With cyberattacks becoming a routine in the business and private sector, certain procedures and tactics are being implemented to ensure that both are kept safe. In fact, the Internet Corporation for Assigned Names and Numbers (ICANN) has recently come into the limelight with their new approach to security online. In a general sense, ICANN helps the internet as we know it to operate efficiently and smoothly by keeping databases and domain systems error-free and prompt. However, among the information that they regulate is a personal piece of data that can be tied back to each domain that has an online foothold. To put it simply, each website, business, blog or review website that we visit is associated with a person or company that registered that domain in its early days. Through ICANN and WHOIS database privacy, this information can be attained by anyone from the general public.
The Double-Edged Sword
But as we soon find out, WHOIS database privacy and registry information acts as a double-edged sword. Although many security researchers and professionals use this information to deem a domain trustworthy or problematic, hackers and crackers may rely on this data to scheme an attack. Hackers and would-be criminals could use the WHOIS data to pinpoint their attacks at targeted individuals that may have pertinent information regarding a certain database. This can manifest itself in a spear phishing attack on a CEO or CTO, finding out what software the company is using for their data storage or even contact information for social engineering.
Light In the Darkness
Although intensive domain name database privacy sounds like the perfect solution to cyber threats, it creates an advantage for prospective attackers to remain anonymous. WHOIS data, in its general sense, could act as validation for specific brands, businesses and individuals that operate within the digital realm on a regular basis. When a user performs a search for a domain’s credentials and finds that they’re associated with trusted and respected businesses, they’re more likely to engage with them. Conversely, the new laws that regulate and hide this information from the public creates a sense of mystery and protection for individuals that wish to steal information.
To illustrate how this works, we can simply take a look at the average user’s spam folder. If you’re using a mainstream email provider like Gmail or Yahoo, you will notice a large accumulation of spam that gets collected during the week. These messages are tested against WHOIS data to see whether the contents of that email are malicious or legitimate. With new restrictions in domain name database privacy and available information, more spam will make its way into our lives. This will inevitably get ugly when more of the general population, including privately-owned businesses and operations, fall victim to outside attacks. With great information comes great responsibility, and many legitimate security researchers are worried about the stability of technology and user safety moving into the future.
Go to Source