Pirate Bay domain suspended thanks to controversial verification system

File-sharing site didn't verify its Whois – and disappeared


The Pirate Bay's .org addresses have been suspended as part of a controversial verification process run by domain name overseer ICANN.

Visitors to "thepiratebay.org" are greeted with the message: "This domain name has been suspended. This domain name is pending ICANN verification and has been suspended. If you are the owner of this domain you can reactivate this domain by logging into your account."

That verification process has been in place for some time and has led to the suspension of over one million domain names, but this is perhaps the most high-profile example of a website being taken offline as a result.

Broadly, the companies that sell domains to users – called registrars – are now required to send a verification email to the domain name holders every time a new domain is registered or the domain details are modified. But in this case it's more likely that the suspension was a result of the annual validation email that registrars are obliged to send as well.

And it is this final requirement – under the revised 2013 contract that ICANN has with most of its registrars – that is causing a lot of problems.

In theory, the validation process is extremely easy: you receive an email from your registrar and simply have to click on a link to verify that the domain's registration information is true and accurate. Then you are done.

If you fail to do so however, 15 business days later there is a very real risk that your domain could be suspended. The suspension is under ICANN's control and there is little or nothing that your registrar can do about it. The problem of course is the system relies on people receiving and responding to an email.

Nice email

In Pirate Bay's case, that email address is "auto560120@hushmail.com," which belongs to Pirate Bay founder Fredrik Neij. Neij's Whois details are in fact inaccurate, as they still list his Swedish address while he currently lives in Laos. That email address is also associated with a number of other Pirate Bay domains including: piratebay.org, thepiratebay.com, piratebrowser.com, piratebaytorrents.info, anonfiles.com, piratebrowser.net, thepiratebay.pe, and thepiratebay.sx.

It's not known if Neij doesn't have access to that Hushmail account any longer, or if he hasn't checked it for a while, or he didn't bother to respond, or the verification email simply went into his spam folder and he didn't see it. But the fact that it has taken down a high-profile website will add fuel to the critics' fire.

Registrars can verify a domain through other means, such as calling the supplied telephone number, talking to the owner and then sending a formal response to ICANN providing the time, date, and call details. But in reality, very few registrars want to deal with the extra workload this would bring. It's also likely that in this case, Neij's Sweden phone number no longer works.

The whole verification process was introduced at the behest of law enforcement, which has long been frustrated with the wildly inaccurate Whois system that helps criminals to hide their identities when they register domain names.

Lies, damn lies, and statistics

As a part of agreeing to add the suspension element into their contract, registrars requested that law enforcement provide them with statistics to demonstrate that the policy was indeed helping to tackle crime. Those statistics have been notoriously difficult to get hold of however, leading to some testy exchanges at ICANN's public meetings over the past year.

Statistics produced by ICANN's compliance office show that over 80 per cent of the complaints it receives concern "whois inaccuracy."

Critics argue that having a verification process to register a domain name and so get a website up and running is very different from requiring people to respond to an email every year to keep the website up. They also question the logic of asking people to click on links in an email; most sysadmins actively warn users not to do exactly that for risk of being phished or otherwise compromised (and ICANN knows this only too well, having had its systems compromised by this very approach).

The current feeling within the registrar industry is that this domain suspension service is causing constant problems for little or no benefit. Law enforcement – particularly IP lawyers – will no doubt be secretly pleased that the process had taken down The Pirate Bay's website, however.

As to whether they will prompt them to provide statistics on the program's effectiveness, or push the registrars into revising their contract to pull it out – that remains to be seen. ®

Similar topics


Other stories you might like

  • While the iPhone's repairability is in the toilet, at least the Apple Watch 7 is as fixable as the previous model

    Component swaps still a thing – for now

    Apple's seventh-gen Watch has managed to maintain its iFixit repairability rating on a par with the last model – unlike its smartphone sibling.

    The iFixit team found the slightly larger display of the latest Apple Watch a boon for removal via heat and a suction handle. Where the previous generation required a pair of flex folds in its display, the new version turned out to be simpler, with just the one flex.

    Things are also slightly different within the watch itself. Apple's diagnostic port has gone and the battery is larger. That equates to a slight increase in power (1.094Wh from 1.024Wh between 40mm S6 and 41mm S7) which, when paired with the slightly hungrier display, means battery life is pretty much unchanged.

    Continue reading
  • Better late than never: Microsoft rolls out a public preview of E2EE in Teams calls

    Only for one-to-one voice and video, mind

    Microsoft has finally kicked off the rollout of end-to-end-encryption (E2EE) in its Teams collaboration platform with a public preview of E2EE for one-to-one calls.

    It has been a while coming. The company made the promise of E2EE for some one-to-one Teams calls at its virtual Ignite shindig in March this year (https://www.theregister.com/2021/03/03/microsoft_ups_security/) and as 2021 nears its end appears to have delivered, in preview form at least.

    The company's rival in the conference calling space, Zoom, added E2EE for all a year ago, making Microsoft rather late to the privacy party. COO at Matrix-based communications and collaboration app Element, Amandine Le Pape, told The Register that the preview, although welcome, was "long overdue."

    Continue reading
  • Recycled Cobalt Strike key pairs show many crooks are using same cloned installation

    Researcher spots RSA tell-tale lurking in plain sight on VirusTotal

    Around 1,500 Cobalt Strike beacons uploaded to VirusTotal were reusing the same RSA keys from a cracked version of the software, according to a security researcher who pored through the malware repository.

    The discovery could make blue teams' lives easier by giving them a clue about whether or not Cobalt Strike traffic across their networks is a real threat or an action by an authorised red team carrying out a penetration test.

    Didier Stevens, the researcher with Belgian infosec firm NVISO who discovered that private Cobalt Strike keys are being widely reused by criminals, told The Register: "While fingerprinting Cobalt Strike servers on the internet, we noticed that some public keys appeared often. The fact that there is a reuse of public keys means that there is a reuse of private keys too: a public key and a private key are linked to each other."

    Continue reading

Biting the hand that feeds IT © 1998–2021