It looks like crybecriminal organizations everywhere are receiving blow after blow. After having lost two of their major hosting providers in the U.S., online crooks are about to lose their favorite domain registrar, too. ICANN (Internet Corporation for Assigned Names and Numbers) announced that ending the Registrar Accreditation Agreement (RAA) with EstDomains would go ahead as planned, despite the registrar's appeal.
Earlier this month, the Estonian company EstDomains, the registrar harboring the vast majority of domains used to set up fake drug stores, push malware, launch phishing and spam campaigns, or serve illegal adult content, was hit by ICANN with a notice of accreditation agreement termination. The official reasoning behind the decision, as outlined in the notification letter signed by Stacy Burnette, ICANN's Director of Contractual Compliance, was that EstDomains’ President, Vladimir Tsastsin, had been convicted in Estonia on felonies in connection to financial activities, which represents a violation of the agreement.
A local Estonian Court convicted Mr. Tsastsin in February to three years in prison for credit card fraud, document forgery, and money laundering. “Absent receipt by ICANN of any document indicating that you were removed from the position of President, ICANN concludes that you maintained the position of President at EatDomains since the date of your conviction. EstDomains' RAA is being terminated based on your conviction and your status as President at EstDomains,” is explained in the letter sent to EstDomains and Vladimir Tsastsin on October 28.
The Internet authority later decided to halt the de-accreditation process after the Estonian company, which is also incorporated in Delaware, submitted new documents to reflect the change in administration, as well as the provisional nature of the lower court ruling. “To assess the merits of the claims made in EstDomains’ response, ICANN has stayed the termination process as ICANN analyzes these claims,” was announced on October 29.
The EstDomains response letter was sent by Konstantin Poltev, who was appointed as the new CEO of EstDomains in June, after Tsastsin allegedly resigned. “The decision to change the director of EstDomains, Inc. was made in January 2008, before the Estonian Circuit Court brought in a verdict for Vladimir Tsastsin [...] However, due to some juridical aspects the change of EstDomains, Inc Director has been adjourned ad interim,” Poltev also claims in the letter that ICANN was not notified by this change, because they were not aware that such a notification was mandatory.
Poltev comments on Tsastsin's conviction saying that the decision of the Circuit Court is not final and that an appeal was submitted. “In accordance with Estonian legislation the appeal to a Supreme Court cancels the previous verdict brought in against the convict,” explains Poltev, but it appears that ICANN's investigation into the claims has not resulted in a change of heart.
“On 7 November 2008, EstDomains was informed that, based on ICANN's findings, ICANN was proceeding with the termination of EstDomains' RAA, effective 24 November 2008,” announced the authority yesterday. The nearly 281,000 domain names managed by EstDomains will be transferred to another registrar interested in taking them, but given the nature of most of those domains, it’s hard to imagine that many are willing to associate themselves with such badness.
Cybercriminals have already reacted to EstDomains’ problems and not long ago a campaign phishing for domain account credentials targeted the customers of well-established registrars eNom and Network Solutions. This correlates with ISPs depeering McColo and Intercage, two companies known to offer hosting services to online criminals, and with the takedown of the HerbalKing network, considered to be the biggest spam operation in the world. All of these events are bound to affect people's online experience in a positive way, at least for now.