All About Security Republic Congowhittakertechcrunch

Security Republic Congowhittakertechcrunch: An article concerning a security researcher looking to purchase one of the Democratic Republic of Congo’s top-level domains, potentially preventing malicious use by attackers.

When it comes to cyber-security, it is imperative that no system or individual be left unchecked. In order to prevent potential attacks, an entity must be able to identify and bind potential attackers before they can act. Multiple entities are capable of doing this, including the U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC), hosted by the National Institute of Standards and Technology (NIST). However, those in charge of these entities may have different methodologies that inform their findings.

In 2011, the U.S. government was looking to purchase one of the Democratic Republic of Congo’s top-level domains (TLDs), .cd. The U.S. government’s decision to purchase the domain was reportedly motivated by a desire to ensure that it was not abused maliciously. The International Corporation for Assigned Names and Numbers (ICANN) approved the sale, with the cost of such reportedly being 10 times greater than the average cost of a domain registration. However, how did the U.S. government intend to use the domain? What methodology informs the decision to purchase a TLD? What were the circumstances surrounding ICANN’s decision?

The 2011 transaction was reportedly motivated by a desire to maintain control over what content can be published there, including to prevent malicious use of that TLD. The transaction cost $350,000 and required both parties to sign a non-disclosure agreement. The transaction was not a mere purchase; it required the U.S. government to vouch for the legitimate use of the TLD.

The Department of Commerce reportedly began exploring the purchase of the TLD in 2010 after learning that it would go up for sale. The department ultimately decided to acquire it upon discovering that two parties had filed applications with ICANN to register the domain, one of whom was allegedly registered in Iran. The department reportedly conveyed its interest to ICANN and was notified that a third party had applied for the domain. It is unclear as to how many parties inquired about purchasing the domain, but only two were announced publicly: The department of commerce and this third party.

Based on a Freedom of Information Act request filed by Public Intelligence, a FOIA-based reporting organization, ICANN released several documents detailing the transaction. In one such document titled “DRC .cd Registry Agreement and Plan of Action,” the department of commerce stipulates a plan for how the .cd TLD will be used. The document states that ICANN’s “plan of action is based on the following premises: (1) .cd can serve as an important tool for allowing the people of the DRC to communicate with each other given that less than 5% of the population has Internet access.”

The report goes on to suggest a plan for how the TLD will be used, outlining three main objectives. The first objective is to “determine the appropriate conditions in which to launch .cd and begin using it for the benefit of its people.” The second objective is to “ensure that .cd is run for the benefit of its people with checks and balances in place.” Lastly, the third objective is to protect “all IP space under .cd and any domain names registered under that space.”

The document elaborates on many points, but overall appears to be a formal request from a party wishing to purchase the TLD. A clause in the contract suggests that while the department of commerce may have had a vested interest in purchasing the TLD, it was not necessarily guaranteed to acquire the domain. The clause states: “ICANN shall consider ICC’s request to acquire and use the gTLD string ‘.cd’ in accordance with ICANN’s established processes for evaluating requests to make such acquisitions.”

Overall, the document was a purchase agreement stating how both parties hope to use the domain .cd going forward.