Law enforcement officers can establish who owns a domain,

[tanjimajuha20]

The deputy chairman of the State Duma Committee on Information Policy, Information Technology and Communications spoke about plans to introduce and pass a bill that is intended to help combat Internet fraud at a press conference dedicated to the 30th anniversary of the Russian national domain .ru.

"There is an anti-phishing system that allows us to combat this serious problem one way or another. But while we are blocking a resource within the framework of this system, the scammers are already realizing their goal," Anton Gorelkin said about the problem.

To combat phishing, he proposed registering domain names and verifying such information through a unified identification and authentication system (ESIA) - through "Gosuslugi".

"This year the bill will be introduced and adopted: such an agreement has been reached with the main authors on whom it depends," said Anton Gorelkin and noted that the need for the law has been long overdue.

Technically, the identification mechanism has already been tested. This was told to ComNews by the general director of JSC "Regional Network Information Center (Ru-Center)" Andrey Kuzmichev - the company participated in the creation and debugging of the pilot testing ground for identification.

Director of the Coordination macedonia whatsapp resource Center for .RU/.РФ domains Andrey Vorobyov told a ComNews correspondent that phishing sites are often registered using fake passport data.

"When registering domains, passport data is entered manually, but since the registration system uses automated means of processing applications, the registrar is technically unable to conduct a complete check of the specified information. This allows attackers to register domains using fake or fictitious data," explained Andrey Vorobyov. He stated that the CC supports the adoption of the bill.

even if the criminal has provided false passport data. However, after the bill is passed, they will be able to do this faster. Pavel Patrikeev, a practicing lawyer in the field of IT and domain disputes, CEO and co-founder of the legal service "Patrikeev and Partners", told ComNews about this.

"The chain of requests is shortened, and government agencies will not need to request data from registrars; they will be able to obtain it themselves, at least for the .RU/.РФ domains. The problem of "empty registrations" for Ivana Ivanova 123 will also go away. All together, this will simplify the investigation of crimes," explained Pavel Patrikeev.

However, market players believe that loopholes for fraudsters will remain. Andrey Vorobyov noted that criminals can use front men or stolen Gosuslugi accounts, but these methods are complex and expensive. Also, attackers often use either stolen Russian domain names or those registered in other countries, noted Alexander Bykov, head of the security services department at the cloud provider OOO Nubes.

"It is also necessary to establish a measure of punishment for individuals who register phishing sites, as well as to determine those responsible for monitoring and logging the actions of domain registrars in the .ru zone. When this set of changes is implemented, the proposed initiative will work as effectively as possible," said Andrey Mishukov, CEO of ITPROTECT Group LLC (iTPROTECT).

One of the consequences noted by the CEO of OOO Domeny.rf (Rf.ru) Andrey Savelyev: after the adoption of the bill, the number of domains in the .ru and .рф zones will decrease significantly, since people will register more in other zones. He considers the initiative to identify domain administrators correct, but notes that it is important to work on the bill in dialogue with industry experts.

In 2023, almost 50 thousand phishing sites were identified, which is three times more than the previous year, Lyudmila Bogatyreva, head of the digital solutions department of the Polilog agency and author of the GOS IT Bogatyreva Telegram channel, reminded the publication.