Despite EstDomains persistent press releases during the last couple of days, next to the domain registrar's delayed response to the security community, on Thursday the ICANN has sent a notice of termination of their registrar accreditation agreement with EstDomains, following obtained court records stating that EstDomains president Vladimir Tsastsin has been convicted of credit card fraud, money laundering and document forgery on 6 February 2008. The end of EstDomains? Could be, but their malicious customers are not going offline anytime soon.
"On 28 October 2008, ICANN sent a notice of termination to EstDomains. Based on an Estonian Court record, ICANN has reason to believe that the president of EstDomains, Vladimir Tsastsin, was convicted of credit card fraud, money laundering and document forgery on 6 February 2008. ICANN received a response from EstDomains regarding the notice of termination. To assess the merits of the claims made in EstDomains’ response, ICANN has stayed the termination process as ICANN analyzes these claims. ICANN’s records indicate that EstDomains has approximately 281,000 domain names under its management. ICANN will take all reasonable measures to protect the interests of registrants during the stay period and the subsequent termination process that may follow."
On 29 October 2008, EstDomains' Konstantin Poltev responded to the ICANN, with documents claiming that their convicted CEO has resigned in June 2008, but that EstDomains didn't notify ICANN of the change. Is he buying time, or is he making a point? Whatever the case, taking into consideration the fact that EstDomains manages over 280,000 domains, the ICANN is already soliciting requests for bulk transfer of EstDomains portfolio to another domain registrar :
"As the result of the de-accreditation of EstDomains, Inc. (IANA ID 832), ICANN is seeking Statements of Interest from ICANN-accredited registrars that are interested in assuming sponsorship of the gTLD names that had been managed by EstDomains."
With the ICANN interested in "taking all reasonable measures to protect the interests of registrants during the stay period and the subsequent termination process that may follow", among these very same registrants are the malicious cybercriminals whose portfolios of domains will be basically transferred to another registrar. Moreover, with the increasing number of domain registrars offering bulk domain registration services, cybercriminals could easily damage the reputation of legitimate registrars by simply starting to take advantage of their services.
Disconnected from the Internet at the end of September, Atrivo/Intercage's marginal thinking approach of being always on the run, yet managing to satisfy the uptime needs of their malicious customers, is similar to what EstDomains rogue customers will be dealing with for months to come - increasing the average online time for their malicious domains with their cybercrime friendly registrar no longer in business.