What rights do you have as an ordinary internet consumer?
To best answer this, let’s first look at a recent discovery more than a 100 baby skeletons in a Roman bathhouse sewer:
The discovery of a mass baby grave under Roman bathhouse in Ashkelon, Israel
Along the shores of Israel’s Mediterranean coast, in the ancient seaport of Ashkelon, archaeologist Ross Voss made a gruesome find. While exploring one of the city’s sewers, he discovered a large number of small bones. Initially, the bones were believed to be chicken bones. However, it was later discovered that the bones were actually human –infant bones from the Roman era. With the remains amounting to more than 100 babies, it was the largest discovery of infant remains to date.
Curious as to how and why these infants died, Voss took the remains to forensic anthropologist Professor Patrician Smith. Smith examined the infant remains and determined that there was no sign of illness or disease, and that the infants appeared to have been perfectly healthy when they died. She utilized a method of forensic testing that allowed her to determine that none of the infants had lived longer than a week before dying. During Roman times, it was not uncommon for infants to be killed as a form of birth control. It was not a crime, as newborn infants were viewed as being ‘not fully human’. In most cases, a Roman woman who did not want a newborn would engage in the practice of “exposure.” She would abandon the infant, either to be found and cared for by someone else, or to perish. According to the beliefs at the time, it was up to the gods to determine whether the infant would be spared or not. The most famous account of near-infanticide, is Rome’s foundation story, in which Romulus and Remus, two infant sons of the war god, Mars, were abandoned in the woods but were raised by wolves and later founded the city of Rome.
Strangely, research indicated that the infants at Ashkelon did not appear to have been “exposed.” Rather, it appears they were intentionally killed. One clue into the reason for their deaths lies in the location of the bodies. Investigations revealed that the sewer where the remains were found was directly beneath a former bathhouse. It is possible that the infants were born to prostitutes or laborers who worked at the bathhouse.
Feel free to read the full article here: http://www.ancient-origins.net/history/discovery-mass-baby-grave-under-roman-bathhouse-ashkelon-israel-002399?nopaging=1
So, back to our original question: What rights do you have as an ordinary internet consumer?
The real truth is the internet can be a force for good or bad, yet 2,000 years from now history will judge current internet consumer protection much like we judge the infanticide today.
Today the causal internet user is the “baby” in “Roman” times. Your rights are at the whims of “the gods”, the cyber gods. They are tasked with the impossible. Daily good, honest hardworking people lose money, many times their livelihoods on the net. When this happens, these victim “babies” become the responsibility of law enforcement, “the cyber gods”, since this is where we dump the victims of internet fraud. Yet the lead up to this fraud is mass profiteering by businesses, “the ladies of pleasure”, that handles their business affairs on the net with total disregard of consequences, the “baby” victims. Here I’m specifically referring to certain registrars and registries. Some of these registrars and registries are good “ladies” that will not sell their virtue for profit, but many do, resulting in the babies. We also need to ask what landlord ICANN is doing, or rather not?
To understand these strong statements, we need to go back to the start of ICANN. As far back as 2003, abuse in the domain name space was understood and accepted. We find advisories such as Registrar Advisory Concerning the “15-day Period” in Whois Accuracy Requirements. In this advisory we see sanity in statements (emphasis our own) such as:
Where an inaccuracy is minor (e.g., an incorrect postal code), appears inadvertent (e.g., transposed digits), and harms no third party (e.g., readily available means of contacting and locating the customer are provided by the data that is given), a registrar can appropriately conclude that much more than 15 days should be allowed before the registration is cancelled. In such cases the registrar, which after all seeks to promote good relations with its customer, has no motivation to act precipitously. On the other hand, where a registrar encounters a severe Whois inaccuracy being exploited by a registrant to evade responsibility for fraudulent activity being carried out through use of the domain name, prompt action by the registrar is appropriate.
This was an advisory, indicating this was an issue of concern that needed addressing.
As time goes by, we catch glimpses of the issue of consumer trust and protection mentioned from time to time. Central to these are also WHOIS issues. Example in 2005, we see this letter from Jon Leibowitz of the FTC to ICANN: https://www.icann.org/en/system/files/files/leibowitz-to-twomey-09feb05-en.pdf. This letter makes clear the delay and ongoing harm caused by fake registration details. Roll forward to 2009. We see the AFFIRMATION OF COMMITMENTS BY THE UNITED STATES DEPARTMENT OF COMMERCE AND THE INTERNET CORPORATION FOR ASSIGNED NAMES AND NUMBERS in 2009. We find much language ensuring a given, consumer protection. Example:
3. This document affirms key commitments by DOC and ICANN, including commitments to: (a) ensure that decisions made related to the global technical coordination of the DNS are made in the public interest and are accountable and transparent; (b) preserve the security, stability and resiliency of the DNS; (c) promote competition, consumer trust, and consumer choice in the DNS marketplace; and (d) facilitate international participation in DNS technical coordination.
ICANN commits to maintain and improve robust mechanisms for public input, accountability, and transparency so as to ensure that the outcomes of its decision-making will reflect the public interest and be accountable to all stakeholders …
Promoting competition, consumer trust, and consumer choice: ICANN will ensure that as it contemplates expanding the top-level domain space, the various issues that are involved (including competition, consumer protection, security, stability and resiliency, malicious abuse issues, sovereignty concerns, and rights protection) will be adequately addressed prior to implementation.
Roll forward a bit more to 2015. Landlord ICANN now distances itself from the results of the “the ladies of pleasure” – “ICANN Is Not the Internet Content Police” at https://www.icann.org/news/blog/icann-is-not-the-internet-content-police
Allow me to say this clearly and succinctly – ICANN is not a global regulator of Internet content, nor should the 2013 Registry Accreditation Agreement (RAA) be interpreted in such a way as to put us in that role. Our mission is to coordinate, at the overall level, the global Internet’s systems of unique identifiers, and in particular, to ensure the stable and secure operation of the Internet’s unique identifiers. ICANN was never granted, nor was it ever intended that ICANN be granted, the authority to act as a regulator of Internet content.
Institutions already exist that have political legitimacy and are charged with interpreting and enforcing laws and regulations around the world. These institutions, including law enforcement (local and national police agencies as well as intergovernmental organizations like Interpol), regulatory agencies and judicial systems, have the expertise, experience and legitimacy to police illegal activity and to address difficult questions such as jurisdiction and conflicts of law. In most countries, these institutions also offer procedural due process and mechanisms for appeal and are experienced in addressing difficult issues such as the proportionality of remedies. If content is to be policed, the burden is on these institutions, and not ICANN, to undertake such regulation.
In one fell swoop, ICANN’s Chief Contract Compliance Officer just threw the “babies” to the “cyber gods”, at odds of what was promised in the Affirmation of Commitments. We need to ask if this was a deliberate attempt to put business interests before that of consumers rights, in other words profiteering, while not accepting responsibility for the results. This undermines the “due care” principle, making the result the responsibility of already overworked authorities. We will shortly look at this view in detail.
If somebody intent on defrauding consumers, deliberately registers a domain for no other usage than to target internet consumers in cyber-fraud, then such a domain is logically malicious. Any product of it, such as published content, DNS manipulation or email usage can be expected to be malicious as well. The maliciousness starts when the domain is registered. Trying to mitigate issues pertaining to the results of such domain abuse cannot reasonably be expected to be successful, while the perpetrator still has control over such a domain. This was an acknowledged fact that is now somehow being denied.
Consider domain alfatahintlawfirm.com (https://db.aa419.org/fakebanksview.php?key=93735) being abused to create a fake online lawyer presence claiming to be in Ghana, using a website stolen from a real attorney firm in Nigeria, then using it to defraud consumers. It has a hosting history of no less than 17 hosting providers so far! Having this mitigated at a hosting level simply sees this website re-hosted.
Sometimes this may lead to unintended consequences, causing even worse harm. Consider domain boamonline.com (https://db.aa419.org/fakebanksview.php?key=130637) used to spoof the Bank of America with online content. Not understanding the difference between a domain used to spoof the real bank versus a website hacked to plant a phish, saw somebody reporting the website. Yet this was not phishing on a hacked website, this was a serial DNS abuser, registering domains to create fake online presences to be abused in advance fee fraud. While the reporting party may pat themselves on the back, the threat simply changed. The domain is still under malicious control, now being used for email purposes and moved to a professional email provider. The mitigation was a total failure due to incorrect threat identification and mitigation procedures. To shed more light on the nature of the party controlling these, here is a glimpse of his domain portfolio:
perfektchemisch.com – Perfekt Chemisch
tangolonline.com – Tangol Shipping & Secuuirty Co.
gtbplconline.com – GTB / Guarranty Trust Bank
lloydsbonline.com – Lloyds Bank
aamineralsonline.com – A. A. Minerals Limited
buliftracker.com – Bulif Service
boamonline.com – Bank Of America
barodabahamas.com – Bank Of Baroda
bicbankinternational.com – BIC International Bank Limited
synovusfconline.com – Synovus Financial Corp
calyoncib.net Calyon – Corporate and Investment Bank
nyaniandco.com – Nyani & Co. Chambers
standardcharteredgh.com – Standard Chartered Bank Ghana
unitednationonline.net – United Nations Bank
fbnghanaonline.com – FirstBank Ghana
metrosbankonline.com – Metro Bank
chaseonlinesb.com – Chase Bank
globalshipcompany.com – Global Shipping Company
Yes, even a United Nations Bank … all set up to defraud. Any trademark issues are incidental. The purpose is not spoofing for the sake of phishing, the purpose is to target consumers in advance fee fraud.
What happens if we report such domains? We have enough examples. For now we’ll concentrate on the main sponsors of the international pet scam plague, Namecheap. Much of the issues mentioned in a recent US Better Business Bureau report at https://www.bbb.org/en/us/article/investigations/14214-puppy-scams-how-fake-online-pet-sellers-steal-from-unsuspecting-pet-buyers-a-bbb-study emanates from Namecheap. But of importance, the group responsible for this fraud is also identified, parties originating from the Cameroon. The report includes arrest records. Of note is details of the one arrest and what was found:
In addition to obtaining money for Yorkies and bulldogs, the two are alleged to have also offered to sell illegal identification documents such as passports, and also medications, prescription drugs, automobiles and chemicals.
That’s right, also drugs. How does this “Lady of pleasure” please “her” registrant? Enter domain Anncannamed.com used to sell marijuana to cancer sufferers, claiming to be based in Clawson, Michigan, 48017, USA (+1-810-662-0611).
Let’s consider a victim in California, who after undergoing cancer treatment, decided to legally apply for a medical marijuana card. When such was granted, the chosen vendor was the one selling the most hope. This consumer did not realize most “Legal Weed” websites were of the same caliber as the “AKC registered” pet scams flourishing on the internet and manipulated from the Cameroon, also by very much the same parties. At a time the victim was most vulnerable, the following promises were sent:
It’s no coincidence we have an alert on our database entry for this website: Alert: https://www.deadiversion.usdoj.gov/pubs/pressreleases/extortion_scam.htm. This is also exactly what followed, an extortion attempt.
Head Office USA
Address: Douala, Cameroon
Phone: +237 79295765
Further it’s no surprise to also find other malicious domains directly linked to this incident:
Cannapharmas.com – Marijuana scam
Steadycorgiepuppies.com – Pet Scam
Davelabradorpuppies.com – Pet Scam
… and there will be a courier, there is always a fake courier!
Pacificinternationalline.com – a fake courier spoofing the real Pacific Air Cargo.
From other fraud reports available online, we find more extortion and a fake FedEx spoof, fedex-express.us, domain linked to Anncannamed.com:
Also see the comments at https://www.scamadviser.com/check-website/anncannamed.com
There are a few more twists in the incident. Marijuana is not legal in all the states in the USA and most definitely not in Michigan (Clawson, Michigan, 48017):
Anncannamed.com is registered with the “Lady’s” privacy agent WhoisGuard conveniently offshore in Panama, to ensure the privacy of the father of her “baby”, to protect him from “spam”. Yes, we all know spam is the be-all and end-all cardinal sin. You can make “babies” with fraudulent partners, just do not spam!
The response from the responsible “Lady” after having presented her with all the facts? ( [#XJD-406-10000]: Numerous Cameroonian scams)
We have thoroughly investigated your allegation to the extent of our capabilities, but we were unable to validate your claims, unfortunately.
In this situation, Namecheap acts as the registrar only. It means that our ability to investigate the matter is limited since the content transmitted via the website is not located on our server. Please also note that we do not own the reported domain name, we are simply the company the domain name was registered with. Considering the aforementioned points, we recommend that you contact the hosting provider, who would be in a better position to validate your claims and take the appropriate action.
Additionally, if you believe you are a victim of an Internet crime, or if you are aware of an attempted crime, you can file a complaint through Internet Crime Complaint Center at https://complaint.ic3.gov , who are in the best position to fully investigate any such issue across any/all service providers.
Please let us know should you have any further questions.
More “babies” had just been cast to the “cyber gods”.
The initial victim did report this incident to the US BBB, his local authorities, also IC3.
As per Landlord ICANN’s rule-book, the ICANN RAA 2013, Sect #184.108.40.206:
220.127.116.11 Any Registered Name Holder that intends to license use of a domain name to a third party is nonetheless the Registered Name Holder of record and is responsible for providing its own full contact information and for providing and updating accurate technical and administrative contact information adequate to facilitate timely resolution of any problems that arise in connection with the Registered Name. A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it discloses the current contact information provided by the licensee and the identity of the licensee within seven (7) days to a party providing the Registered Name Holder reasonable evidence of actionable harm.
The registered Name Holder, in this case is WhoisGuard. They were requested to supply these identifying details with evidence. Response: None despite a reminder. Said “Lady” created a suitable affiliate guardian to hide her abusive partners. Before walking away from this “Lady”, of which many similar stories can be told, she had another “baby” with the same Anncannamed partner! https://www.bbb.org/detroit/business-reviews/cabanas/anncannamed-in—90032586/reviews-and-complaints?section=complaints
In fact “she” has been noted to be the most prolific “baby” maker with many partners with distinct tastes for illegality. We have to mention said “Lady of pleasure” is apparently no lady. Perhaps it’s high time she should be called to account, FTC – Western Union style, and be forced to uphold her obligations to her “babies”, not casting them to the “cyber gods” to profit from cheap discounted tricks.
There are more similar “Ladies” out there distancing themselves from their “babies” and much the same way. We can only be thankful not all Ladies visit the bathhouses: some are honorable and their virtue is not for sale.
What about the “cyber gods”? They have long since discovered their powers are not endless and simply cannot deal with the results of the “Ladies of pleasure”, despite any expectations or claims set by these ladies or their landlords. We recently saw this report emanating from the UK, admitting something many “babies” already knew:
Just one in 100 crimes on the web ends with a conviction and 99% of crooks escape justice as police commissioner says systems ‘couldn’t cope’ if all reports were passed on
Over the years we have seen similar frustrated reports from the law enforcement authorities in various countries. Currently cyber crime is totally out of control. Years back we laughed about a Nigerian prince wishing to share his millions. Those stories are not popular anymore and new emerging threats regularly pop up. Yet “old news is no news”. The other threats have not disappeared, they are still there. Facebook wishing to hand out millions in a lottery, WhatsApp the same. Or the United Nations seeking your help. Our 419 scam Nigerian prince has since also up-skilled. He is no longer limiting himself to the old still ongoing fraud types, he has evolved to investment scams, claiming to be some legal offshore bank or broker, also offering investment in crypto-currencies. He is even willing to sell the consumer hardware for mining. His arsenal of traps for the ordinary consumer has grown dramatically, set with ever increasing sophistication. Only some make headlines or see alerts put out. Even if it does, such alerts are quickly replaced with new alerts. Yet the old consumer threats continue, they have not become defunct. It’s in this environment, practicing on the consumer, that more serious threats eventually evolve targeting business.
In it’s most simplest form, we can look at the old fake bank as an example. Artists Against 419 was born to address the issue of fake bank websites on bespoke registered domains used to target consumers. Many of these banks were purely fictitious entities, yet many times not – the fake bank was spoofing a real bank. Armed with these skills, the 419-prince eventually started not targeting consumers in 419 fraud, but also phishing. By 2008 this caused some raised eyebrows when a joint anti-419 and anti-phishing member pointed out a new phish was Nigerian based. Within the next year it was a known fact and the bad apple had migrated from a purely consumer threat to becoming a commercial threat, a problem for banks. More followed and many are recorded in the Artists Against 419 database.
When “Mike” made headlines in 2015 with his BEC syndicate, it was merely a continuation of consumer threats, deploying tactics perfected on consumers against commerce.
A yet mostly unrecognized global threat, is the fact that our fake pet sellers from the Cameroon are also targeting business. It’s not uncommon to see the same party selling pets and drugs in the USA, using a fake courier. While these same parties were initially also targeting the Far East, we are noticing more and more threats against business in the European Union: a container of A4 paper, or perhaps a tonne of lobster tail. A few Cameroonian scams have been spotted selling containers in the USA as well. Agricultural equipment or even refurbished manufacturing plants can be found used as bait items. Company identity theft is not uncommon. In a variation of what we see from their northern neighbors, these scammers do not specialize in a few successful scams, they will simultaneously have all these frauds online at the same time. Online trade pages and SEO is massively abused. Any successful tactic on the commercial side is fed back to the consumer frauds and vice versa. These end up using the exact same fictitious courier as the fictitious pets. Domain abuse thrives in this environment. Since 2014 Double-A paper have had alerts out on parties misrepresenting themselves, claiming to be Double-A: https://www.doubleapaper.com/sl/fraud-alert
It’s against this background environment that the “cyber gods”have to decide who is going to be saved. In reality they are made the garbage collectors of the internet, trying to solve what is many time unsolvable, yet flippantly dismissed by the “Ladies of pleasure” as their task, while servicing yet another malicious client. This article is written with much sympathy for some law enforcement and an understanding of the challenges they face. They have finite resources and finite powers, there is only so much they can do. Investigations are typically based upon “loss above or below” X amount and the current workload. Such an amount could easily be fortune or a livelihood for a victim, disregarding the emotional trauma that may follow. Suicide is not uncommon. Further the victim has to report this and be able to supply relevant information that can be used. Yet the mechanisms for frustrating investigations are continuously abused. One such mechanism is supplying bogus domain registration details, international forwarding numbers and disposable emails. We even see domain resellers willing to deliver services once payment has been received via anonymous means, not requesting further details. The typical “bullet proof uphold your right to free speech” resellers are infamous for that. When did fraud become free speech? One even offered to register a domain in his harem of “Ladies of pleasure”, based upon usage. We cannot say the “cyber gods” are dealing with an unplanned “baby”. This was perverted family planning from the start.
We also need to consider commercial issues typically takes precedence over consumer issues. Sometimes it’s a case of who of these victims have the most power or can shout the loudest: A large corporation with PR professionals or a handful of consumer victims? It’s only upon investigating that the full extent of such an issue becomes visible. Yet the handful of consumers targeted by “Joe Soap” is the same as the other individual small groups as targeted by “Sca Mer”, “Bnk Man”, “Fak Mak” and a span of other aliases a fraud syndicate may have, continuously growing and accumulating an ever increasing number of consumer victims. Yet it’s only upon deeper investigation that this is found to be the case. Yet this is never uncovered as the deployed analytics never made it as far as the investigative phase – some new cyber case just hit the headlines again and the news hounds are whipping the public into a new frenzy for blood. The “babies” silently become victims and statistics. We are seeing sick system set up to frustrate good, hard working law enforcement officers that actually joined to protect ordinary consumers, managed by systems that is target driven and where the target is based upon statistics without understanding the small numbers in distinct categories adds up to a massive number in the different faces of the same problem. In the meantime one such lady loves demonizing the “gods” in the name of free speech and human rights while silently trampling on those.
Jurisdictional issues also plays into the problem. Much of the consumer fraud Artists Against 419 sees originates from areas with very little real incentive to investigate and where other local problems are a higher priority for the authorities. Typically international investigations relies on processes that are fraught with political interference and hijacking. Most cases never make it as far as real investigation for this reason.
While it’s easy to blame the “cyber gods” for all the “babies” that are never saved, the simple truth is we should rather be asking the “Ladies of pleasure” why they are not using the means available to them to do proper family planning. After all, what we have just described are events where the authorities are expected to intervene and fix the situation after an incident. That is not consumer protection. The word protection is defined at https://www.merriam-webster.com/dictionary/protection (judge for yourself). What is clear is we see very little protection of consumers against fraud on the internet. The success of such protection would be shown in a decline, or at least a stay, in consumer fraud statistics. Yet we see annual explosive growth. Something is very wrong and we are now very far removed from the trusted internet which would improve their lives we sold consumers on 25 years ago. Nowhere are consumer rights being undermined more than on the net, turning them into “babies”. Yet very very partners of the “baby makers” miscreants, the “Ladies of pleasure”, are recording growing profits. The “baby” making machine is also a money making machine.
How do we hold these “Ladies of pleasure” accountable to force them to do birth control and not perpetuate the current “baby boom”? Consumers cannot do it via civil action. The Landlord’s rules, the RAA, makes it clear it confers no third party rights to the “babies”. Is it perhaps time that the authorities decide to enforce consumer protection? This is done regularly by forcing providers to recall physical products that are hazardous to consumer safety. The FTC took strong action against Western Union. Why not do the same in the virtual world? Those very mechanisms exist in the Landlord’s rules which mandates “family planning” at https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en and may even see them disavowed if such is not done:
5.5 Termination of Agreement by ICANN. This Agreement may be terminated before its expiration by ICANN in any of the following circumstances:
5.5.1 There was a material misrepresentation, material inaccuracy, or materially misleading statement in Registrar’s application for Accreditation or renewal of Accreditation or any material accompanying the application.
18.104.22.168.3 with actual knowledge (or through gross negligence) permitted Illegal Activity in the registration or use of domain names or in the provision to Registrar by any Registered Name Holder of inaccurate Whois information; or
or is the subject of a judicial determination that ICANN reasonably deems as the substantive equivalent of any of the foregoing; or
22.214.171.124 is the subject of a non-interlocutory order issued by a court or arbitral tribunal, in each case of competent jurisdiction, finding that Registrar has, directly or through an Affiliate, committed a specific violation(s) of applicable national law or governmental regulation relating to cybersquatting or its equivalent; or
126.96.36.199 is found by ICANN, based on its review of the findings of arbitral tribunals, to have been engaged, either directly or through its Affiliate, in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest, which trademarks have been registered and are being used in bad faith.