The great Ugg boot robbery of 2009, to give it its deserved title, is actually a daily occurrence all over the world and almost nobody pays much attention. According to the BBC, UK police has this week shut down 1,219 bogus websites selling a range of designer goods, including the said boots, but only after the Chinese criminals allegedly behind the scam had managed to steal millions of pounds from consumers in the UK for goods that never turned up, or did but turned out to be fake.
It’s a small mostly symbolic victory for the Metropolitan Police central e-crime unit (PCeU) because there is absolutely nothing to stop the criminals setting themselves up with new .co.uk domains and starting the scam from scratch, which made it all the more galling that central UK registrar, Nominet, tried to claim some of the glory for the bust. It’s precisely Nominet’s lack of oversight and checking that led to domains being registered on such a fraudulent scale in the first place, and which ended up with consumers being hit.
Can it happen again, yes? Is it happening right now? Yes. What’s to stop it happening again? Nothing, other than the possibility that the police will eventually get around to shutting a particular domain down, but that’s just a hazard of the Internet crime business model.
Nominet will doubtless claim, and with a useful fig-leaf of justification, that they are not resourced or tasked to make checks into who registers what and for what purpose. This is the core of the problem because nobody has that job. As it stands, anyone can set themselves up on the Internet in a few hours and sell whatever they like. UK criminals use such laxity to sell fake concert tickets, a scam that has at its core the useful delay between tickets going on sale and the actual event many months later.
Meanwhile, you can find fake goods sites for anything under the sun, including as we pointed out some months back, batteries for laptops, many sold using .co.uk domains.
Busting websites in public spectaculars and telling the BBC about it will come to naught if something is not done to regulate the ease with which criminals can set up in business to UK residents. Let’s at least make it a bit harder for them.
1. Stop entities without a registered UK office or address from using .co.uk domains, period. This won’t stop fraud per se, but it would make it much harder for criminals to exploit the gullibility of consumers who make assumptions about such domains.
2. The whole ethos of domains is currently to shift as many as possible and stuff who is registering them and for what purpose. That is pathetic. Registrars, and especially core registrars such as Nominet, should be required to set up fraud checking systems that try to spot patterns of registration coming through ISPs in particular countries. Again, this doesn’t stop the criminals moving to another country but makes it harder to appear local.
3. Give consumers a more user-friendly tool than Whois lookups with which to get accurate information on where sites originate and who is doing the registering. At the moment, the industry been able - incredibly - to sell whois anonymity as a paid-for extra, which allows dodgy types to hide their identities. This is mostly an American phenomenon, but the idea should be anathema.
4. Finally, longer term, a way has to be found to introduce a delay between domain registration and setting up in business from that domain, regardless of where it is. This has to be done on a global scale so it won’t happen soon. But a way has to be found before, inevitably, some kind of pressure is exerted by governments, and that won’t be pretty when it happens.
Find your next job with techworld jobs