ICANN Internationalized: Potential Security Problems

This was written by Jim Garrettson on Wednesday, November 4, 2009, 15:58.

Late in October, the Internet Corporation for Assigned Names and Numbers (ICANN), approved the use of non-Latin characters in web domain addresses. This move was widely hailed throughout the world, but may have an unforeseen cost.

The Information Systems Audit and Control Association has raised some significant concerns surrounding the move. By allowing non-Latin scripts, such as the Cyrillic alphabet (used in Russian and the basis for several other Eastern European languages), the potential for cyber squatting has greatly expanded. Peter Wood, a member of the ISACA, recently highlighted the problem. If someone where to register a domain address using the Cyrillic alphabet, they would be able to utilize the the Cyrillic character ‘a’ which looks the same as the Latin character ‘a.’ This would allow a user to register a domain at amazon.com, using the Cyrillic character.

Users with a non-technical background will not necessarily be able to understand the difference between the two web pages, particularly if they arrive via a search engine. More importantly, phishing emails using the Cyrillic address, will be indistinguishable from legitimate emails. The only method of adequately identifying the difference is by examining the code behind the website, which many individuals are not trained to do. As ICANN looks to move towards the new model, which will begin this month, users should remain particularly vigilant with emails arriving from companies. Always use the legitimate web page (found by physically typing in the web address) to conduct business with the company. Businesses can also choose to register domain names in various languages that can look similar to their website.