The important business of domain names related to the coronavirus: simple speculation or sophisticated scams?

Written by Dreyfus08/06/2020

Individuals, entrepreneurs, professional url brokers… all are trying to buy and resell domain names with keywords related to the virus. The prices go up to several thousand euros. For example “corona-vaccination.fr” was bought on March 16 by a German developer, who is now offering it for sale for 9,000 euros.

The DomainTools search team began monitoring the terms related to Covid-19 in February 2019. From a slight increase in domain names using the terms “Coronavirus” and “COVID-19” at the begining, to registrations with a significant spike in recent weeks, it is clear that many of them are scams!

Among them, there is a site developed by a private individual offering the user to install an Android application called “CovidLock”, claiming to have a tool for monitoring the epidemic in real time. In reality, it is a ransomware that asks for of $100 Bitcoins. Thanks to a proactive “hunt”, DomainTools detected it within hours of its creation, before it claimed any victims, and was able to obtain the scammer’s Bitcoin wallet.

Many domain names that should be watched closely at the height of the epidemic, are paving the way for resale at hefty prices or for cyber attacks!

Dreyfus can assist you in the management of your trademarks portfolios in all countries around the world. Do not hesitate to contact us.

Source: https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware

A senator is worried about parliamentarians IT security

Written by Dreyfus18/05/2020

Jérôme Bascher, the republican Senator of Oise (LR party) expressed his concerns in the report to the Senate No. 82 (2019-2020), on October 22, 2019 : ″Parliamentarians IT security is close to zero″

It is primarily a matter of distinguishing between institutional functions and the IT practices of parliamentarians themselves. While the former are relatively well protected, since they benefit from assistance such as that provided by the Anssi (national agency for the security of information systems), the latter are a source of great IT insecurity.

IT insecurity factors related to the workforce

1. Having its own IT equipment

The workforce is a key element in IT security. Each parliamentarian is free to have their own equipment (Huawei or Apple telephone), yetinsecurity can arise from their exchanges and from the means of communication they use. In fact, mobile instant messaging applications that are likely to be used, go through the GAFA. They are hosted by servers of Amazon web service and not by OVH, for example, which could potentially be an efficient French server. This could be countered by the argument that Amazon Web service is also based in France,

2. Not enough awareness among senators

While the Parliament benefits from the Trojan horse attacks detecting systems on institutional sites, the level of IT security among parliamentarians is still very low.

In 2018, the Senate’s IT security systems intercepted more than 30,000 high-risk contents. Senator Bascher assures that security services experience at least 2 or 3 cyber attacks per week.

Only wiling senators are aware of the importance of IT security. Senator Bascher pointed out : “I’ve never had a virus in my life, because I’m careful,”. Among the risks that public authorities may incur, appears the so called “facing”, that is,the creation of a fake Internet page that could be an apology for terrorism, that French channels Public Sénat and LCP-AN, whose credits are included in public authorities mission, can suffer from. It is a bit reminiscent of the past attack against the channel TV5 Monde a few years ago, which has since had to make considerable investment efforts to pay for its protection.

In addition, an increaseof requests that makethe site inaccessible – hasto be considered,

Cyber attacks against public authorities are now undeniable, as evidenced by the cyber attacks that hit Estonia in 2007, the German Bundestag in 2015 and, to a lesser extent, the Senate, in 2011.

Implementation of solutionsto reinforce the parliamentarians IT security

1. The current IT protection system

Senator Bascher points out that, 10% of the IT budget in France is spentonsecurity. A program administeredby the Ministry of Defence consisted in recruiting cyber-combatants, however there is a protection imbalance since the Elysée had its own network, which is not the case for the Parliament. Senator Bascher claims that the budget designated to cybersecurity should be increased.

2. A mechanism to be reinforced

The primary objective would be to improve the parliamentarians equipment and make them more aware of IT risks.

According to the Senator, it would also be necessary to reinforce the resources of the Anssi, which is currently the only entity that deals with all the organs of power.

Public authorities are therefore at the heart of the strategic and decision-making challenges of Western democracies, as a result of which, they became the main target of IT attacks. This is all the more true in the election period, as demonstrated by the 2016 American presidential election. It’s time to strengthen the parliamentarians IT protection.

A Complainant who claims an old domain name must demonstrate its use in order to justify prior rights

Written by Dreyfus12/05/2020

Source: WIPO, Arbitration and Mediation Center, Jan. 22, 2020, No. D2019-2992, Cyberplay Management Ltd v/ WhoisGuard Protected, WhoisGuard, Inc./DIREX NV and Johann Mayer.

The Maltese company Cyberplay Management holds a gaming license for the purpose of operating an online casino. The latter owns the European trademark “Loki”, deposited on January 10, 2017 and registered on 6 September 2017, as well as the domain name <loki.com>, registered in 1992 and currently operated for online casino services. Said Company filed a UDRP Complaint before the WIPO Arbitration and Mediation Center against the domain names <lokicasino16.com>, <lokicasino17.com>, <lokicasino18.com>, <lokicasino19.com> and <lokicasino.com>, with the prejudice that they infringe its rights. Indeed, they associate the “Loki” trade mark with the term “casino”, which refers to its activity. The domain name <lokicasino.com> had been registered on May 16, 2016 and the other four domain names on January 11, 2017 (one day after the registration of the Complainant’s trademark,).

At the time the Complaint was filed, the Respondents were using these domain names in connection with an online casino. The Complainant considers that the Respondents registered and used the domain names in bad faith. The Respondents, for their part, claim that they never had knowledge of the applicant and its trademark. In addition, the Respondents have provided several screenshots, taken from the WayBack Machine website databases (archive.org) of the history of the Complinant’s website, showing the latter has never used the domain name <loki.com> for casino activities prior to the current period. For example, in 2006, it referred to a site allowing the user to find all types of events near their location.

The expert ruling on the case concludes that the complaint must be rejected, since the applicant did not provide evidence showing it was the holder of trademark rights for the sign “LOKI” at the time of registration of the disputed domain names. The trademark application was filed after the registration of the domain name <lokicasino.com > owned by the Respondents. Furthermore, in regard to the law on unregistered trademarks (right of use), the Complaint does not submit any evidence of use of the sign “LOKI” in connection with the services of an online casino. Thus, it is important to recall that in order to prosper in a UDRP proceeding, it is imperative for a Complainant to submit evidence establishing, in particular, the registration and use of a domain name in bad faith. In this case, the Complainant failed to provide such evidence. This decision also shows the growing importance of the archives proposed by WayBack Machine, which the judges now tend to accept as evidence (subject to justifying a bailiff’s report).

Update covid-19: Dreyfus organization

Written by Dreyfus12/05/2020

Dear all,

Since Monday 11th of May and the end of the French quarantine, we are pleased to open the office to allow meetings with our clients to take place physically if it’s necessary.

We have organized a team rotation in our offices and continue to enable remote work.

We are naturally available to answer all your requests by email contact@dreyfus.fr or by phone +33 1 44 70 07 04.

See you soon!

UDRP procedure. The bad faith complainant: when the chances of success are so low that the applicant should not have taken action

Written by Dreyfus11/05/2020

Source: WIPO, Arbitration and Mediation Center, Jan. 30, 2020, No. D2019-2937, Scalpers Fashion, S.L. c/ Dreamissary Hostmaster

The Spanish company Scalpers Fashion is active in the fashion industry. It is the owner of numerous trademarks incorporating the “Scalpers” sign, including the European Union trademark “Scalpers” No. 6748578, registered on September 29, 2008. The company has filed a UDRP complaint before the WIPO Arbitration and Mediation Center against the domain name <scalpers.com>, claiming that it infringes its rights. The domain name was registered on September 15, 1997, by the Respondent Dreamissary Hostmaster, who is in fact a natural person, a U.S. citizen and the holder of a substantial number of domain names featuring dictionary words. The domain name at issue was exploited to generate pay-per-click revenues by leading to sponsored links referring to the sale of tickets. At the time the complaint was filed, the domain name in question resolved to a parking page.

The Complainant submits that the Respondent intends to take undue advantage of its reputation in fashion and to disrupt its business. In addition, the Complainant submits that the large sums proposed by the Respondent in various attempts t negotiate are evidence of his bad faith. Indeed, the Respondent allegedly offered initially $150,000 and then $195,000. Finally, the Complainant considers that the Respondent’s bad faith is manifested by the registration of more than 100 domain names, for him to be able to resell them for a profit.

The Respondent contends that he registered and used the domain name <scalpers.com> because of the definition of the word “scalper”: a person who buys tickets at the normal price and then resells them at a high price when demand is high and available seats are scarce. In addition, the latter requires the expert to conclude to reverse domain name hijacking.

The Complainant’s position was not followed by the expert. The expert considers that the domain name was neither registered nor used in bad faith. Indeed, the Respondent had registered the domain name more than 10 years before the Complainant’s alleged date of first use of the “Scalpers” trademark. In such circumstances, there was no basis to conclude that the Respondent targeted the Complainant’s mark, which was not in existence at the time the Respondent registered the disputed domain name. As regards the use of ???, the expert also concluded that there was no bad faith, since the Respondent had used the domain name for the meaning of the word “scalpers”. The expert ruling on the case indicates that the complaint should be dismissed. In addition, he stated that the complaint was filed in bad faith by the Complainant, and was intended to deprive the Respondent of ownership of his domain name. Indeed, several facts contribute to the expert’s position: the domain name was registered by the Respondent long before the Complainant owned a trademark right in the Scalpers sign; the UDRP Complaint was filed after two unsuccessful attempts to purchase the domain name from the Respondent; and the Respondent’s counsel notified the Complainant that the complaint should be withdrawn due to the manifest impossibility of establishing bad faith.

The Complainant clearly should have known that the complaint could not succeed. Thus, it should be borne in mind that the UDRP procedure is not a one-way tool. The aggrieved Respondent may attempt to reverse the proceedings to obtain a decision against the Complainant. Here, the lack of chance of success was particularly blatant, as the domain name predates the trademark rights of Scalpers Fashion.

The rise of phishing in the midst of the coronavirus crisis

Written by Dreyfus07/05/2020

Source: Bank Info Security, Feb. 11, 2020

The global health crisis caused by the coronavirus is a favorable context for phishing techniques. Indeed, many organized gangs of cybercriminals are pretending to be health organizations by using fake domain names. As a result, they send an e-mail pretending to be a health-related entity, in which they ask the recipient to click on a link and enter or confirm a login and password. For example, cybercriminals therefore send phishing e-mails containing domain names similar to those used by the Centers for Disease Control and Prevention. For example, cybersquatters have incorporated the domain name “cdc-gov.org” which is similar to the official domain name “cdc.gov”.
Thus, these malicious e-mails encourage users to click on a link that looks like it contains information related to the issues related to the coronavirus. In fact, Internet users are redirected to a fake website where they have to enter a username and password. In other cases, cybercriminals send phishing e-mails looking like they originate from the World Health Organization, inviting users to a link to download a document on security measures against the spread of the virus. Of course, this is not the case and users are redirected to a pop-up screen asking for a username and a password. It should be noted that some cybercriminals adopt a different tactic by posing as entities linked to the world of economics, such as shipping companies or manufacturing industries. The coronavirus crisis can have an impact that extends beyond health concerns. Hence, it is necessary to be doubly careful about the extension of these phishing campaigns, alert may be raised for example by e-mails containing numerous spelling mistakes.

The <.eu> extension against Brexit

Written by Dreyfus06/05/2020

Source: EURid, registry of the <.eu> extension

The United Kingdom parted from the European Union on January 31, 2020. As a result, the United Kingdom and the European Union entered into a transitio period, a period that has been announced to last till December 31, 2020. During this period, UK residents are still entitled to register and renew names in <.eu>.

However, once this period expires, they will no longer be able to register domain names with the <.eu> extension, nor to keep those they already hold, unless they comply with the requirements. The EURID originally detailed a comprehensive plan that was supposed to be implemented from November 1, 2019, the date when the United Kingdom was due to leave the European Union. It will finally apply at the end of the transition period, although no precise deadlines have yet been set. Once the transition period ends, only the following persons are entitled to register domain names in <.eu>: a citizen of the European Union, regardless of his/her place of residence; a natural person who is not a citizen of the Union European but is a resident of a Member State; a company established in the Union; or an organization established in the Union, without prejudice to the application of national law.

Thus, for already registered domain names, registrants will be able to update their contact details in an attempt to maintain their assets. In particular, they will have to indicate a country code of citizenship corresponding to a Member State of the European Union of 27 regardless of their residence or establish an entity legally established in one of the eligible Member States of the European Union of 27 or the EEA. All registrants who do not comply with these eligibility rules will see their domain names cancelles such the domain names will then be available for registration to all.

As non-compliant domain names will be withdrawn, it is appropriate to carry out a thorough analysis of registrants’ domain name portfolios to see whether any of their registrations is at risk.

Registries and artificial intelligence

Written by Dreyfus05/05/2020

A number of national top-level domain name registries such as the English registry Nominet have begun to use artificial intelligence to prevent abusive domain name registrations. Each registry uses its own system to suspend registrations if they believe there is suspicious activity on an IP address or if the identity of the applicant cannot be verified.

Ongoing assessment of the identity of the registrant thus helps reducing domain name infringements.

The liberalization of prices for domain names in <.com>: a possible increase from2021

Written by Dreyfus04/05/2020

The gTLD <.com> apparently occupies more than 40% of the domain name market share, according to statistics provided by the site www.domainnamestat.com. These results confirm that it is an unavoidable extension, especially because the <.com>, which addresses the whole world, is a strong rallying sign.

However, the negotiations in progress between ICANN and the <.com> registry, VeriSign, could lead to a modification of the approval on this extension, so that the <.com>’s price would increase by possibly 7% per year, from 2021 to 2024. In return for this right, VeriSign would pay $4 million to ICANN.

This negotiation is notably allowed by an amendment accepted by the American Department of Commerce, datedOctober 26, 2018, by which it was indicated that “in view of the more dynamic market of domain names, the Department considers it advisable to modify the cooperation agreement in order to provide flexibility in the prices related to the registration and renewal of domain names of the .com registry”.

If the price of <.com> increases, it will be relevant to see whether other TLDs recover some of its market shares, especially among the new gTLDs. If it seems unlikely that companies will abandon the names in <.com> that they already hold, newcomers to the market could possibly prefer other extensions.

Association between blockchain and domain names

Written by Dreyfus24/04/2020

Domain names appear to be a fertile ground for innovators related to blockchain technology.

Domain names and blockchain meet around the launch of the new extension “.luxe”, which contrary to what one might think was not created for the luxury industry (which already has its extension “.luxury” launched in 2014). The Ethereum foundation, whose aim is to promote blockchain technology, has entered into a partnership with the Minds + Machines (MMX) registry to create a new use for domain names, making “.luxe” the equivalent for cryptocurrency of what a classic extension represents for the IP address.

This association thus makes the IP addresses for the “.luxe” extension more intelligible.

Indeed, holders can link their domain name composed of the “.luxe” extension to their Ethereum account to replace their 40 characters identification number and make it easier to remember and use.

Dreyfus