‘C’ in Accountability stands for Consumer. Remove it and all that’s left is A countability of victims.

We were recently asked if  https://pacecourierexpress.com/ is a legitimate website. We minutely examined it. It’s a turd!

Pacecourierexpress.com

https://pacecourierexpress.com/ claims to be a website for a courier company called Pace Courier Express , as such a business (a.k.a. a legal person). Any real business wants to be contactable. This is their lifeblood where potential and existing clients can contact them.  If there are any issues a client is experiencing, they would want to be the first to know before reading about it on social media or one of those many consumer complaint columns. Let’s take a closer look:

About US

This is at odds with their index page at https://pacecourierexpress.com/ which claims:

However, Pace Courier Express can have your shipment delivered today with just one call. Our service is easy to use and available 24 hours a day, 7 days a week

How can you call a company that does not publish their telephone number. You can’t even look it up as they do not give their address, not even mentioning a country they are in?

Okay, the more savvy internet user will say “let’s look at the domain registration details”.  Great idea …

Domain name: pacecourierexpress.com
Registry Domain ID: 2194007175_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2017-11-30T13:10:18.00Z
Creation Date: 2017-11-30T13:08:09.00Z
Registrar Registration Expiration Date: 2018-11-30T13:08:09.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registry Registrant ID:
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant City: Panama
Registrant State/Province: Panama
Registrant Postal Code:
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Phone Ext:
Registrant Fax: +51.17057182
Registrant Fax Ext:
Registrant Email: 1af55b44a4b3461a979f7241759e6e06.protect@whoisguard.com

Well, obviously WhoisGuard is not going to supply us identifying details. Nor is registrar Namecheap. It’s a matter of record that Namecheap regularly self blinds to consumer harming fraud. In turn this leads to why they were listed as the registrar sponsoring the most maliciousness in 2017.

Okay, but what now? Why did we say it’s a turd?

Know the enemy: Annually courier websites like these are instrumental in defrauding consumers at a massive scale. The types of fraud ranges from Romance scams, secondary in online purchasing scams etc … to extortion in drug scams. Most West African scam nests have a bogus courier website or a dozen tucked away somewhere. It’s central to West African fraud, both 419 and Cameroonian based.

Remember “is a global company with one of the most recognized and admired brands in the world. We have become the world’s largest package delivery company and a leading global provider of specialized transportation and logistics services. Every day, we manage the flow of goods, funds, and information in more than 140 countries and territories worldwide.” in the About Us? Change 140 to 200 and you have wording stolen from UPS:

The bulk of the About Us page was stolen from the legitimate Aero Expiditing at http://www.aeroexp.com/services.php,

… plus the last part was stolen from the legitimate http://acxcouriers.com/services.html :

What we are seeing is stolen content slapped together to create a website that appears to be a courier.  No real company would have to steal large portions of content from legitimate companies if they were real. They would be proud of their existence.They would want to be contactable as well.

One of the real content owners whose online content was stolen, may complain. But if the owner of pacecourierexpress.com was to simply change the wording, what then? The threat remains. In a nutshell, https://pacecourierexpress.com/ is a consumer trap targeting consumers, and an unaccountable one.

Update 2018/01/22: A member found a reference to a claim that this courier is supposedly in Southeastern Michigan on their Mission page: https://pacecourierexpress.com/mission/ – but that is part of the stolen content. The owner of this turd inadvertently left  the name of the legitimate Aero Expediting in the stolen content:

 

The balance of  https://pacecourierexpress.com/mission/ was stolen from yet another legitimate courier.

 

 

The GDRP and WHOIS

The purpose of the General Data Protection Regulation (GDPR) is to protect the personal data and rights of individuals. This important bit of legislation is of vital importance to protect Europeans’ rights. While Europe makes out about 7% of the world population, this massively affects the remaining 93% of the world population. Also the rights of the remaining world populace.

One area where there is much risk is in the current domain registration system  (WHOIS). We see a current comment by Göran Marby, President and CEO, ICANN: https://www.icann.org/news/blog/data-protection-and-privacy-update-seeking-community-feedback-on-proposed-compliance-models

Essentially we have three models being proposed for a new WHOIS model:

• Model 1 would allow for the display of Thick registration data, with the exception of the registrant’s phone number and email address, and the name and postal address of the technical and administrative contacts. To gain access to these non-public data points, third parties would be required to self-certify their legitimate interests for accessing the data. This model applies if the registrant is a natural person, and the registrant, registry, registrar and/or the data processor is in the European Economic Area.

• Model 2 would allow for the display of Thin registration data, as well as the technical and administrative contacts’ email addresses. To access the non-public information registries and registrars would be required to provide access only for a defined set of third-party requestors certified under a formal accreditation/certification program. There are two variations on how this model would apply. Model 2A applies to registrants who are both natural and legal persons, where the registrant, registry, registrar and/or the data processor is in the European Economic Area. Model 2B would apply to registrants who are both natural and legal persons, where the registrant, registry, registrar and/or the data processor is regardless of location, that is on a global basis.

• Model 3 would allow for the display of Thin registration data and any other non-personal registration data. To access non-public information, a requestor would provide a subpoena or other order from a court or other judicial tribunal of competent jurisdiction. This model would apply to all registrations on a global basis.

Artists Against 419 regularly receives abuse reports from consumers, sometimes the very individuals referred to in the GDRP, where domain registration details are used to show patterns of fraud by a registrant. From this we have to gather that consumers are aware of WHOIS details and regularly use it to protect themselves. The Artists Against 419 database is a testimony to this; savvy consumers protecting consumers.

It’s our contention that Model 1 is the most appropriate. Considering we are taking our view from a malicious domain stance,  we have to point out malicious registrants regularly and deliberately lie. We regularly see registrants claiming to be private persons, registering their domains with fake registrant names such as Clays, Bar, to only be later found to be spoofing Barclays Bank with such a domain. Nominet is a great example of this abuse where they have made this distinction, so we have case material. We see malicious name servers registered in the .EU namespace with fake details as natural persons in the EU (yet we know these registrants are from Nigeria), to use them to name serve a range of malicious websites. Lessons learnt!  These are NOT natural persons and neither should natural person protection be allowed for such usage. There is a distinct difference between a natural and a legal person, recognition is given for such in the GDRP. Add that many registrars deliberately frustrate accountability mechanisms, abuse in this area can lead to gross consumer harm, not only for the EU citizens the GDRP is meant to protect, but also the rest of the world. In a nutshell: this will be an opportunity for new abuse if this loophole is left open. We have to make a clear distinction between domains used for business and vanity purposes. If a domain is used to facilitate an online business, either directly or indirectly (such as the name servers in the .EU namespace), they are commercial and legal persons. Any domain incorrectly labelled as a private person, yet used for a business website or email, a legal person role, should be suspended until such a registration is corrected. For the longest times we have seen malicious resellers abusing the DNS system to further fraud. We can learn from Nominet and EurId.

Of Experts, Exspurts and perversion

A while back an appointed “expert” in registrar proxy discussions said, if the consumer wants to see the owner details, they can look on the associated website (What if the domain is used for email only purposes? Or has hidden content? Or no contact details?). He then went on to explain how he would frustrate authorities not in his jurisdiction if the domain registrant is under his proxy protection. That’s why we categorize these folks into two categories: Experts and Exspurts.

Many privacy experts are experts in privacy, forgetting an enemy to privacy, fraud. Fraud is typically accompanied by devious tactics to hide the perpetrators true location, many times in a layered fashion; fake registration details submitted via a web proxy, then hidden behind a registrar proxy.  Many a time the registrar will gladly accept registrations from an area renown for fraudulent registrations, yet gladly accept an American address that is then hidden behind the registrar’s proxy.  This frustrates accountability. Yet the GDRP makes provision for fraud checks, in fact has wording that would indicate the supplier is expected to do fraud screening. When the product of these failings are launched on consumers, we see the fraud and loss of privacy: databases with consumer details hosted on bullet proof facilities and abused in fraud, leaking the  details of the targeted victims out indiscriminately to the world. We have plenty of case history in this regard, but for ethical reasons we will obviously not publish information of where details of innocent victims (the individuals in the GDRP) can be found. But we will reveal that certain registrars have been shown this and they ignored this, quite happy to provide their proxy services as sponsoring registrar while innocent consumer details were being leaked onto the net at a bullet-proof hosting provider (Hello “supply a US court order, we are only a registrar” Namecheap!).

It is for these reason any product of the GDPR discussions at ICANN should be measured against the intention of the GDPR.  It can equally be perverted for ulterior motives to the detriment of the consumer. While that consumer may be in the EU and may get some assistance from the authorities in the EU in such a case (but not in Malta apparently), this may well be disastrous in other jurisdictions, eventually ending up as gross human rights violations, a consumer bloodbath. Then we had somebody expressing the intent to use the GDPR to force Domaintools to close down. Really? WHOIS data is crucial to a stable internet and trust. It protects if used correctly. While it was not intended for such, neither was the internet intended for fraud. WHOIS has proven to be an effective tool.

We trust the European Union will also look at the result these discussions and give feedback in an informed fashion from both a privacy and consumer anti-fraud perspective. There is a reason cyber fraud has been growing fueled by gross proxy abuse.  There are reasons cyber fraud is at an all time hight. It requires infrastructure. Part of that infrastructure is built upon self-blinding and ignorant service providers, including some registrars. The GDPR has much merit and is needed. In the domain registration space, this can easily be an opportunity to improve on issues long outstanding since at least 2003, better consumer protection.

We have show how pacecourierexpress.com is an unaccountable turd at a registrar renown for domain abuse. We have seen that there is no way for a consumer to do due diligence and pacecourierexpress.com ends up being a consumer trap. This could well be the future for the global consumers and businesses alike on the internet if the GDRP is implemented incorrectly or perverted.

Think carefully. We have a delicate balance to maintain. If we can’t create a better situation for consumers, we should not leave consumers worse off.

Let’s stop pretending

Also feel free to read a brilliant article by FireFly,  a member of the well known ScamSurviors who regularly assist victims to cyber fraud, delving into the hell victims to cyber fraud find themselves in, a situation that should never have been:
https://www.scamsurvivors.com/blog/lets-stop-pretending/