Security Watch

Keeping Track of patches and hacks in the IT security world.

Registrar Bends to Pressure from Researchers

The lesson of this story? If you believe in the quality of your work, don't let anyone try to move you off your spot.

Over a week after anti-spam research house KnujOn first called out India-based registrar Directi for allowing its business partners to support illegal online pharmacies, the registrar has sought a truce with the experts after cutting ties with the questionable domain owners.

As you may have followed via a pair of posts in this space last week and the subsequent comments filed by the involved parties, KnujOn and Directi, along with some other researchers who got into the debate, had partaken in some heated exchanges, with the registrar questioning the KnujOn report, which it initially labeled as "baseless," and KnujOn refusing to submit to the company's demands to retract its claims.

For, after questioning everything from the quality of the KnujOn conclusions to the journalistic integrity of those (ahem) who chose to cover the paper on "phantom registrars" that fail to vet their customers properly, Directi has moved to quell the issue and suspend the accounts of the illegal pharmacies that apparently have indeed been using its services.

In a blog posted to its Web site, Directi all but admitted that it has been at least partially wrong all along, though it still maintains that it was merely associated with some less-than-savory partners and customers.

"Directi affirms they are in no way supporting illicit online pharmacies," the registrar said. "KnujOn has sent a list of newly populated fake pharmacy domains that Directi suspended. Directi and KnujOn now jointly call on the Internet community, private industry, and government to help develop policy and methods to put a stop to the fake pharmacy menace since registrars cannot do this alone."

Now that's a significant departure from the tone that Directi was taking last week, when it all but called KnujOn head honcho Garth Bruen a sensationalist liar for outing the issue of the Indian company indirectly enabling the illegal pharmacies to do business.

At the end of the day, Directi is right, registrars do need help from organizations including ICANN and local law enforcement officials in keeping the nefarious pharmacies offline.

However, it's a good thing that Bruen and Jart Armin, another independent badware researcher (and the mind behind didn't raise the white flag once Directi started questioning the validity of their work.

It is worth pointing out that the researchers did slightly tone down some of their initial claims once it became clear that Directi was interested in further investigating how it might be associated with the involved pharmacies that the experts had identified, and that it did not appear to knowingly endorse the use of its services by the sites.

Now all the people involved appear to be on the same page, with Directi distancing itself from the partners that led to the KnujOn conclusion, and explaining how some of its services were being abused.

Bruen is rightly feeling vindicated after dealing with a lot of stress and drama regarding the issue over the last week, including the threat of defamation lawsuits from Directi.

But now he appears to be even more determined to push forward with his research, as clearly the discussion that was launched based on his report has led to the desired change, and further established the need for such efforts to at the very least move important conversations regarding Web security out of the shadows and into the light.

"This is key. It was public exposure, disclosure and discussion that made this all happen," Bruen said in an e-mail. "And it will be the continuous public pressure that will lead to permanent fixes. What attracted us to Directi was the company they appeared to be keeping: [registrars] and resellers who were pumping the fake pharmacies into the system."

Directi has promised to re-evaluate its relations with many resellers as a result of the work.

Kudos to the registrar for moving to resolve the issue and answer the call of legitimate researchers; this is how this whole power of the press thing is supposed to work!

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to