Cybercrime , Cybercrime as-a-service , Cyberwarfare / Nation-State Attacks

'Unintended Consequences': Post-GDPR Whois Access Problems

Citing Privacy Law, Registrars Cease Sharing Whois Data, Says Kroll's Alan Brill
Alan Brill, senior managing director in Kroll's cyber risk practice

Who is responsible for a domain name or an IP address? Answering that question is the job of internet registrars, who require anyone who registers a top-level domain name to share their name, email address and phone number, plus administrative and technical contacts.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

This "whois data" is an essential tool for investigators battling cybercrime, fraud and nation-state attacks. "As you can imagine, when you're doing an investigation - whether you're a corporate investigator or a law enforcement investigator - that's kind of useful information," says Alan Brill, senior managing director in the cyber risk practice at the consultancy Kroll.

Uunfortunately, he says, access to this whois data has been complicated by the "law of unintended consequences" since the EU General Data Protection Regulation came into effect in 2017. Since then, many registrars who sell domain names now treat all whois information as being covered the EU privacy law, and no longer share it publicly.

"Now, you get virtually no information when you go into whois for a dot-com or dot-org, and that's a problem," Brill says. "In fact, the Coalition for a Secure and Transparent Internet did a survey, and they found that over 70% of the investigations that were being carried out relating to cyber were being negatively impacted by this change and … frankly, there's not a lot being done to remedy this situation."

In this video interview with Information Security Media Group, Brill also discusses:

  • The history and uses of whois, and how registrars' approach has changed since GDPR came into effect;
  • The need for better coordination between the registrar community, ICANN and numerous governments;
  • How organizations participating in the Coalition for Secure and Transparent Internet are attempting to once again make whois data more accessible.

Brill is a senior managing director with Kroll's cyber risk practice. As the founder of Kroll's global high-tech investigations practice, he has led engagements that range from large-scale reviews of information security and cyber incidents for multibillion-dollar corporations to criminal investigations of computer intrusions.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.