Bonjour Kavé,

Cette "saisie" de nom de domaine est relatée en plus détaillé dans un
postage ci-dessous. Peut-être que les internautes vont commencer à
comprendre l'importance de prendre un nom de domaine *hors de portée du
gouvernement US, et de ses émules*. Passionnant, comme tu dis.

Cordialement
- - -

From: parminder <[email protected]>
Date: Mon, Nov 29, 2010 at 10:22 AM
Subject: [governance] US gov's Domain seizing activities
To: [email protected]

 (For some reason, domain seizing activities of governments of developing
countries, done for IP enforcement, receives so much less attention that
that of developing countries done for political and cultural reasons.  See
below.)
The Background Dope on DHS Recent Seizure of Domains

http://rulingclass.wordpress.com/2010/11/28/the-background-dope-on-dhs-recent-seizure-of-domains/

As has been reported, it looks like ICE <http://www.ice.gov/iprcenter/>,
which is the principal investigative arm of DHS, has begun seizing domains
under the pretext of IP infringement. But it’s actually not ICE who is
executing the mechanics of the seizures. It’s a private company, immixGroup
IT Solutions <http://www.immixgroup.com/>. Here is what is going down.

In May of this year, immixGroup IT
Solutions<http://www.immixgroup.com/news/pr_display.cfm?ID=117>is
awarded a one year IT Services contract with DHS. The particulars of
this
contract:

Under this new contract, immixGroup will provide information technology
operational services and support, implementation, and maintenance of DHS ICE
C3′s software applications, network and CyberSecurity systems, as well as
the maintenance and enhancement of applications that support law enforcement
activities.

The contract includes one base year, one 12-month option period, and two
six-month option periods; covers all four divisions of C3 (Child
Exploitation, Cyber Crimes, Computer Forensics, and Cyber Training); and is
critical to C3′s pursuit of criminal activity. immixGroup’s services in this
effort include network maintenance, application development and support,
forensic lab assistance, data storage maintenance, and information
assurance.

On November 24th, immixGroup IT Solutions registered the domain
SEIZEDSERVERS.COM <http://seizedservers.com/>, and primary and secondary
nameservers, NS1.SEIZEDSERVERS.COM <http://ns1.seizedservers.com/>,
NS2.SEIZEDSERVERS.COM <http://ns2.seizedservers.com/>, with Network
Solutions, which is the registrar for this domain. Since the DHS contract is
provisionally for one year only, the domain was only registered for one
year(expires in one year).

immixGroup IT Solutions is using CaroNet <https://www.caro.net/> to host
their domain, including the authoritative name
servers(NS1.SEIZEDSERVERS.COM<http://ns1.seizedservers.com/>,
NS2.SEIZEDSERVERS.COM <http://ns2.seizedservers.com/>) for this domain. They
have setup a simple web page, http://seizedservers.com/ or
http://74.81.170.110 which is the same “Notification of Seizure” page you
will get if you type in one of the seized domains in browser address bar(if
you’re paranoid: yes, they are tracking using both Google analytics and
piwik).

ICE is not actually “seizing” any servers or forcing hosting companies to
remove web content from their servers; what they are doing is using
immixGroup IT Solutions to switch the authoritative name servers for these
“seized domains.” But they are not doing it at the Registrar level(by
contacting the registrar for the domain and forcing them to update the
authoritative name server info to point to
NS1.SEIZEDSERVERS.COM<http://ns1.seizedservers.com/>,
NS2.SEIZEDSERVERS.COM <http://ns2.seizedservers.com/>), but rather through
the agency who controls the top level domain. In this case, all the “seized
domains” appear to be .com and the agency/company who has the ICANN contract
for this TLD is VeriSign(which also controls .net TLD). The changes are
being made at the top-level authoritative name servers for the .com TLD,
which would be the [a-m].gtld-servers.net. These are controlled by
VeriSign(note: these top-level name servers are also authoritative for .net
and .edu TLDs).

So, VeriSign, the owner of the .com TLD, is working in cooperation with DHS,
and it appears immixGroup IT Solutions has what we might call an “IT Support
Ticket system” setup with VeriSign.

That web servers are not being seized and web content not being deleted can
easily be verified by clicking this link, http://208.101.51.57, which is the
original IP Address of a seized domain, *torrent-finder.com*. It’s still up,
and it appears it has registered a new domain, *torrent-finder.info*, that
resolves to the original IP address. This site is being hosted by SoftLayer
Technologies in Dallas, TX. So, it is certainly within US jurisdiction to be
shut down if there was “a case to be made.”

Now the .info TLD is not controlled by VeriSign; it’s controlled by
Afilias<http://en.wikipedia.org/wiki/Afilias>.
So, an interesting little experiment would be to see if the *
torrent-finder.info* domain remains up. As of now, we can only conclude that
there is back deal between DHS and VeriSign that makes any .com or .net
domain subject to seizure by the actions of immixGroup IT Solutions.

Lastly, there has been some speculation that this recent business of “domain
seizure” portends the same tactics being used to seize the “wikileaks.org”
domain. From a technical standpoint, understand that the .org TLD is not
controlled by VeriSign; it is controlled by the Public Interest Registry. An
interesting thing however: PIR has contracted out the technical operations
to Afilias. So, if we were to see *torrent-finder.info* similarly seized,
then this would mean that Afilias is also in cahoots with DHS, which could
imply the .org TLD could be subject to the same type of “domain seizures.”
As of now, there is no evidence of that. And, it should be clear, these type
of domain seizures are completely different than the 2008 attempted shutdown
of wikileaks.org by the US government. In that case, a U.S. District Court
issued an injunction ordering Dynadot, which was the registrar for the
domain, to remove all traces of Wikileaks from its records. That didn’t hold
up.

- - -

2010/11/29 Kavé Salamatian <[email protected]>

> Bonjour,
>
> Il semblerait (voir
> http://www.lemonde.fr/technologies/article/2010/11/29/nouvelle-offensive-americaine-contre-le-telechargement-illegal_1446267_651865.html)
> que la technique utilisé pour bloquer l'accès au sites de téléchargement
> illégal à consisté à faire un DNS Hijack. Ceci ouvre une perspective légale
> intéressante. Il est vrai que le DNS est gérée par le droit américain mais
> je ne suis néanmoins pas sur de la légalité du DNS Hijack effectué. D'autant
> plus que si celui-ci est légal, le DNS hijack effectué sur Baidu et sur
> Twitter en 2009 et 2010 l'est aussi ! Y'aurait il des juristes dans
> l'audience ?
>
> Finalement nous vivons une époque passionnante :-)
>
> Cordialement
>
> Kavé Salamatian
>
>
_______________________________________________
comptoir mailing list
[email protected]
http://cafedu.com/mailman/listinfo/comptoir_cafedu.com

Répondre à