ICANN Launches Service to Help with WHOIS Lookups – Krebs on Security

More than five years after domain name registrars began redacting personal data from all public domain registration records, the non-profit organization that oversees the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request information. directly from the registrars.

In May 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) — the nonprofit entity that manages the global domain name system — ordered all registrars to redact customer names, addresses, phone numbers and emails from WHOIS, the inquiry system in databases that store registered users’ domain names and blocks of Internet address ranges.

ICANN made the policy change in response to General Data Protection Regulation (GDPR), a law enacted by the European Parliament that requires companies to obtain affirmative consent for any personal information they collect on people within the European Union. In the meantime, registrars will continue to collect data but not publish it, and ICANN has promised that it will create a system that facilitates access to this information.

At the end of November 2023, ICANN launched the Registration Data Request Service (RDRS), which is designed as a one-stop shop for submitting registration data requests to participating registries. This video is from ICANN walks through how the system works.

Accredited registrars are not required to participate, but ICANN is ASK all registrants who participate and said participants can opt out or stop using it at any time. ICANN argues that the use of a standardized request form will facilitate the correct information and supporting documents to be provided in the evaluation of a request.

ICANN states that RDRS cannot guarantee access to requested registration data, and that all communication and disclosure of data between registrants and requesters occurs outside the system. The service cannot be used to request WHOIS data tied to country-code top level domains (CCTLDs), such as those ending in .de (Germany) or .nz (New Zealand), for example.

The RDRS portal.

as Catalin Cimpanu WROTE with Dangerous Business Newscurrently investigators can file legal requests or abuse reports with each individual registrant, but the idea behind RDRS is to create a place where requests from “proven” parties can be faster and have a higher degree of trust.

The registrar community generally views public WHOIS data as a problematic issue for their domain customers and an unwanted cost-center. Privacy advocates maintain that cybercriminals do not provide their real information in registration records, and that requiring WHOIS data to be public causes domain registrants to be harassed by spammers, scammers and stalkers.

Meanwhile, security experts argue that even in cases where online abusers provide intentionally misleading or false information in WHOIS records, that information is still useful in mapping the extent of their malware, phishing and scamming operations. Additionally, most phishing is done with the help of compromised domains, and the main method of cleaning up compromises is to use WHOIS data to contact the victim and/or their host provider.

Anyone looking for more examples of both need only search this Web site for the term “WHOIS,” which provides many stories and investigations that would never have been possible without the data available in the world’s WHOIS records. .

KrebsOnSecurity remains skeptical that participating registrars are more likely to share WHOIS data with researchers simply because the request comes through ICANN. But I expect to be wrong about this, and will certainly mention it in my reporting if RDRS proves useful in this regard.

Leave a comment