Fighting online crime is a long and tough battle with no end in sight

By Jakob Bring Truelsen, CEO DK Hostmaster

Published in Jyllands-Posten (Danish only)

As a boy, I was very fascinated with a crocodile game in a stall in Tivoli. In turn, the crocodiles put their heads out from different holes in a box, and the idea behind the game was then to make them go back in their holes by hitting them in the head with a hammer. Now I am the CEO in DK Hostmaster, that administrates the .dk domain, and here it is not crocodiles but criminals that we clamp down on.

There are more than 1,3 million domain names ending in .dk and we are proud that this is one of the most secure zones on the internet. To secure that this will continue in the future is one of our most important tasks. Because if criminals get more space it may have big consequences for both Danish business and for that debate and information exchange that is an important cornerstone in a modern democracy.

Unfortunately, we can see that it is going the wrong way. Internet crime is on the rise and this is also the case within the .dk domain. Thus, in 2016 we handed over 700 .dk domain names to the police for seizure. In 2017, we expect this number will rise.

To reduce crime within the Danish part of the internet we therefore introduce a strengthened identity control with NemID for Danish citizens. For foreigners we make a risk-based control system, where we will ask for extra identification when deemed necessary.

However, fighting crime online reminds me of my battles against the crocodiles in Tivoli. Because if you were good at fighting crocodiles the difficulty level rose. In that way there was always a new crocodile in sight, hence a battle that never ended.

It is the same with cyber criminals. Once you nail them, they quickly find a new way to do their shady business.

Today, a secure Danish part of the internet is mostly challenged by fake web shops. The shops sell cheap copies of Nike shoes or Ray-Ban sunglasses or even illegal medicine – or they offer attractive brands that never reach the recipient.

Some years ago, the picture was different: At that time, the primary problem was typosquatting where people registered a domain name that was very similar to an already existing web address such as “b0rger.dk” or “danskbank.dk”.

The organizers took advantage of the fact that normal people often do spelling or typing errors when writing a web address, and they used the traffic on the websites to make money on ads or for criminal activities such as stealing passwords.

To get rid of typosquatting we made stricter rules in 2010 so that we quickly could suspend or delete domain names that were typosquatted. It worked and in the following years the number of typosquatting cases fell dramatically from around 900 cases in 2009 to approximately 200 cases in 2011. Today we have less than 100 cases of typosquatting per year.

In the same way, we expect that a strengthened identity control will reduce the number of fake web shops in the .dk zone. This is a necessary action that hits the criminals but that still does not change that the Danish internet zone is open to the rest of us. Because we are very aware to keep the free and open internet.

In Tivoli, the crocodile game has been exchanged with a similar mole game. But no matter what skin the criminals will dress in and where they will put their head, we will also in the future hit them hard. To make sure that .dk remains a safe place to be, this is not a job that has an end date in sight.

Please note: Due to an extra review of the numbers since the letter was published, we have found out that the correct amount of transfers of domain names to the police for seizure in 2016 was 700 and not 1100, as it says in the letter in Jyllands-Posten. From the start of 2017 through October, we have handed over 918 domain names to the police for seizure. We apologize the mistake.

Jakob Bring Truelsen

Copyright 2016 All Rights Reserved.