Connect with us

Hi, what are you looking for?

Tech & Science

EU introduces new legislation ending anonymous domain registration

We’ve now seen from multiple pipeline ransomware events that critical infrastructure is in danger.

Man working in an office at a computer. — Photo: © Tim Sandle
Man working in an office at a computer. — Photo: © Tim Sandle

The European Union has announced it is drafting legislation that wants to put an end to the anonymous registration of domains, which are often used for illegal activities including the distribution of malware.

The legislation is the “Directive of the European Parliament and of the Council on measures for a high common level of cybersecurity across the Union”. This act will add new provisions that enable domain registrars to collect more information from registrants and verify that information.

Looking at the scope of the law and its consequences for businesses and consumers is Chad Anderson, who is a Senior Security Researcher for DomainTools.

Anderson looks at the benefits of the laws: “This change in posture shows just how important registrant information can be for defenders. We’ve certainly found other ways of fingerprinting actors based on tactics, techniques, and procedures (TTPs), but taking down large swaths of domains tied to a single individual is much quicker when they can actually be tied to that individual and time is increasingly of the essence.”

However, there are some points of contention that needs to be discussed. Here Anderson is critical, stating: “For those that say this will be a hit to whistleblowers and activists: that’s hogwash as they should all be using Tor and pre-built sites anyways to protect their anonymity. If anything this will force their hand to use better operational security. Leak sites will still exist and alternative registrars still exist. All of the problems for maintaining a private Internet where activists can work have already been solved.”

Anderson also takes issues with those who are more inclined to flag civil liberties issues. Anderson  says: “For those that say this is a hit to privacy: this operates the same way it would if you were buying property anywhere else. Yes, it’s digital property, but you should have to be responsible for that permissive SPF record allowing relay of malware spam in the same way you have to be responsive when there’s a gas leak on physical property.”

The reality is, as Anderson puts it: “We’ve now seen from multiple pipeline ransomware events that critical infrastructure is just as in, if not more in danger, from a ransomware event than it is from a physical attack.”

Anderson  challenges another myth: “For those that say this doesn’t matter because cybercriminals will just hide behind corporations or registrars in other countries: yes, that is the point. Defensive work is never about eliminating the threats, it’s about making it so expensive that the threat cannot operate. This raises the bar and makes it expensive for easy cyber criminality like business email compromise (BEC) and credential phishing campaigns. Additionally this reduces the attacking area left to monitor as it reduces the number of registrars that attackers can use.”

Summarising the necessity of the provisions in the directive, Anderson concludes: “These are all wins in the defensive playbook. No crime won’t stop, but yes it will require a more sophisticated attacker and remove the run-of-the-mill non-technical cybercrime that is pervasive today.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

Tampering with witnesses is an extremely bad, extremely dumb, move.

World

In a 6-3 ruling, the Supreme Court ruled against the EPA, hindering the government from tackling the climate crisis.

World

You can’t just ring someone and ask them to fix America. Where would you get the parts, to start with?

World

The 30 x 30 plan would see 30 percent of Earth's land and oceans become protected zones by 2030 - Copyright AFP GABRIEL BOUYSThomas...