Measuring Typosquatting Perpetrators and Funders

Moore, Tyler, and Benjamin Edelman. Measuring Typosquatting Perpetrators and Funders. Light Blue Touchpaper. February 17, 2010.

Reprinted at CircleID.

Introduction to Moore, Tyler, and Benjamin Edelman. “Measuring the Perpetrators and Funders of Typosquatting.” Lecture Notes in Computer Science. Springer-Verlag. Financial Cryptography and Data Security: Proceedings of the International Conference 6052 (2010).

Measuring the Perpetrators and Funders of Typosquatting

Moore, Tyler, and Benjamin Edelman. “Measuring the Perpetrators and Funders of Typosquatting.” Lecture Notes in Computer Science. Springer-Verlag. Financial Cryptography and Data Security: Proceedings of the International Conference 6052 (2010). (Introduction, Web appendix.)

We describe a method for identifying “typosquatting”, the intentional registration of misspellings of popular website addresses. We estimate that at least 938,000 typosquatting domains target the top 3,264 .com sites, and we crawl more than 285,000 of these domains to analyze their revenue sources. We find that 80% are supported by pay-per-click ads, often advertising the correctly spelled domain and its competitors. Another 20% include static redirection to other sites. We present an automated technique that uncovered 75 otherwise legitimate websites which benefited from direct links from thousands of misspellings of competing websites. Using regression analysis, we find that websites in categories with higher pay-per-click ad prices face more typosquatting registrations, indicating that ad platforms such as Google AdWords exacerbate typosquatting. However, our investigations also confirm the feasibility of significantly reducing typosquatting. We find that typosquatting is highly concentrated: of typo domains showing Google ads, 63% use one of five advertising IDs, and some large name servers host typosquatting domains as much as four times as often as the web as a whole.

Typosquatting: Unintended Adventures in Browsing

Edelman, Benjamin. “Typosquatting: Unintended Adventures in Browsing.” Cybercrime Gets Personal, McAfee Security Journal (fall 2008): 34-37.

Typosquatting is the practice of registering domain names, identical to or confusingly similar to trademarks and famous names, in hopes that users will accidentally request these sites–whereupon they will receive, typically, advertisements. This piece presents the basic typosquatting business model, based on my analysis of more than 80,000 typosquatting domain names. I analyze the advertising intermediaries that make typosquatting profitable, and I assess the legislation and litigation that are beginning to put a check on this practice.

Opening Dot EU (teaching materials)

Edelman, Benjamin. “Opening Dot EU (A).” Harvard Business School Case 908-052, March 2008. (Revised April 2008.) (educator access at HBP. request a courtesy copy.)

EURid considers possible market mechanisms to allocate initial domain names within the Internet’s newly-created “dot EU.” European Union regulations and community norms substantially constrain EURid’s approach, preventing the use of the most natural economic mechanisms (such as auctions).

Supplement:

Opening Dot EU (B)- Supplement (HBP 908053)

Alternative Perspectives on Registrar Market Share: The Fortune 1000, the Forbes International 500, and the Yahoo Directory – Revisited (2003 Update)

Alternative Perspectives on Registrar Market Share: The Fortune 1000, the Forbes International 500, and the Yahoo Directory – Revisited (2003 Update). (November 2003)

Registrar market shares are measured in selected subsets of domain names, providing a basis for comparison with overall registrar market shares across the entire domain name market. Registrar market shares are found to vary dramatically across these subsets, with implications on the future customer retention rates of the corresponding registrars.

 

Technical Responses to Unilateral Internet Authority: The Deployment of VeriSign “Site Finder” and ISP Response

 

Technical Responses to Unilateral Internet Authority: The Deployment of VeriSign “Site Finder” and ISP Response. (October 2003) With Jonathan Zittrain.

Much of the day-to-day functioning of the Internet is thought to be “self-governing”: Engineers operating Internet systems at participating institutions (including ISPs) make daily decisions that help keep traffic flowing efficiently, without having to forge formal agreements with each other and without having to adhere to formal rules set out by a governing body. For those functions that are thought to require centralized coordination, organizations like ICANN have come to exist, and ICANN’s proper scope of “jurisdiction” remains in tension with the prior self-governing model. Arguments about the need for, and proper scope of, centralized coordination in part depend on the reliability and effectiveness of these informal self-governing alternatives.

A recent action by the registry of domain names ending in .COM and .NET — the creation of a “Site Finder” service to which Internet users are now directed if they ask for any unassigned name — has provoked reaction by ICANN as well as by individual network engineers and the institutions that employ them. As ICANN’s policy reaction is still unfolding, we sought to find out just how much the summed actions of the Internet engineering community affected Site Finder’s adoption. In the absence of any reaction, Site Finder would function for nearly all users seeking .COM and .NET names. However, as network engineers choose to adopt certain “patches,” Site Finder’s functionality is blocked for users of the corresponding networks. With help from data gathered by Alexa through users of its toolbar browser plug-in, we find that several large networks have already blocked Site Finder and that approximately 9% of users likely therefore no longer receive Site Finder content. We find particular evidence of blocking of Site Finder by networks outside of the United States — most notably, much of China.