WHOIS Database and GDPR: What is Going on with Cyberattacks Now

When the European Union's General Data Protection Regulation (GDPR) came into effect in May of 2018, its intention was to enhance privacy protection for EU data subjects. While one of the law's objectives was to protect consumers from cybercrime, the consequences of its implementation may instead inadvertently cause a substantial increase in cyber-attack and online fraud.

What's at Risk?

The ICANN WHOIS database is a service that has always offered basic information about registered domain names including the domain name owner's contact information, its availability status, and its registrar’s location. This information is given when someone registers a new domain name as required information. The problem arises from the implementation of GDPR, which changes access to such information, which had been available prior to the new law.

Under the current scope of GDPR, access to WHOIS database information is limited even for internet security experts, researchers, and law enforcement officials along with any automated processes tied to the access to the data.

To stop cyber threats as quickly as possible, security experts rely on WHOIS database information. When it's restricted under the current interpretation of GDPR, experts lose a way to stop some of the threats before major damage is done. Under GDPR, access to personal data like that of the domain's owner, their email, physical address, and phone number is very limited.

The Fight against Cybercrime

Enterprises across the globe receive millions of malicious spam emails a day. Companies of all sizes use WHOIS database in their efforts to block those emails and try to prevent suspicious activity from domains that are known offenders or associated with them.

WHOIS database data is also used by cybersecurity experts and investigators along with government and law enforcement authorities to aid them in the fight against cybercrime and to protect internet users everywhere. Without access to WHOIS data, these efforts could grind to a halt. It can take up to 30 days without such data to discover the identities of perpetrators in malicious activity by other means than WHOIS data, giving the criminals a clear advantage: the opportunity and time to inflict a lot of damage.

Access to WHOIS data is imperative for businesses, security experts, and law enforcement to help detect and trace malicious domain information trails to other fake domains. Since it's too expensive to buy thousands of phones with unique numbers, criminals often reuse their data, and that redundancy is easy to detect with WHOIS, to cite just one of example of how useful WHOIS information is.

Calls for Change

There's great opposition to the WHOIS data access changes brought about by GDPR, and requests for a "cooling-off period" have come from several factions. Secretary Wilbur Ross, Department of Commerce, says reinstating quick access to WHOIS data "could stop law enforcement from ascertaining who is behind websites that propagate terrorist information, sponsor malicious botnets or steal IP addresses."

A memorandum from the U.S. Chamber of Commerce offered warnings of the consequences of restricting broad access to WHOIS data in no uncertain terms. The memorandum specifically warned of an inevitable rise in cyber-attacks and fraudulent activities if access remains restricted. It also spoke of the inability of law enforcement and security experts to respond to threats in a timely manner without the data.

While there are arguments that investigators can take legal action when accessing the information they need, the process of doing so is lengthy and impractical. Most online cyber-attacks and all the resultant damage from them occur within a few hours or less. That being the case, solutions for quick access to WHOIS data that also observe the privacy mandates of GDPR must be devised.

Takeaway

With a few months having passed since GDPR was instated, the time has come for security experts around the world to take part in a conversation about the fallout from GDPR and the consequences that have resulted. Protecting the accountability and transparency of the internet is vital, especially when one considers the scope of the economic and national issues that could arise.

Both short and long-term solutions need to be devised and offered as soon as possible so security experts around the globe can have a chance at fighting cybercrime and protecting the interests of businesses and private citizens everywhere.