Illustrative image. Photo: Jason Leung/Unsplash.
But what is this Internet user trying to do? According to engineer Nicolas Pawlak, on July 20, one person registered almost a thousand domain names in the .fr zone. Misspelled addresses, such as c0nforama.fr or ca-centtreloire.fr. That’s almost a third of the domain names filed that day.
“What struck me here is the particularly massive nature,” explains this Zdnet.fr engineer, who has been tracking domain name registrations privately for about two years. The list of sealed domain names, which mixes links to media sites, e-commerce sites, or even institutional sites, was just revised upwards on Monday, July 25, with the addition of 184 new domain names.
At present, the mechanisms of type-squatting, such a way of deceiving an Internet user with a URL that is close to a legitimate address, are well known. As the French company Tehtris reminds us, this social engineering technique can “seem simple and sometimes harmless.” However, it allows an attacker to recover personal information, may allow the installation of malicious extensions, cause targets to lose their capabilities or even harm their image.
A sign of government concerns about this, the opening hours were even mentioned by Guillaume Poupart during the latest International Forum on Cybersecurity (FIC). Anssi’s CEO suggested taking inspiration from Britain’s Active Cyber Defense, a National Cyber Security Center service that offers free tools and services, such as a typo tool.
Obviously, it is not possible at the moment to know the purpose of these recent deposits. We have not received a response to our email sent to the contributor. “It is very likely that in a more or less short term these bulk reserved domains will be used maliciously, for example for phishing,” stresses, however, Nicolas Pawlak, system administrator at the Ministry of the Armed Forces, on Linkedin.
But as another French cybersecurity expert points out on Twitter, bulk domain name registrations can be used for many other malicious activities beyond simple phishing. The latter does not have to be based on a squatted domain name.
Freeze domain names
In any case, it is very likely that this domain name registration will not really have a future. When contacted, Afnic (the French Internet naming cooperation association) did tell Zdnet.fr that it had identified a maneuver in progress. As such, registered domain names are already on hold – they cannot be assigned or transferred – until more information is available. According to the association, the German registrar Key-Systems, which the Internet user used, is also studying the situation.
Specifically, Afnik, alerted by third parties, asked the applicant to show his identity card. If this person does not respond within seven days, the domain name registrations will be deleted. If, on the contrary, the applicant presents the expected supporting documents, this will facilitate subsequent actions.
For example, the Directorate General of Competition, Consumer Affairs and Fraud Prevention may request that domain names be removed in the event of a violation. Entities that may feel they have been affected by these filings may also request disclosure of the holder’s details in order to initiate their own legal notices.
“Scammers rarely leave their business card, which allows us to block them and remove domain names,” Pierre Bonis tells Zdnet.fr. “The good news is that there are fewer attempts than at one time,” adds the Afnic CEO. Even if the game of combinations offers a significant number of opportunities for cheaters. Enough to encourage Internet users to remain vigilant about domain names.