Rise in volume of ‘.tk’ domain names hides murky side of the internet

The astonishing rise in the volume of domain names registered under the country-code top-level domain (ccTLD) for Tokelau, ‘.tk’, has been a hot topic following the December 2011 issue of the Verisign Domain Name Industry Brief.
The quarterly report from Verisign, which is viewed as the most reliable source of facts and figures on domain name registration statistics, showed that ‘.tk’ is now ranked as the seventh largest TLD overall in terms of number of domain name registrations. This also places ‘.tk’ as the third largest ccTLD after ‘.de’ (Germany) and ‘.uk’ (United Kingdom) - no small feat for a small group of Pacific islands located off the coast of New Zealand with a population of under 1,500.
Unfortunately for ‘.tk’, what lurks behind this apparent success story for a relatively obscure ccTLD is the less savoury side of the internet, namely cybercriminals running phishing scams. Phishing is a way for unscrupulous actors to attempt to acquire information by masquerading as trustworthy entities. Emails purporting to be from banks, auction sites, online payment processors or government organisations are commonly used to hoodwink unsuspecting recipients into providing information such as usernames, passwords and credit card details. Phishing emails often direct users to fake websites that seem almost identical to the corresponding legitimate websites, and then ask them to enter similar valuable information.
Domain names are required to send email and point to websites, and phishers are thus attracted to TLDs which offer cheap, easy to register domain names that may be obtained in bulk. In this regard, ‘.tk’ is a winner, as the ‘.tk’ registry offers the possibility to register domain names completely free of charge. There is a requirement that the corresponding website is viewed 25 times over the course of 90 days; if this is not fulfilled, the domain name registration may be cancelled. However, it is not clear whether this is policed or how often it is enforced.
A recent report published by the Anti-Phishing Working Group found that, in the first half of 2011, there were at least 112,472 unique phishing attacks worldwide in 200 different TLDs. However, 93% of all malicious domain name registrations were made in just four TLDs: ‘.tk’, ‘.info’, ‘.com’ and ‘.net’. It is interesting that, out of the 6,214 ‘.tk’ domain names used for phishing, many were used to target Chinese institutions. This is linked to the fact that CNNIC, the Chinese domain name registry, recently tightened up the registration policies for ‘.cn’ domain names, meaning that phishers have been forced to search elsewhere for alternative cheap and convenient sources of domain names.
The registry for ‘.tk’ is a joint venture between the island of Tokelau and BV Dot TK, a privately held company. The International Organisation for Standardisation (ISO) defines codes for the names of countries, dependent territories and special areas of geographical interest in ISO standard 3166. The standard is divided into three parts, and the two-letter codes which appear in ISO 3166-1 alpha-2 are used for ccTLDs. Island nations that are lucky enough to have their own ccTLD have often tried to leverage this in some way or another with varying degrees of success. Many have tried to capitalise on real or imagined double meanings, the most well-known example being ‘.tv’, which is marketed as an extension for use by television and media companies, although, in reality, it is the ccTLD for Tuvalu, another Pacific island nation.
Given the lack of an obvious double meaning for ‘.tk’ (aside from perhaps meaning ‘OK’ in Hindi), things were not too promising for Tokelau until the idea of offering free registrations was raised, presumably with the aim of monetising them at some unspecified point in the future.
As outlined above, such a policy has created a rather incongruous situation whereby a territory with a land area of 10 km² has over 5 million domain names, which works out at well over 3,000 domain names per inhabitant. Even more bizarrely, the registry has been making efforts to market ‘.tk’ as an alternative ccTLD for Turkey, based on the fact that it is rather difficult and slow to register under ‘.tr’, the actual ccTLD for Turkey. However, it is difficult to assess how successful these efforts have been.
Recently, however, the registry has made efforts to shake off its image as a safe haven for fraudsters, acting on complaints to cancel domain names and also offering a paid service with no minimum abuse requirements. As a result, it looks likely that abuse will diminish in time. It is worth noting that the body responsible for overseeing the orderly running of the internet, the Internet Corporation for Assigned Names and Numbers, has no jurisdiction with regard to the behaviour of ccTLDs that have not signed up to its agreement, as is the case with ‘.tk’.
David Taylor and Jane Seager, Hogan Lovells LLP, Paris

Get unlimited access to all WTR content