Sad story of Tokelau, and how its top-level domain “became the unwitting host to the dark underworld by providing a never-ending supply of domain names that could be weaponized against internet users. Scammers began using .tk websites to do everything from harvesting passwords and payment information to displaying pop-up ads or delivering malware.”
Clive Robinson • November 14, 2023 10:57 AM
@ ALL,
Re : Off the electronic map.
“Sad story of Tokelau”
It needs to be said that the real problem is,
“Crooks will be crooks, and old cons move fast to new technology, then move on again.”
Not meaning to be pessimistic but what happened with .tk was rather more than inevitable, it came “built into the system” which we in the West designed and built.
Those who have looked at history might know why the FBI came to exist and also where it went horribley wrong and thus has a very very poor reputation even today.
The fact is,
“Technology is neither good or bad, it just exists.”
Good or bad is decided in the main by third parties that are often just observers, looking through their own points of view shapped by the norms, mores, morals of their society and it’s usually well out of date regulation and legislation.
The thing is it’s easy to say with hindsight the representatives of the 1400 islanders,should have done XXX, but that is basically saying they are guilty of not being omnipotent, a crime we are all guilty of.
The simple fact is that defence has a broad perimiter to protect, whilst attack needs only the tiniest crack to get a success.
If attacks can be made inexpensive compared to potential gain from carrying them out then the attacks will happen. Worse an attacker can concentrate resources in single points, something a defender can not do. The attacker thus has “depth” versus the defenders “breadth”. It’s asymetric warfare stripped to the bare bones.
The only real solution is that we should take considerable care not just in the design of systems, but how we build and operate them as well.
We borrow bio-medical terms to describe various failings in technology… But do we see the equivalent of “effective health care” system?
No… Something people should think about.
Even the Nobel Economist Friedrich Hayek realised this was ludicrous, in his commentry on the need for Social Security Nets he said in “On the road to surfdom”.
“But there is no incompatibility in principle between the state’s providing greater security in this way and the preservation of individual freedom. Wherever communal action can mitigate disasters against which the individual can neither attempt to guard himself nor make the provision for the consequences, such communal action should undoubtedly be taken.”
As has been previously noted,
“No man is an island”
And,
“It takes a village”
None of us are omnipotent, thus we need to be part of a group that is a society, not for the good of the individual, but for the good of the society that they are a part of.
As I’ve mentioned before there is a balance between,
“Individual Rights v. Social Responsability.”
Not understanding that is bad not just for society but every member within it.
The UN through the ITU is actually supposed to do for electronic communications what the WHO does for health. The fact we have alowed both to become inneffective political footballs in a game of “power grab” does not exactly bode well for humanity.
emily’s post • November 14, 2023 11:28 AM
Yes, but what about moving to tiktok.tk ?
JonKnowsNothing • November 14, 2023 12:23 PM
@Clive, All
re: why the FBI came to exist and also where it went horribley wrong and thus has a very very poor reputation even today.
An side note on social and subliminal views of LEAs (everywhere).
If one looks at the list of published (legit published) fiction books in the “Crime, Mystery, Thriller” categories there are a significant number of these stories that include corrupt LEA agents, divisions or even entire organizations.
It doesn’t matter where the story originated, it’s a global phenomenon. These are fiction stories, there is plenty of non-fiction to match up.
The global social network is pulsing with the poor reputation of LEAs.
This aspect goes beyond the industry content demand that requires:
Anon E. Moose • November 14, 2023 2:07 PM
So after reading the article the question remains, “Do we block all .tk domains or not?”
Stéphane Bortzmeyer • November 15, 2023 6:20 AM
Note that the article is good but could have used a serious proofreading by someone knowledgeable. The ccTLD is not “tacked onto the end of a URL” but onto the end of a domain name, ICANN is absolutely not “tasked with maintaining the global internet” (noone is), .com is “tied to specific countries”, like any domain name, its registry is incorporated in one country and subject to the laws of this country (here, the USA),
Freenom is registry of .tk and not “registrar”, etc.
Clive Robinson • November 15, 2023 12:00 PM
@ Anon E. Moose
Re : Self preservation is not a crime.
“Do we block all .tk domains or not?”
The simple answer is
If you’ve a lot to lose and nothing to gain then it’s a pragmatic approach.
My view for a long time now is to ask,
“What is the business case for having this computer connected?”
Very few answers I’ve heard even make sense. Most are along the lines of “It seems like a good idea” which is silly realy.
JonKnowsNothing • November 15, 2023 1:54 PM
@Clive, All
re: (modern) “What is the business case for having this computer connected?”
It maybe be silly and it maybe threatening and it maybe discriminatory but large and small corporations, require near 100% on demand response by anyone within the structure
Anyone not responding within a allowed time, gets serious bother. Being in the loo too long is not acceptable. Sometimes being in the loo at all can get you dismissed.
It’s a future-forward view that all employees are thieves and all employees are untrustworthy and all employees are here to do my bidding: any time, any place.
This continues even with 24/7/365 surveillance of all communications, all logs, all access points, all searches, time-to-complete-task (time and motion) and full screen in camera RT imaging.
The folks on the Receiving Dock do not get any less scrutiny; even if their main job is unloading cargo and one might think there isn’t any business case for it. Bosses know how long it took for the forklift to get the pallet into the bay.
“Work to Rule” is not a common reaction in the USA and an anathema to oligarchs.
===
ht tps://e n.wikipedi a.org/wiki/Work_to_rule
ht tps://en.wikiped ia. org/wiki/Anathema
Anon E. Moose • November 15, 2023 5:05 PM
@Clive “Self preservation is not a crime.” point well said and well taken.
Incidentally, we generally allow one chance and then block and seek out reasons to unblock on a case by case basis. We allow one chance because of our commitment to customer service and I have argued the opposite approach successfully on numerous occasions.
If I see ABC entity harming XYZ organization I will endeavor to defend against ABC before I can become their next victim.
Doodle • December 5, 2023 3:18 AM
I find the article rather disingenuous.
Applying the same logic the author is using, the article could just as well have been “how HTTP (as opposed to NTP) became the protocol for online scamming”, or “how country X (as opposed to country Y) became the breeding ground for scammers”, etc.
The question is, out of all the variables that may correlate with scamming activity, what makes the author believe that TLD an especially important one, so much so that it’s worthy of writing a hit piece about?
So instead of singling out Freenom or Tokelau of “providing a never-ending supply of domain names that could be weaponized against internet users”, how about a introspection on the role our entire society including the author himself has played in providing a never-ending supply of impoverished kids, disproportionately higher percentage of whom grew up to become scammers?
Clive Robinson • December 5, 2023 4:40 AM
@ Doodle,
Did you actually read the article or are you just trolling as a vested interest or with a political axe?
If you read it properly, you will find the article is about an individual, not the technology.
An individual who scammed a small island nation, the council of which were not sophisticated in the technology for reasons explained in the article.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Morley • November 14, 2023 10:32 AM
It’s too bad top level domains didn’t really work out, except for making registrars money. I want AOL Keywords back 😉
It’s technically feasible to do away with unenforced ones, but probably not socially.
Maybe their purpose is now to show how poor or shady the site is. It’s too bad charging more is the cheapest way to curb abuse.