Pacific atoll a phishing haven

The tiny Pacific atolls of Tokelau may be more famous for phishing than fishing, according to new research.

The Anti Phishing Working Group has claimed that the New Zealand territory's Top Level Domain, .tk, is still a favourite of spammers and scammers despite earlier hopes that efforts to legitimise the domain would be a success in a report discussing phishing scams for the second half of 2010.

The .tk domain was rated one of the worst in the world for sheltering a high percentage of criminal domains. The group reported that of the 2533 attacks originating from Tokelau, all but about 100 were launched from legitimate .tk domains. The remaining attacks were launched from hacked .tk websites.

Of those attacks, 2001 were targeted at Chinese institutions. "It turns out that phishers who attack Chinese targets prefer to register domain names, rather than using hacked domains," the report said.

The report blamed Tokelau's bad reputation on a Dutch company called Dot TK, which bought the top level domain, and which hands out domain registrations for free. Users and criminals have flocked to the free .tk domain, according to the research, and now Tokelau, which has 1500 residents, is home to more than 4 million registered domains.

It has become the third-largest country top level domain, behind Germany and the United Kingdom.

Because of this, the country is having a tough time curbing online crime. The government's telecommunications minister Kolouei O'Brien said that responsibility lies with Dot TK.

"That is an issue for Dot TK, you'll have to talk with them," O'Brien said on a telephone call from his home in Tokelau. "We just sold the [.tk] domain."

Contact details for Dot TK are limited to a United Kingdom fax number and postage address, but Dot TK responded to the Anti Phishing Working Group, saying that its generosity had made it a target.

"Dot TK is a very open service, available for everyone in all countries. Because of this we are also used by fraudsters — and we are very aware of this. Dot TK operates a dedicated abuse and copyright infringement department in London that handles efficiently all spam, phishing, abuse and copyright infringement problems within one day, 7 days a week. Because of Dot TK's policies, domains that are registered for free can be cancelled immediately, reducing the harm of a possible threat. Dot TK works closely with many governmental law enforcement agencies, trademark organisations and anti-spam agents worldwide, resulting in an effective way to fight fraud."

Royalties from .tk domain sales provide the territory with "a few thousand dollars" each year, O'Brien estimates, but added that the domains will soon be a paid service that he says will significantly boost revenue for the country via royalties.

He was unsure if forcing payment for .tk domains would combat the number of malicious sites.

Tokelau's .tk, and the generic .com and .net TLDs together held 78 per cent of the world's malicious domain registrations, according to the research.

More broadly, there were 11,768 phishing attacks in the second half of 2010, almost double the 6761 that occurred in the first half of the year.

The research also found that the phishing attacks that occurred in 2010 were the most successful and damaging since the report was issued three years ago, with the average attack time clocking at 73 hours. They were also harder to take down.

While Tokelau had a rising incidence of phishing attacks, Thailand's .th was the most common source of attacks, although these were generally made via compromised legitimate websites.