Old Soviet Union domain a haven for cyber criminals

Although the Soviet Union as an entity is no longer in operation there are several domain names still running and many are causing problems.

While the domain names of most defunct nations – such as .yu for Yugoslavia and .dd for East Germany – disappeared with them in 1991, the .su domain survived, even when the Russian .ru domain was created in 1994, the Associated Press reports.

The reason they still linger is because those behind the domain refuse to disband it when an attempt to do so is made, on the grounds of both commercial and patriotic grounds.

Computer security experts claim the .su extension, which was assigned to the USSR in 1990, has become inhabited by hackers who are using the defunct superpower’s domain to send spam and phishing scams.

Oren David, a manager at security firm RSA’s anti-fraud unit, told the news provider: “I don’t think that this is really a political thing. David noted that other obscure areas of the internet, such as the .tk domain associated with the South Pacific territory of Tokelau, have been used by opportunistic hackers.”

However, with over 120,000 domains currently registered using the .su extension, eliminating them now would be a long and arduous operation.

There are also several legitimate businesses using the name, which would all suffer as a result of losing the domain. However, many are fraudulent and even the organization behind .su accepts it has a problem on its hands.

Sergei Ovcharenko of Foundation for Internet Development told the publication only a small number of .su sites are malicious, but said criminal sites can stay online for extremely long periods of time using the domain.

Unfortunately, weak Russian legislation and outdated terms of service are hindering the eradication of the criminal activity.

According to Group-IB – which runs one of Russia’s two official Internet watchdogs – the number of malicious websites hosted across the old domain doubled in 2011 and then doubled again in 2012.

For more information on domain name monitoring and protection please visit CSC Digital Brand Services.