The Australian government should reclaim the .cc internet domain for the Cocos (Keeling) Islands to prevent scammers and people hosting child abuse websites from abusing it, researchers from the Australian National University said.
Under the system that governs domain names on the Internet, the suffix .cc was established in the 1990s for the territory of the Cocos (Keeling) Islands, off the coast of Western Australia.
Because it is one of the cheapest domains for buying websites, the .cc suffix is one of the most widely used top-level domains for hosting child abuse material, wrote ANU professor Dr. James Mortsensen and researcher Samuel Bashfield Ph.D. at Policy Forum on Tuesday.
The Internet Watch Foundation ranked .cc in the top 10 most abused top-level domains in 2019 for hosting child sexual abuse material, but it fell out of the top 10 in 2020. Mortensen told Guardian Australia that the lack of meaningful regulation and the ability to resemble other website names also made it attractive to scammers.
“It is also very short and visually similar to dot com,” he said. “So it’s always been nice to fake someone else’s website.”
In 2011, Google removed 1 million addresses from the .co.cc subdomain from its search results due to the number of spam sites associated with it, and a Global Phishing Report 2016 found .cc was one of four top-level domains that accounted for 75% of malicious domain name registrations.
Mortensen said that Australia taking responsibility for the domain and removing abuse and unwanted website names would not remove those sites, but would make them harder to find.
“The exploitation of children on many levels is a business, and if we can remove their windows, we are doing our part,” he said. “The Australian government is proud and should be proud of the dot au cleanup.”
The Australian domain name authority auDA regulates .au, monitors websites issued with the suffix and ensures that they comply with Australian standards. There is no local authority in charge of regulating .cc.
Top-level domains were created for Australian territories in the 1990s: .cx for Christmas Island, .hm for Heard and McDonald Islands, .nf for Norfolk Island, and .cc for Cocos (Keeling) Islands.
The .cc top-level domain was sold by a private owner at the turn of the century to American tech giant VeriSign through an Australian subsidiary, eNIC, which manages the domain to this day.
Mortensen said there was no clear path for Australia to claim dominance; it could be purchased from VeriSign, but it was unclear how much it would cost. He said the Australian government could convince VeriSign to hand it over.
“I think it would be the Department of Infrastructure [which] it could make the approach define the case and get this digital territory, which is essentially its sovereign in Australia, delegated again to a responsible agent. “
The Department of Infrastructure told Guardian Australia it was a matter for the Cocos Keeling Islands County Council. “If there are concerns about any infringement of Australian laws in the management of the .cc country code top-level domain, these should be addressed to the Australian Federal Police,” said a spokesperson.
The council signed a memorandum of understanding with VeriSign in 2008 stating that sites under the .cc top-level domain must comply with Australian law, which predates the findings of other Google organizations on the level of domain abuse.
A Verisign spokesperson said its role as a registrar for the .cc domain was endorsed by the Australian government and county council, and the organization removed domain names used for illegal purposes when notified.
“Our endorsement of the Shire includes contractual commitments to work with Australian law enforcement and security agencies, including the Australian Government’s Computer Emergency Response Team (Cert), to prevent and address cybercrime and malicious activity in the .cc TLD, “he said in a statement. “Whenever we receive credible reports from trusted third parties about domain names for which we provide registration services that are used for illegal purposes, we share these reports with the appropriate legal authorities.
“And when requested by the proper authorities, we can, and do, take action against a domain name to remove it from the zone file.”
Guardian Australia has requested comments from the county council.
Residents of Christmas Island reclaimed the management of .cx in 2006 from a private owner after the infamous Goatse website, shared as a form of trolling on internet forums in the early 2000s, was initially hosted on a .cx top-level domain, before finally launching in 2004.