” Vint Cerf, Google’s chief Internet evangelist and a former ICANN chairman, said in a statement. “We owe him a great debt for long and faithful service and I owe him personal thanks for his counsel during my time on the board. The board will be challenged to find a worthy and capable successor.”

As head of ICANN, Twomey helped set the stage for the most dramatic expansion in the Internet suffixes, known as global Top-Level Domains (gTLDs), since the nonprofit’s inception.

Internet addresses have traditionally been confined to familiar suffixes like .com and .org. But in June, ICANN’s board approved a measure to allow site operators to select their own gTLDs, inviting the potential for a virtual land grab.

“The potential here is huge. It represents a whole new way for people to express themselves on the Net,” Twomey said at the time of the board’s decision. “It’s a massive increase in the ‘real estate’ of the Internet.”

ICANN is planning to open the application period for new gTLDs in the second quarter. Global TLDs are distinct from country-specific suffixes like .ca (Canada) and .au (Australia), which are referred to as country-code Top-Level Domains, or ccTLDs.

Prior to his tenure at the helm of ICANN, Twomey held a variety of tech posts in the public and private sectors, serving as the Australian government’s Special Adviser for the Information Economy and Technology. He was also the founding CEO of the National Office for the Information Economy, the Australian government’s top IT agency.

Immediately before taking over at ICANN, Twomey founded Argo P@cific, an international investment and consulting firm.

In a statement, Twomey said that he had previously expressed his intention to step down, indicating that he plans to continue work on Internet issues, but in a different capacity.

“While I am deeply and personally committed to ICANN and its success, I think this is the right time for me to move on to another leadership position in the private or international sectors,” he said.

internetnews.com

The Internet Corporation for Assigned Names and Numbers (ICANN) has announced it will delay shutting down EstDomains, an Internet registrar accused of having ties with spammers.

ICANN sent a letter to EstDomains saying it would pull the company’s accreditation on November 12 and transfer the 281,000 domains under its management to another registrar.

ICANN has the authority to revoke a registrar’s accreditation if an executive of the company has been convicted of a felony or misdemeanor related to financial activities.

EstDomain’s president, Vladimir Tsastsin, was convicted of credit card fraud, money laundering and document forgery in an Estonian court on February 6, according to ICANN.

EstDomains is arguing that Tsastsin resigned as president in June and that his conviction is on appeal with Estonia’s Supreme Court.

CEO Konstantin Poltev wrote in a letter to ICANN stating that EstDomains was not required to notify the organization about its executive changes. EstDomains is trying to keep its accreditation and included a document that showed Tsastin’s resignation in June.

ICANN said it is taking more time to assess the merits of the claims and has stayed the termination process.

“ICANN will take all reasonable measures to protect the interests of registrants during the stay period and the subsequent termination process that may follow,” ICANN officials said.

The Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit who oversees the management of domains names and IP addresses, has dropped the accreditation for EstDomains, essentially ending their ability to process new domain orders for any Top-Level Domain.

ICANN is the authority when it comes to domain names and IP addresses. Nothing happens on the Internet without their having some role in it. If a company allows registrations of new domain names, or transfers, then they must be accredited by ICANN to do so. If an ISP issues new IP addresses, ICANN will have a role to play in this as well.

EstDomains, with almost 300,000 domains, is the 49th largest domain registrar online. The bulk of their business is domain registrations, but the company also offers managed DNS, SSL Certificates, and E-Mail services. They have a reseller program as well, for customers to buy and sell bulk domain addresses.

Washington Post reporter Brian Krebs started an investigation that linked EstDomains to several websites, numbered in the thousands, that host malicious software, Spam, and in general named them as a haven for criminals online. The investigations into EstDomains started in September.

Around that time, Krebs discovered evidence that the President of EstDomains, 27-year-old Vladimir Tsastsin, was found “…guilty of entering illegal data into card payment systems of Internet stores for the purpose of material gain, creating forged documents, using forged documents, and money laundering.”

“I wondered why would a company like EstDomains keep a chief executive on who was sent to prison for cyber fraud…I asked that very question of Hillar Aarelaid, team director of the Estonian Computer Emergency Response Team (CERT Estonia). Aarelaid maintains that Tsastsin long ago ceded control of EstDomains to organized cyber criminals in Russia,” Krebs wrote in one of his articles on the subject.

“To understand EstDomains, one needs to understand the role of organized crime and the investments coming from that, their relations to hosting providers in Western nations and the criminals who ply their trade through these services,” Aarelaid said.

Indeed, according to both the investigations by Krebs and other security company’s, EstDomains has been a long bedfellow of the RBN (Russian Business Network), the premier collective of organized criminals online.

EstDomains called Krebs and his reports “Yellow Journalism” and one spokesperson for the company, Konstantin Poltev, told the Security Fix reporter, “I sincerely hope that you will [choose] Google for your further investigation and gather the information without using the sources you have indicated as reliable. I assume that the independent investigation shall definitely show you that the person, who granted us the ‘cybercrime registrar’ title, has made a mistake.”

However, the constant pressure from security experts and journalists like Krebs and the team from The Register caused EstDomains’ ISP Interchange (Atrivo) to be shut down; leading to, among other things, a severe drop in some types of Spam, and the reported death of the Storm network.

The investigations, the bad press, and the pressure from several sources have all led to the announcement Tuesday that ICANN de-accredited EstDomains.

“Dear Mr. Tsastsin,” the letter starts, “Be advised that the Internet Corporation for Assigned Names and Numbers (ICANN) Registrar Accreditation Agreement (RAA) for EstDomains, Inc. (Customer No. 919, IANA No. 832) is terminated. Consistent with subsection 5.3.3 of the RAA, this termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction. This termination shall be effective within fifteen calendar days from the date of this letter, on 12 November 2008.”

The letter adds that ICANN is seeking, “Expressions of Interest from Registrars to Receive Bulk Transfer of Names from De-Accredited Registrar EstDomains.”

“I never thought I’d see the day! ICANN found it’s dentures down the back of the sofa and [has] taken a bite out of the [criminal’s] domain registration empire. ESTDomains will no longer be a registrar as of Nov 12th,” wrote McAfee’s Chris Barton in an Avert Labs blog post. “So I’ve got a question… Who’s got the balls to take on ESTDomains problems customers?”

“This is almost 2 years too late and took far too much media attention to shake their tree. The worst of the criminals left EST for other registrars after the “defecation meets the rotary oscillator” in August, but never the less, that (so I’m told) this is quick for ICANN…”

Another security pundit, Gadi Evron, said, “I believe this is a very positive step from ICANN, showing it is indeed an active part in shaping the Internet, as well as responsible to its constituents. While I am sure this can not be an easy move to make, it is warranted in this case and I believe it to be a brave one. While such decisions must not be made rashly, it is my deepest regret WHOIS information is the only way to reach such ends.”

This is good news for security companies who fight malicious domains, Spam and other crimes online. Yet, for a company that makes a bulk of its money from domain sales, the future is bleak at best. EstDomains made no comment on ICANN’s actions and has defended its business model when faced with negative press.

Starting in mid-November, countries and territories will be able to apply to show domain names in their native language, a major technical tweak to the Internet designed to increase language accessibility.

On Friday, the Internet’s addressing authority approved a Fast-Track Process for applying for an IDN (Internationalized Domain Name) and will begin accepting applications on Nov. 16.

The move comes after years of technical testing and policy development, said the Internet Corporation for Assigned Names and Numbers (ICANN), which held a meeting in Seoul this week.

Currently, domain names can only be displayed using the Latin alphabet letters A-Z, the digits 0-9 and the hyphen, but in future countries will be able to display country-code Top Level Domains (cc TLDs) in their native language. ccTLDs are those that have a two-letter country designation at the end of a domain name.

In reality, the new domain names will be stored in the DNS as sequences of letters and numbers beginning xn-- in order to maintain compatibility with the existing infrastructure. The characters following the xn-- will be used to encode a sequence of Unicode characters representing the country name.

One of the primary concerns with implementing IDNs is the security and stability of the Domain Name System (DNS). That system enables the translation of domain names written with characters and digits into IP (Internet Protocol) addresses, which can then be queried by a Web browser.

ICANN said it would initially allow for a "limited" number of IDNs, which are subject to ICANN’s approval and stability testing. Still, there are likely to be hiccups, ICANN warned.

"The usability of IDNs may be limited, as not all application software is capable of working with IDNs," ICANN said in a59-page proposal dated Sept. 30 that describes the Fast Track process. "It is up to each application developer to decide whether or not they wish to support IDNs. This can include, for example, browsers, email clients, and sites where you sign up for a service or purchase a product and in that process need to enter an e-mail address."

ICANN has set some language restrictions for IDNs: they must be in an official language of a country or territory and have legal status or at minimum "serve as a language of administration."

According to the proposal, ICANN will charge registries US$26,000 for an evaluation processing fee, which can be paid in the local currency. ICANN would also like an annual contribution fee of 3 percent of a registries revenue, which can be as low as 1 percent for low-volume registries. For both fees, registries can request a fee waiver, ICANN said.

Verizon Communications, the telecommunications company, has been awarded $33.2 million in a lawsuit against an Internet services company that it claimed had registered hundreds of domain names with Verizon trademarks.

The default judgment of $50,000 for each of 663 addresses registered by the Internet company, OnlineNic, was issued last Friday by United States District Judge Jeremy D. Fogel in San Jose, Calif. Judge Fogel froze OnlineNic’s assets and ordered the transfer to Verizon of all identical or confusingly similar addresses.

Verizon sued OnlineNic of San Francisco in June, accusing the company of trademark infringement and illegal “cyber squatting,” or registering addresses intentionally to confuse Web users. Such knockoff names often take users to pages that advertise competing products, Verizon said.

“This case should send a clear message and serve to deter cybersquatters who continue to run businesses for the primary purpose of misleading consumers,” Sarah Deutsch, an associate general counsel at Verizon, said Wednesday in a statement.

Verizon sought as much as $66.3 million in damages over names that included myverizonwireless.com, iphoneverizonplans.com and verizon-cellular.com.

OnlineNic registered more than 900,000 domain names similar to some of the world’s biggest companies, including Google, Adidas, the News Corporation’s MySpace, Wal-Mart Stores and Yahoo, Verizon said in court papers. Verizon accused OnlineNic of using an automated process to register the addresses and employing “numerous means to conceal its true identity.”

OnlineNic’s Web site says the company has been an accredited registrar since 1996 for the Internet Corporation for Assigned Names and Numbers, or Icann, the organization that oversees the functioning of the Internet.

OnlineNic did not immediately respond to e-mail messages seeking comment. Directory assistance could not provide a number for the company. No lawyers for the company were listed on the court docket.