On the 20th of Jan 2018 we sent an email to Tucows and the reseller SmarterASP on domains used for websites selling both legitimate and forged passports, visas, drivers licenses etc. They also claimed to sell forged currency. The reality is this is a well known scam used by Cameroonian fraudsters. Invariably these lead to later extortion where the fraudsters impersonate the authorities and fees/fines are payable.
Naturally such activities are illegal globally. Even if you don’t understand how the fraud plays out, at least any mature responsible person should know that you can’t simply buy a passport, visa or like government issued documents off the web, it is illegal.
Jan 20, 18:05 EST
Dear Tucow and SmarterASP.NET
supportdocuments24hrs.com (website error)
noveltydocumentations.com (currently inactive)
Could you please be as kind as to suspend these domains as being
abused to facilitate illegal activities.
All these domains belong to the same owner with email
firstname.lastname@example.org and a German address. While this is now hidden,
domain MIGRATIONDOCUMENTS.COM had the following registration details
which are incomplete and most likely fake.
> Registrant Name: Migration Documents
> Registrant Organization: CreativSoft Pvt Ltd
> Registrant Street: Brandenburg Brandenburg
> Registrant City: Berlin
> Registrant State/Province: Br
> Registrant Postal Code: 28359
> Registrant Country: DE
> Registrant Phone: +1.2687362645
> Registrant Phone Ext:
> Registrant Fax:
> Registrant Fax Ext:
> Registrant Email: email@example.com
These are Cameroonian scams where the scammer targets the victim,
typically found via spamming, social media abuse, or classifieds with
fake offers, only accepts payment via anonymous payment methods where
no charge-back can be done and then does not deliver. Essentially this
is money laundering. In a follow up scam, impersonating the
authorities, the scammer will claim the victim ordered illegal goods
and a fine is payable, thus extorting the victim. This modus operandi
is common in Cameroonian scams.
Typically these websites target desperate people in the Middle East
and are associated with job seekers. While these may seem ridiculous
scams, the level of ignorance pertaining to the illegalities of these
are extremely high. One such victim tried reporting it and was told
he’d be arrested if he continues bothering the authorities in Egypt.
More details below:
While the index page shows a deceptive temporary holding page, real
content is hidden.
This domain is abused to perpetuate a fake currency scam at URL:
Obviously selling fake currency is illegal internationally.
Here we see the owner claims to be selling “real and fake” passports,
even going as far as to calim to be able to “erase all the previous
information” regarding seized passports under “My passport has been
seized, Can you erase my previous information and produce me a new one
with same info?”
On this same page the owner also claims their passports can be used in
lieu of governmental passports under “Can I use your Real documents
instead of the ones from the authorities ?”
Here we see the owner claiming to sell IELTS certificates. The IELTS
certificates testing and issuing are controlled by the British
Council, IELTS Australia Pty Ltd and Cambridge Assessment English
based upon examination and can’t be bought off a website.
Likewise birth certificates, marriage certificates, driver’s licenses
etc are being sold.
Obviously there is much fraudulent misrepresentation on this website
and the choice of domain name shows intent to defraud.
Once again the content for this domain is hidden. It can be found here:
The actual website content is very similar to the previous domain’s
web content and indicates illegal activities.
While not hidden, the content is once again various forms of forgeries
as previously. Also SSN number, birth certificates and death
certificates are being sold. Even bank statements and resident permits.
Essentially this is another forged document scam as seen previously.
While this website is currently failing due to an error, we did
capture snapshots of the website in December 2018:
This snapshot can also be verified via Bing:
While this domain currently has no DNS, it’s essentially another
forged document scam as seen previously.
The hosted content can be found in Bing:
While a hosting suspension could offer short term relief, this would
be fruitless if the domain owner can simply re-point DNS elsewhere and
re-host the websites. As such a domain suspension would be preferable
and also not unreasonable to request, given the nature of the domain
We notice the not so beautiful (actually fake) registration details pointed out for these domains.
Having supplied the registrar and reseller these details, what would a reasonable party do? After all, has the Registrar group not said in ICANN policy discussions they generally would not ignore such complaints? As per the ICANN RAA, a response is due in 24 hours. However, the failure to respond in this time frame, if at all, has become a common occurrence at many registrars.
Having not heard back on this issue apart from an automated ticket ‘Your request (327630) has been received and is being reviewed by our support staff.’, a prompt was sent again on this issue on the 3rd Feb 2018. We received the following reply:
Feb 4, 08:49 EST
Tucows/OpenSRS has no control or ownership over this domain. We are just the Registrar.
We do not host any content or provide bandwidth.
If you wish to launch a concern about abuse, you can try contacting the Internet Service Provider (ISP) or the upstream provider. They may have Rules governing the use of their service. You can also try contacting the actual domain owners by using contact information found on the website.
If this is an issue of trademark, then you may want to review the documentation on how to lodge a formal dispute through the UDRP (www.icann.org/udrp) or a court of competent jurisdiction.
Essentially, we are an administrative body and do not judge or adjudicate issues of dispute.
If the domain does go to arbitration, please send any legal documentation (court filed or filed with an ICANN recognized arbitrator) by email to firstname.lastname@example.org, by post to Tucows, Inc, 96 Mowat Ave, Toronto, Ontario, Canada M6K 3M1.
Please let me know if you have any other questions
Let’s put this response into perspective:
First is the ridiculous response: ‘You can also try contacting the actual domain owners by using contact information found on the website.‘ That sounds like an excellent Lalaland idea (not) to offer some relief, this section is simply mind boggling! Why haven’t we thought of this before? Let’s ask all criminals to stop committing crime, governments can save fortunes annually. Naturally this suggestion receives the contempt it deserves.
We pointed out the domain registration details were problematic before being hidden. The European GDPR was intended to protect the privacy of natural persons residing in the European Union. While nobody denies th need for privacy, Tucows is now using it as a blanket get-out-of-jail-free card to not meet it’s WHOIS obligations. Ironically this was predicted before the ICANN GDPR talks began in earnest. It was stated that Registrars and other ICANN contracted parties would abuse the GDPR to hide the mess that is WHOIS, but one that was used to protect governmental, commercial and consumer interests. It seems we may be correct. In turn this European privacy initiative was hijacked to now hide registrations for companies as well, some of them not even real as in this case. Bogus registration details for a fraudulent company is not a natural person. It’s not even a legal person! This mess was predictable, was predicted and now we are starting to see it’s fruits.
The irony is that in these talks, great fanfare was made about the requirement of the RAA to ensure that Registrars are obligated to collect accurate WHOIS details. This statement was made while we ourselves knew this to be patently untrue! In fact ICANN knew this as well. We had an ICANN Compliance Complaint later escalated to the ICANN Complaints office. ICANN’s own WHOIS accuracy reports in the past testified to this fact. Throughout the history of ICANN accurate WHOIS always has been a problematic issue and much abused to undermine consumers’ rights. Records of this can be found in the ICANN archives.
The irony is the GDPR is now being used by an ICANN Registrar to absolve themselves from any further need for action, dooming consumers who believe they can actually buy both “fake and real documents” off the net, to identity theft, fraud and extortion. The GDPR is now a tool to be used to shield themselves at registrars at the cost of the ordinary consumer.
126.96.36.199 The Registered Name Holder shall represent that, to the best of the Registered Name Holder’s knowledge and belief, neither the registration of the Registered Name nor the manner in which it is directly or indirectly used infringes the legal rights of any third party.
Claiming to be selling real and fake/forged documents to unwitting consumers in an elaborate fraudulent scheme is a blatant breach of this promise.
Registering a domain with fake registration details would be a further breach of the RAA/Registrant agreement, except this is now hidden. We had to use historic WHOIS data to show this problem, DNS abuse. Yet the registrar is now ignoring it, the perfect excuse to devolve the bigger problem to a “content only” problem. The GDPR is now a shield for plausible deniability and self-blinding.
Where we see the ICANN DAAR initiated to highlight problem trends, the Registry Stake Holders Group (RySG) was quick to attack this initiative: https://www.icann.org/octo-ssr/daar. Ironically the GDPR is mentioned as one of the reasons in criticism of DAAR. Yet this is an initiative to highlight abuse that also undermines consumers by the very parties who would most likely be allowing abuse, including abuse of the GDPR. Is the problem the issue, or rather shining light on the problem? Apparently it seems the latter.
During much of the GDPR talks, much was said about government interest in WHOIS data. Likewise commercial interests. There was no real acknowledgement for the common consumer who might wish to look at domain registration data to see if the party he is dealing with is credible. Contrary to what many parties would wish to be true, consumers actually did use WHOIS data to see if there is any credibility to the domain registration data before deciding to deal with a party. Any consumer that saw domain registration details on a domain such as the below, would avoid dealing with the associated website:
Registrant Name: Migration Documents Registrant Organization: CreativSoft Pvt Ltd Registrant Street: Brandenburg Brandenburg Registrant City: Berlin Registrant State/Province: Br Registrant Postal Code: 28359 Registrant Country: DE Registrant Phone: +1.2687362645 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: email@example.com
Now the consumer has to rely on a registrar, perhaps in a foreign country, delivering a service to somebody unknown, blindly hoping and trusting said registrar did in fact take the time verify registration details as is required in the RAA, mentioned by ICANN in the RAA talks and agreed to by registrars. All the consumer now sees is:
Registrant Name: REDACTED FOR PRIVACY Registrant Organization: REDACTED FOR PRIVACY Registrant Street: REDACTED FOR PRIVACY Registrant City: REDACTED FOR PRIVACY Registrant State/Province: REDACTED FOR PRIVACY Registrant Postal Code: REDACTED FOR PRIVACY Registrant Country: REDACTED FOR PRIVACY Registrant Phone: REDACTED FOR PRIVACY Registrant Phone Ext: Registrant Fax: REDACTED FOR PRIVACY Registrant Fax Ext: Registrant Email: REDACTED FOR PRIVACY
Meanwhile the registrar is aware of a serious problem, yet hiding behind the GDPR to do nothing. Too bad for the victims of fraud, ‘We are just the Registrar‘.
However the GDPR does have an accuracy requirement, something that falls by the wayside in all these Lalaland discussions where criminals are now abusing the GDPR to either commit fraud, where we find ICANN contracted parties shield themselves from having to deal with pesky fake WHOIS admin issues well known to exist.
Perhaps the ICANN contracted parties should take the precious time they have now saved, at the cost of the ordinary consumer, to actually read a most insightful article by Fabricio Vayra on CircleID: WHOIS Inaccuracy Could Mean Noncompliance with GDPR
It would be highly amusing to see how this issue would play out if a European citizen was defrauded by one of the reported domains, if the European authorities follow the much bandied about “due process”, to only uncover the garbage registration details. More so if they are aware of the type of responses as shown above on this issue. It should trump all the ICANN / Tucows court cases on the subject of privacy to date. The following article makes for quite an interesting read and we quote from this CircleID article by Michele Neylon:
“In order to have a domain registration system reflective of ‘data protection by design and default’, we started with the GDPR itself and crafted our procedures and policies around it. We built a new registration system with consent management processes, and a data flow that aligns with the GDPR’s principles. Throughout the registration life-cycle, we considered things like transparency, accountability, storage limitation, and data minimization.”
We leave it to the reader to ponder this statement, weighed against the reply received. We are more than sure that ‘Migration Documents’ at ‘Brandenburg, Brandenburg in Bremen, Germany‘ will not be held accountable, no more than Yogi Bear in Yellowstone Park (buried in the annals of ICANN). We are sure the authorities also won’t be grateful for this great domain registration record, once due process has been followed and the waste of their precious resources.
So much song and dance about five domains? Surely not? All the time and money spent, would have been better spent in understanding the nature of Cameroonian fruad. The Brandenburg registrant is most likely a bit south on another continent in another country. The very problem and parties that were allowed to destroy the legitimate pet trade online, as highlighted by a US BBB report, is also responsible for these types of frauds. We only have to search for “undetectable counterfeit money” on Google to see over 200,000 results, many linked to bespoke domains. Enter registrar responsibility. This problem is just as pervasive as pet scams. Ditto “fake/real” passports and other government issued documents. Likewise other forms of abuse that have the authorities reeling from dya to day, overwhelmed by cyber crime complaints and reported losses ever increasing annually.
Newflash: Apparently certain Registrars and contracted parties don’t read the news. Law enforcement is overwhelmed with all the cyber fraud and can impossibly attend to all the fraud on the net. Yet this attitude allows even more DNS abuse to happen, worsening the problem. Allowing invalid registration data into the system, then hiding it in the name of the GDPR for a fake business, even less so.
Certain ICANN contracted parties are quick to absolve themselves from responsibility. They do not want their cash cows to seek refuge at a competitor. Law enforcement is made the scapegoat and given the responsibility to clean up all this abuse on the net and for failing to. The consumer count mounts daily, victims that will never see justice or restitution.
Why are registrars absolved from responsibility for the problem. Making law enforcement responsible for consumer protection in DNS abuse is inappropriate. At best law enforcement is mitigation after the fact of harm done. Law enforcement is bound by jurisdiction, law enforcement needs a victim report, law enforcement has to measure loss vs potential for success, cost of prosecution etc, all belying the self-serving ICANN logic.
Why all the bottoms-up processes if they are not implemented in reality and can be gamed? Why ask for community involvement to develop processes, but to then allow violation of such? Is ICANN looking for disciples, or true balanced input and a balanced result?
Currently turds are being gold-plated, wrapped up in gift wrap and worshiped. But once we remove the wrappings, it still remains a turd. Why wrap clearly malicious domains in pomp and due process? It serves nobody except a select few in self blinding or profiteering by nefarious actors and a rush-to-the-bottom self-destructive model for the internet to the detriment of consumers. This undermines the very credibility of the internet.
What protection does ICANN and it’s contracted parties offer the common consumer, the natural person?