So a lot of scammers have been arrested, good. But why mention it here?
Let us take a look at some of the domain names mentioned by this official German police press report:
ewe-ewe.com
Registration Service Provided By: Heihachi Ltd. WHOIS-Protectiondress4style.com
Contact: abuse@heihachi.net
Domain name: ewe-ewe.com
Registrant Contact:
Heihachi Ltd. WHOIS-Protection
Sergey Ershov ()
Fax:
Calle 53
Marbella, PA 10000
PA
Administrative Contact:
Heihachi Ltd. WHOIS-Protection
Sergey Ershov (support@heihachi.net)
507.6458546
Fax: 507.6458547
Calle 53
Marbella, PA 10000
PA
Technical Contact:
Heihachi Ltd. WHOIS-Protection
Sergey Ershov (support@heihachi.net)
507.6458546
Fax: 507.6458547
Calle 53
Marbella, PA 10000
PA
Status: Active
Name Servers:
ns1.heihachi.net
ns2.heihachi.net
Creation date: 09 Aug 2010 01:26:36
Expiration date: 09 Aug 2011 01:26:00
Registration Service Provided By: Heihachi Ltd. WHOIS-Protectionelektro-grosshandel24.com
Contact: abuse@heihachi.net
Domain name: dress4style.com
Registrant Contact:
Heihachi Ltd. WHOIS-Protection
Sergey Ershov ()
Fax:
Calle 53
Marbella, PA 10000
PA
Administrative Contact:
Heihachi Ltd. WHOIS-Protection
Sergey Ershov (support@heihachi.net)
507.6458546
Fax: 507.6458547
Calle 53
Marbella, PA 10000
PA
Technical Contact:
Heihachi Ltd. WHOIS-Protection
Sergey Ershov (support@heihachi.net)
507.6458546
Fax: 507.6458547
Calle 53
Marbella, PA 10000
PA
Status: Active
Name Servers:
ns1.heihachi.net
ns2.heihachi.net
Creation date: 30 May 2010 17:30:10
Expiration date: 30 May 2011 17:30:00
Registration Service Provided By: Dinghost Limited
Contact: whois@protected-ns.info
Domain name: elektro-grosshandel24.com
Registrant Contact:
Dinghost Limited
Dimitri Povak ()
Fax:
Calle 53, Marbella
Panama, PA 10000
PA
Administrative Contact:
Dinghost Limited
Dimitri Povak (whois@protected-ns.info)
507.8321668
Fax: 1. 507.8321668
Calle 53, Marbella
Panama, PA 10000
PA
Technical Contact:
Dinghost Limited
Dimitri Povak (whois@protected-ns.info)
507.8321668
Fax: 1. 507.8321668
Calle 53, Marbella
Panama, PA 10000
PA
Status: Active
Name Servers:
ns1.heihachi.net
ns2.heihachi.net
Creation date: 09 Feb 2010 11:23:17
Expiration date: 09 Feb 2011 11:23:00
The last domain linked to Dinghost and Heihachi is just a continuation of the pattern described on this blog after the Spamhaus attacks.
Similar domains linked to Heihachi and fraud can be found by simply using Google. You will quickly find the anti-abuse forums and victim forums are littered with these domains.
As such when the police report mentions the DDoS attacks linked to the arrested parties, it is no surprise. Heihachi has a dismal reputation of all things bad. Nothing good has yet been known to come from Heihachi, not even a mysterious .
This further makes you wonder how a domain name system can be subverted, corrupted and perverted as to be abused by criminals. It is also on record that Enom and their reseller Namecheap has been notified extensively of invalid whois details that Heihachi is using, also the activities of Heihachi.
If anything, the Heihachi can of worms will go down as a black mark against the credibility of the current registrar system and privacy abuse, which in itself is a danger to true accountable privacy.
Why? Let us look of all the whois issues linked to the actual Heihachi domain, where American registrars allowed the situation to continue and even acting as a proxy for them. Further Heihachi themselves were allowed to to act as a reseller and privacy proxy themselves for further criminality:
2008-09-05:
Heihachi is registered via EstDomains, EstDomains themselves closed down later after being linked to illegal activities.
The red flag here is "Mailgasse 42" which cannot be found in Berlin. Postal code 10024 is also invalid. The telephone number is a geographical number linked to Hedemünden in Germany.Registration Service Provider: LovingDomains.com - E-Gold Domain Registration Website: http://www.lovingdomains.com Accept Pecunix, e-Bullion, E-Gold, PayPal, MoneyBookers, WebMoney, Epassporte, Liberty Reserve, Fethard Finance and Capital Collect Domain Name: HEIHACHI.NET Registrant: Heihachi Host Peter Schneider (heihachi.web@gmail.com) Mailgasse 42 Berlin Berlin,10024 DE Tel. +049.5545856852 Creation Date: 05-Sep-2008 Expiration Date: 05-Sep-2009
Conclusion: Serious whois issues exists for this domain and the details are not credible.
On or around 2008-12-04 the Heihachi.net domain is moved to the registrar Direct-I in a bulk transfer of the EstDomains domain portfolio and Estdomains is not longer an ICANN registrar.
2009-01-02:
On or around 2009-01-02 the domain's regsitration details changes:
Looking at where this address is on map, leads to the industry and anti-abuse group jokes referring to Heihachi as "the reseller who lives in a tree".Registrant: Heihachi LTD Heihachi.net (support@heihachi.net) 233 Middleton rd Apt 1715 Glenside Wellington,6037 NZ Tel. +064.48311333
We can clearly see from Google maps that 233 Middleton Rd, Glenside, Wellington will not ever be big enough for a building that could ever house an "apt 1715". Looking at this street corner property, shows it to be an undeveloped piece of property with only trees and not much more.
View Larger Map
2009-01-08:
For certain reasons, most likely Direct-I's low tolerance for Internet abuse, Heihachi moves away within a week of being transferred to Directi-I to Enom, using the Enom reseller Namecheap, also using their privacy protection:
However the domain registrant details is immediately changed back to the invalid address used previously:Registration Service Provided By: NameCheap.com Contact: support@NameCheap.com Visit: http://www.namecheap.com/ Domain name: heihachi.net Administrative Contact: NameCheap.com NameCheap.com NameCheap.com (support@NameCheap.com) +1.6613102107 Fax: +1.6613102107 8939 S. Sepulveda Blvd. #110 - 732 Westchester, CA 90045 US
Registration Service Provided By: NameCheap.com Contact: support@NameCheap.com Visit: http://www.namecheap.com/ Domain name: heihachi.net Registrant Contact: Heihachi.net Heihachi Ltd WHOIS PROTECTION () Fax: 233 Middleton rd Apt 1715 Glenside, State 6037 NZ
We also now see a bizarre Heihachi Ltd WHOIS PROTECTION ().
At this stage, reports of invalid whois details and serious issues of criminality are being escalated to law enforcement and the Registrar Enom and reseller Namecheap.
2010-04-11:
In reaction to continued pressure, the domain name now adopts the proxy services of Namecheap:
Considering Heihachi themselves are in turn acting as a proxy for their clients that are later arrested, we need to consider how transparent and desibrable a proxy for a proxy itself is. What message is this sending out to the global internet community? We also need to ask how this situation ever was ever allowed to develop as it make a mockery of the whois requirements in the DNS system. Naturally this decision is questioned and escalated to to Enom and reseller Namecheap. ICANN is also copied on some of the communications.Registration Service Provided By: NameCheap.com Contact: support@NameCheap.com Domain name: heihachi.net Registrant Contact: WhoisGuard WhoisGuard Protected () Fax: 8939 S. Sepulveda Blvd. #110 - 732 Westchester, CA 90045 US
2010-05-02:
Registration Service Provided By: Heihachi LTD. Contact: support@heihachi.net Visit: www.heihachi.net Domain name: heihachi.net Registrant Contact: Heihachi.net Heihachi Ltd WHOIS-PROTECTION () Fax: Calle 53, Marbella Bella Vista Panama, PA 00000 PA
Heihachi now suddenly sports a Panama address. Of note is that Heihachi, despite it's dismal record of ignoring valid whois requirements and in fact being implicated in numerous criminal issues, is now an Enom reseller!
Not unsurprisingly, the registrant address shown here does not bear closer scrutiny. The published address is that of the Panama City World Trade Centre!
It is possible that Heihachi may have an office or post box at this location and the lack of more exact details that would postal message persuant to the domain registration agreement to reach it, is just an honest oversight. Yet numerous telephone calls later to parties linked to the Panama City World Trade Centre, now indication can be found of Heihachi at this address.
Also linked to this address is telephone number +507.8321668. This is a VOIP (Voice over IP) number in Panama, indicating the number need not be linked to Panama as such, but the recipient may find himself anywhere where the internet reaches. To date no records can be found of anybody calling this number successfully, despite repeated efforts by numerous parties.
ICANN registrar Enom is made aware of these issues.
2010-05-18:
The Heihachi domain now sports Enom's "Whois Privacy Protection Service":
The registrant details stays proxied using Enom's privacy services to date, despite Enoms being aware of serious issues linked to this domain.Domain name: heihachi.net Registrant Contact: Whois Privacy Protection Service, Inc. Whois Agent () Fax: PMB 368, 14150 NE 20th St - F1 C/O heihachi.net Bellevue, WA 98007 US Administrative Contact: Whois Privacy Protection Service, Inc. Whois Agent (prjcxxfb@whoisprivacyprotect.com) +1.4252740657 Fax: +1.4259744730 PMB 368, 14150 NE 20th St - F1 C/O heihachi.net Bellevue, WA 98007 US Technical Contact: Whois Privacy Protection Service, Inc. Whois Agent (prjcxxfb@whoisprivacyprotect.com) +1.4252740657 Fax: +1.4259744730 PMB 368, 14150 NE 20th St - F1 C/O heihachi.net Bellevue, WA 98007 US
Heihachi also retains it's Enom reseller status.
Furthermore domains sold via Heihachi all sport "Registration Service Provided By: Heihachi Ltd. WHOIS-Protection" and these domains are regularly linked to fraud. The domains ewe-ewe.com, dress4style.com, elektro-grosshandel24.com mentioned earlier and indicated in the police report is all evidence of this abuse.
Also, Heihachi is implicated in numerous DDoS attacks in this time.
We need to now ask ourselves how we ever got to the stage where millions of dollars/euros were defrauded from internet users? How come one of the top American registrars allows this farce to continue?
The German authorities catching some of the perpetrators is small consolation, but cannot make up for the damage done in terms of financial loss nor loss of trust in the internet, all due to fraud.
Note: The mentioned Lego scams where scamming those that could least afford it over the Christmas period, the financially challenged, and where parents were simply trying to get the best Christmas present possible for the little money they had in a recession that Christmas. Needless to say these children are will grow up to remember a certain Christmas when Santa never came. Money for their presents went to criminals and indirectly American corporates.
There will be no recovery of financial losses for the victims to the fraud, many of them which should and would not have been if Enom and Namecheap followed the rules of their accreditation agreements and had not gamed the requirements of the DNS system.
The recent USA court findings of Tucows not being responsible for abuse of their proxy services since the registrar accreditation allows no third party beneficiaries as per the , lays the foundation for much more similar abuse to the issue illustrated above. In a nutshell the ordinary user has no protection from ICANN either to ensure a healthy internet environment and ICANN can only be considered at best a mutual protection "club" for registrants, registrars and resellers. In the Heihachi saga the costs are being shifted to the authorities in Germany, while the profits are being diverted to criminals, some of who were caught, and unaccountable domains resellers and registrars who it appears chose self blinding.
At this stage I would like to say that Tucows is an excellent domain registrar and I consider them one of the best who proactively takes steps against abuse of their services. As such the Tucows court victory is a small personal consolation, but a sad day for the internet's ICANN unwashed.
Further it also flies directly against the sentiments voiced by President Obama in his document titled
INTERNATIONAL STRATEGY FOR CYBERSPACE
Prosperity, Security, and Openness in a Networked World
11 May 2010
In this document much is said in terms of fostering trust in the internet. We can only but hope that is a precursor to another "Heihachi" never being allowed to develop using American companies and resources to target foreign nationals, DDoS foreign and American infrastructure or any other party.
Heihachi has truly become a can of worms that could be well used by ICANN and it's SSAC as a case study of what not should be happening. We can ask what message this is sending out to the internet community and anyone contemplating using the DNS system for fraud.
It may be argued that perhaps the domain registrars and resellers were simply cooperating with the authorities. However the authorities actually set a date stamp on the initiation of the investigations:
Am 28.09.2009 meldete sich bei der Polizeiinspektion Nördlingen der Mitinhaber eines örtlichen Unternehmens. Der Grund lag in den zahlreichen Anfragen einiger Personen, die angeblich über die Internetseite „ja-kaufen.com“ (nicht mehr online)Invalid and abuse reports to the sponsoring registrar were initiated well before this date.