| |

Internet registrars and ICANN enable coronavirus fraud

FCRO Subsection: 
Nigel Morris-Cotterill
In 2015, I wrote "Cleaning up the 'Net." It was an action plan to reduce incidence of financial and other crime committed over the internet.

One of the main principles of the book is that those that provide services to internet users - including domain name registrars and others - were enabling and profiting from crime.

Is 2021 the year when someone listens and starts to take seriously the ease with which criminals can, for example, register domain names that even the most basic know-your-customer would establish is more likely than not to be used for some improper purpose?

On the weekend when, at last, the USA gets laws to require at least some degree of declaration of the ownership of companies, is there an appetite to tackle this even bigger problem?

Hint: it's not actually a coronavirus fraud at all.

Welcome to "covidvirus.guru."

The name should tell you something: CoVid is a contraction of Corona Virus. So the name contains an obvious tautology which any "guru" would know.

The name has been registered through GoDaddy, long one of the principle go-to domain registrars for criminals. The domain was actually registered in March 2020 and there was no update until 31 December 2020. The first spam mail hit our mailboxes that day.

All data, excluding state and province (Madhya Pradesh, India, which we have seen before and suspect is false) relating to the owner of the domain is marked "redacted for privacy."

The service is hidden behind servers at Cloudflare, a company which we have repeatedly identified as shielding criminals and the paths that their activities follow. Indeed, providing anonymity is one of Cloudflare's reasons for being.

How do we know it's spam and fraudulent?

This is the message
-----------------
From: ToothDecay@covidvirus.guru
Super strong shield for your teeth and gums

If you’ve been fighting with tooth and gum problems, this email is for you!

The real cause of these issues isn’t your oral hygiene…

But this crucial vitamin that you’ve been missing. Probably since birth!
http:/[redacted - see we can do that, too, but it's for the protection of our readers]
Because this substance is so rare it’s only present in 2% of people.

Along with my team of researchers, I managed to isolate this vitamin and put it into one very effective food...

That reached more than 24,000 people worldwide and rebuilt their teeth and gums almost overnight!

You have everything you need to know right here:

How to Rebuild Your Teeth And Gums Overnight

Yours truly,
Tobias Hitch, Sr. Dental Researcher, Iowa University

[redacted]

----------------------

Tobias Hitch is fake. Or he's being faked.

In October 2020, a post on Medium.com (which has its own credibility issues over what it accepts for publication) is made by "Tune into Freedom." That is an article about tooth cavities over the name of Tobias Hitch, Sr. Dental Researcher, Iowa University." It says to click on link hidden behind a bit.ly address. Don't click.

There is a registration by that name on ZoomInfo which, probably by coincidence, is "protected by Cloudflare."

Iowa has several universities but none of them are called "Iowa University." The ZoomInfo page gives his address as 500 3rd Ave SE, Cedar Rapids, Iowa, 52401, United States. According to Google Maps streetview, that's open air car park.

The mail is sent from a machine on the localhost network at 50.2.214.8 which is ServerHub, an ISP in Dallas, Texas where abuseIPDB.com gives it a spam rating of 46%.

Our own analysis software gave this message a "recommend rejection" rating.

The answer to the question in the heading? It's not likely. After all, it's taken the US Government a quarter of a century and a parliamentary rebellion to deal, even in part, with the information shelter it has provided to criminals via its lack of proper requirements for registration of company ownership. There is, simply, no appetite to tangle with its giant internet industry.

"Cleaning up the 'net" is available worldwide via Amazon.com and associated sites.

---------------- Advertising ----------------

--------------------------------------