25 Oct 2019
After more than a year in effect we can say that the effects of the European Union’s new General Data Protection Regulation (GDPR) was mixed, in many ways it was positive and it’s impact was negative its restrictions of access to ICANN WHOIS information, are hindering speed of investigations into cybercrime, cryptocurrency theft, phishing, ransomware, malware, fraud, and crypto-jacking.
As up today a good target for cybercriminals was stealing cryptocurrencies like Bitcoin, Ethereum, NEM and ICO currencies. We know that over US$1 billion of all cryptocurrency has been reported as stolen by cybercriminals in the last year. There are also to consider hundreds of millions more of thefts that aren’t reported to authorities. Look at The Anti-Phishing Working Group (APWG).
Up to now internet WHOIS data have been used as fundamental resource for investigators and law enforcement officials and last year legislation have slowed down their work on preventing these thefts. This is the internet's database of record, containing the names, addresses and email addresses of those who register domain names for websites on the Internet. Access to WHOIS and you will see that this data is crucial in performing first steps of investigations that that could lead to return of these stolen funds.
Smarter criminals will do a lot to put untrue data to WHOIS but still it can give love leads to law enforcement, and wit knowing standard patterns of that criminals use this can be useful in correlating criminal activity for investigations. WHOIS contact data is also valuable for contacting the owners of small websites and blogs that are often hacked and used to launch criminal attacks and distribute crypto mining malware.
This all is slowed down as GDPR is making that European domain data in WHOIS is confidential and access to it will take time. Unfortunately, some domain name registrars and registry operators are scared and are over-interpreting GDPR by restricting access of all contact data, worldwide or with no regards to if they are a “legal person” or business rather than a “natural person” as covered by GDPR.
The aim of the GDPR is to protect all EU citizens from privacy and data breaches in today’s data-driven world. Although the key principles of data privacy still hold true to the previous directive, many changes have been proposed to the regulatory policies; the key points of the GDPR as well as information on the impacts it will have on business can be found below.
For more look at GDPR Regulations