One to pass to your IP/IT lawyers

Are you ready for WWW.JДSФИPLДЙT.CO.UK

As of this month the Internet Corporation for Assigned Names and Numbers (Icann) agreed to allow non-Latin script web urls. This means the address above could be a perfectly valid web address (domain name).

This gives a whole raft of opportunities for cyber squatters to snap up domains of companies, especially those that are based in the emerging markets of most international law firms, the eastern European, Asian and Gulf region countries. And as well as squatters if you have clients whose brand names are non-Latin character based or who trade in regions where the writing is non-Latin, it could be an opportunity to advise them on protecting their brands.

Unfortunately the change means that there are also more opportunities for phishing attacks through spoofing domain names.

For example, take a look at this url www.jаsonplаnt.co.uk It looks pretty normal right? However try the link, you’ll get a 404 or page not found. Why? Well the a’s are actually а’s (still confused? the first is a Latin character a and the second is the Cyrillic character a). A computer recognises them as totally different. Therefore sites could be “spoofed” using this Cyrillic method and be used to “phish” information from you.

Below is a (hopefully) high level explanation of how this new system will work.

First remember, computers work under the bonnet in numbers for pretty much everything.

So as it stands now there is a service on the internet called DNS (Domain Name System). This acts like a phonebook, turning easily understood domain names that you use into strings of computer-readable numbers, known as Internet Protocol (IP) addresses.

There is also an encoding system that turns characters you type into numbers that the computer understands, this is called ASCII. This is what the internet DNS system uses now to translate the characters of the urls.

Technically the problem has been that ASCII was built for the Latin character set. And it is limited to the number of characters it can encode. To cater for all the worlds character sets; Latin, Cyrillic and Chinese characters etc, a new system was required. This is called Unicode. However the DNS “phonebooks” of the internet only understand ASCII**.

So to enable the new domain names to have all characters sets, a method was required to handle the conversion. The conversions between ASCII and non-ASCII forms of a domain name are accomplished by some clever algorithms called ToASCII and ToUnicode.

So take JДSФИPLДЙT, this is Unicode and so the ToASCII algorithm would be applied. Once it has been through this algorithm, a prefix is given to distinguish it from a standard ASCII name (otherwise you could end up with a totally different Cyrillic and Latin urls/domain names pointing to the same place!). The result is a unique name that can be looked up in DNS (**technically DNS can support non-ASCII but because of other limitations it has meant non-ASCII names be converted to ASCII).

Finally it is worth knowing that most of the popular browsers have introduced some methods to help with the “spoofing” by recognising when this new multi-language domain name is being used in this way.

Share

One thought on “One to pass to your IP/IT lawyers”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.