The internet is full of peculiarities and odd stories. Yet when it comes to domain names you would think the fun ends here, especially regarding the threat of cyber-crime. It does not.
The Soviet Union hasn’t existed in the real world for two decades but is still around in cyberspace under the domain suffix .su. Numerous incidences suggest hackers use the domain for carrying out illicit operations, such as identity theft, spamming and stealing money.
Exposed.su, for example, came to recent notoriety when it published secret information about a number of politicians and celebrities. Credit score agencies Transunion and Experian confirmed the transgression which happened in March this year.
Hackers obtained the credit records belonging to President Barack Obama’s wife, Michelle, Republican presidential challengers Mitt Romney and Donald Trump, and celebrities including Britney Spears, Jay Z, Beyonce and Tiger Woods. The site is now defunct.
Despite the affiliation with the Soviet Union, the .su domain is not driven by nostalgia, but rather by the opportunity to profit.
“I don’t think that this is really a political thing,” Oren David, a manager at security firm RSA’s anti-fraud unit, said in a recent telephone interview. David noted that other obscure areas of the Internet, such as the .tk domain associated with the South Pacific territory of Tokelau, have been used by opportunistic hackers.
“It’s all about business,” he said.
David and others say scammers began to move to .su after the administrators of Russia’s .ru space toughened their rules back in late 2011.
This is still possible due to the decentralized nature of internet supervision and the history of the domain. One year before the Soviet Union collapsed in 1991, the Internet Assigned Numbers Authority (IANA), a non-profit designed to manage internet-protocol procedures associated the suffix .su with the Soviet Union.
After the Soviet Union collapsed, the sovereign states received their own suffixes, but .su persisted unlike .dd for Eastern Germany or .yu for Yugoslavia. Russia only received .ru in 1994, so .su had four years to add domains. According to German tech-portal Heise.de, there were plans to shut down the domain, but a survey revealed that it was very popular with Russians, so it was kept.
It retains its semi-official status, because it is not represented on the master list of country codes, which only includes existing sovereign entities. The Internet Corporation for Assigned Names and Numbers (ICANN), a U.S.-based non-profit which supervises standards and protocols has not indicated it will terminate the domain, inspite of the regulation breach.
Other peculiarties on the ISO list include .ps for the Palestinian State, which does not exit and .gb for the United Kingdom, which actually uses .uk.
Action will have to be taken sooner rather than later though, to stem the tide of illicit domains on .su. Group-IB, which runs one of Russia’s two official Internet watchdogs, says that the number of malicious websites hosted across the Soviet Union’s old domain doubled in 2011 and doubled again in 2012, surpassing even the vast number of renegade sites on .ru and its newer Cyrillic-language counterpart.
The Soviet domain has “lots of problems,” Group-IB’s Andrei Komarov said in a phone interview. “In my opinion more than half of cybercriminals in Russia and former USSR use it.”
Internet hosting companies generally eliminate such sites as soon as they’re identified. But Swiss security researcher Roman Huessy said hackers based in Soviet cyberspace can operate with impunity for months at a time.
With more than 120,000 domains currently registered, mothballing .su now would be a messy operation.
“It’s like blocking .com or .org,” said Komarov. “Lots of legitimate domains are registered there.” Many people also register under .su because they cannot get the domain name they want under .ru.
Among them are stalin.su, which eulogizes the Soviet dictator and the English-language chronicle.su, an absurdist parody site.
But experts say many are fraudulent, and even the organization behind .su accepts it has a problem on its hands.
“We realize it’s a threat for our image,” said Sergei Ovcharenko, whose Moscow-based nonprofit Foundation for Internet Development took responsibility for .su in 2007.
Ovcharenko insisted that only a small number of .su sites are malicious, although he acknowledged that criminal sites can stay online for extremely long periods of time. He said his hands were tied by weak Russian legislation and outdated terms of service. But he promised that stricter rules are on their way after months of legal leg work.
“We are almost there,” he said. “This summer, we'll be rolling out our new policy.”
The Associated Press contributed to this report.
