Forwarded from: Directi <shridhar.l (at) directi.com> Directi's official response to inaccurate reports which falsely implicate the Directi Group From Bhavin Turakhia’s Desk: There have been some articles and reports recently published by Garth Bruen at Knujon and by Jart Armin and James Mcquad at Hostexploit, that somehow link Directi with groups that support organized internet crime. The motives behind these reports are still unknown, but as an organization that prides itself in setting industry benchmarks in ethics and best practices, we are extremely shocked by these allegations. While I applaud the efforts of volunteers such as Knujon and Hostexploit who spend their personal time to try and combat spam, I am personally quite saddened when the very individuals who we trust to combat fraud engage in publicity moves without consideration for the reputation of legitimate businesses. Neither Knujon nor Hostexploit extended a basic courtesy of even contacting us to verify any of the facts in their report before publishing the same. Directi is not even remotely related to the organizations or activities listed in those reports. The arguments presented in these reports are either downright baseless, or based on complete fabrication of facts. Various other news agencies and blogs have further referenced these reports in the form of a story or post, once again without any attempt to verify or validate the facts in these reports. Given the amount of noise this has created - it is imperative that we clarify our stand and rectify the factual inaccuracies in those reports. The first false and inaccurate report in question is one published by Garth Bruen of Knujon. Find below each of the factual inaccuracy or misstatement in his report and our response to the same - 1. The report claims that “48 ICANN-accredited Registrars (affiliated with Directi) … do not seem to exist and are phantom.” This statement is factually incorrect, and was completely unverified by Knujon. Knujon did not even bother to contact ICANN in this regards to get the right facts. The truth of the matter is that all 48 companies which belong to Directi and its clients, are in existence and are duly incorporated and validly existing under law. 2. Other Online reports further claim that these 48 registrars are involved in illicit activities. This allegation is made without providing ANY evidence to corroborate the same. This statement is grossly inaccurate. The reporters did not bother to support such claims with any factual evidence, nor contacted us for clarification. All 48 companies combined have under a few thousand customers who have registered legitimate domains with these registrars and have not received any abuse complaints. Yet these companies have been dragged in, without evidence, into an issue that is unrelated to them. 3. Garth of Knujon further claims that the Directi Group owns a company by the name of ESTDomains. This is another blatantly false insinuation. Directi has never owned ESTDomains. Garth has no documentation that shows Directi owning ESTDomains. We have challenged Knujon to produce any evidence with respect to this. In fact the only relationship between Directi and ESTDomains is that ESTDomains has purchased certain software from Logicboxes a few years ago to power their Registrar operations. They are otherwise an independent company and we do not control their actions or their behavior. 4. Another claim in the reports is that Directi sponsors illegal pharmacy related domain names and that If and when the site content is closed by the ISP host, Directi/PublicDomainsRegistry (sic) just helps them set up at a new IP This accusation is once again baseless - we certainly do not condone any abusive behavior, much less facilitate it. Despite the fact that policing the Internet does not fall under the purview of a domain name Registrars’ responsibility, we work hard to clamp down abuse, from a moral standpoint. Infact the report again contains no evidence of a single domain name where WE have explicitly assisted a miscreant in migrating from one IP address to another. Quite the contrary, despite not having any legal obligation to do so as a Registar, we still takedown over 95% of the domains for which we receive abuse complaints within 24 hours of receiving these complaints. We invest significant resources towards ensuring that all abuse complaints are thoroughly investigated and swiftly acted upon. 5. The reports state that the privacy protection service that we provide intentionally harbors abusive domain names and should not be offered for domain names. PrivacyProtect.org was created to safeguard genuine domain owners from the very threats that KnujOn perceives it to protect. Millions of genuine domain registrants and customers of Directi are using the privacy protection services we offer and are very happy that we provide the same since it protects their email addresses from being harvested and protects their identity from spammers and miscreants. We also maintain a strict zero-tolerance policy w.r.t. abuse of our privacy protection services, and any domain name proven to indulge in illegal activities has its protection immediately revoked. We challenge Knujon to find an example wherein a complaint was made to our privacy protection service and was not actioned upon. 6. The report claims “EstDomains is a Registrar that also makes heavy use of the PrivacyProtect.org service for masking the ownership of fake pharmacy domains.” Long before this report was ever published, we had already discontinued our privacy protection services to ESTDomains as per our zero tolerance policy. Knujon again choose not to verify their facts before publishing such assertions. 7. Further updates from Garth and other sites state that we are in the process of severing our relationship with ESTDomains making it sound as if we were harboring ESTDomains all this while and are now canceling their services This assertion is incorrect. The only relationship Directi has had with ESTDomains is that of a software vendor. We have discontinued providing privacy protection services to them a few months ago. However ESTDomains continues to use software that they purchased from Directi since several years. We do not control their actions in this respect. None of our steps in terms of abuse prevention are knee jerk reactions to these reports because these reports do not carry any factual data. We are not responsible for domains registered through ESTDomains in any manner and cannot suspend them or prevent abuse on them. The second false and inaccurate report in question is one published by Jart Armin and James Mcquad at Hostexploit. Here are our responses to the claims in that report - 1. This report deals with the purported abusive and illegal activities of a company called Atrivo, goes on to associate the Directi group with Atrivo. Most of the accusations in this report are based on the notion that the Directi Group has some association with Atrivo. In fact, the report states one of “the most important of these (cyber crime) Atrivo associations” as “PrivacyProtect (anonymous registrant), LogicBoxes (hosting servers)”.This statement is completely incorrect. Neither is Atrivo associated with LogicBoxes, nor is it being hosted by LogicBoxes, nor have they registered their domain name through LogicBoxes. In fact there is no link between Atrivo and LogicBoxes, except the fact that Atrivo is a customer of ESTDomains and ESTDomains is a customer of LogicBoxes. The Directi Group does not have, and has NEVER had, any association with either Atrivo or their business practices. Directi and Logicboxes are neither a vendor nor a customer nor a business associate of Atrivo. Directi received no courtesy information request from the authors of this report to verify this claim. The report shows no evidence of any such association. 2. This report, in its investigations of our privacy protection service, goes on to detail the name server and whois information of privacyprotect.com (which is not affiliated with us) instead of privacyprotect.org, which perhaps epitomizes the quality of research on which the report is based. From a simple whois query, and a quick visit to these websites, it is amply clear that these two entities are in no way connected with each other. 3. Like the previous report, this report also claims that ESTDomains provides use of Directi’s privacy protection services - which, as clarified above, is absolutely false and inaccurate at the time the report was published. If you are a news agency or a blog or a news site that has quoted any of the above mentioned reports with false allegations about Directi and LogicBoxes, we request you to post this update in its entirety in a visible manner with a link from the existing article’s headline with a byline that can state “Update: Directi disclaims all allegations in the knujon / hostexploit reports as baseless and factually incorrect“, since you are currently carrying false and defamatory statements without verification or evidence on the same and have caused considerable reputation loss to our organization. Several of you who have already updated your respective websites, and confirmed the same to us - we thank you for your cooperation and urge you to ensure that in the future when referencing reports of this nature, you at least extend the subject, a basic courtesy of confirming the facts. The reputation damage that has been caused as a result of this incident is considerable. Today, Directi continues to be one of the most proactive Registrars in combating abuse and implementing strict AUPs. We have a significant investment in terms of manpower and processes to achieve just this. We do so, not because we’re contractually obligated, or to protect our own business interests, but because we sincerely believe in the ideology of making the internet a safer and more secure medium for conducting business. However it is reports and claims like these that are disappointing to any white hat, genuinely conscientious Registrar, wherein despite our continuous efforts, organizations such as Knujon and HostExploit, without attempting to verify facts, publish libelous and false allegations. Even a basic common courtesy of contacting us was not extended prior to publishing these reports. While Directi will take all steps necessary to protect its interests, we hope that this type of an incident is not repeated in the future and that online press and media take some basic steps to verify their stories before maligning someone falsely on the Internet at large. -- View this message in context: http://www.nabble.com/ICANN-cast-as-online-scam-enabler-tp19283495p19313470.html Sent from the Info Security News (ISN) mailing list archive at Nabble.com. __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Fri Sep 05 2008 - 02:42:35 PDT
This archive was generated by hypermail 2.2.0 : Fri Sep 05 2008 - 02:56:18 PDT