Investigators Can Access Internet Domain Data

Investigators Can Access Internet Domain Data

by Jeff Johnson
CNSNews.com Congressional Bureau Chief
September 20, 2001
http://www.cnsnews.com/Nation/archive/200109/NAT20010920c.html

The company that maintains the registry of .com, .org, and .net Internet domain names may have information on the identities of individuals who registered web addresses that a counter-terrorism expert believes may have foretold last Tuesday's terrorist attacks on the World Trade Center and the Pentagon.

CNSNews.com first reported Wednesday that Dr. Neil Livingstone, CEO of Global Options, LLC, a Washington, D.C.-based counter-terrorism and investigations company, believed the terrorists who orchestrated last week's attacks in New York and Washington, or their co-conspirators, may have registered as many as 17 Internet domain names that could have tipped-off authorities as early as last summer.

Those registrations have since expired, and a number of them have been re-registered by other parties since the September 11 attack.

Patrick Burns, spokesman for VeriSign, acknowledged that his company does archive some of the data on expired registrations, though the public does not routinely request such information.

The VeriSign subsidiary responsible for domain name registrations is Network Solutions, Inc. He added that the Internet Corporation for Assigned Names and Numbers (ICANN) does not require Network Solutions to maintain any records on expired addresses.

As of late Wednesday, VeriSign would not release either the identity of the person or people who registered the domain names, or the identity of the company or companies that handled the registrations.

VeriSign is willing to help investigators, according to Burns, but does not want to fuel speculation about the domain names on Livingstone's list.

Livingstone was a participant in a September 18 counter-terrorism press briefing in Washington, D.C. sponsored by the publication Defense Weekly.

"If we were served with a subpoena or something like that," Burns added, "by any law enforcement officials, then we would cooperate with them."

The domain names were brought to Livingstone's attention when they were reintroduced into the pool of available names, which typically takes two to three months for names that are not renewed and subsequently expire.

"After the names have cleared all billing disputes, payment collections, lawsuits, whatever, through that 60 to 90 day window, we just make them available again," Burns said.

The web addresses in question were made available sometime before September 14, based on the re-registration of four of the domain names.

Adding a one-year registration period to the 60 to 90 day waiting period indicates that the addresses were probably originally registered between mid-June and mid-July of 2000.

At that time, there were approximately 90 companies that could have served as the registrar for the web addresses in question, according to Burns.

The FBI will not say whether the bureau was notified about the names before or after last Tuesday's attacks. The agency is strictly adhering to its policy of not responding to questions regarding ongoing investigations.

Two of the domain names provided by Livingstone contained the date August 11, and one referenced "929," possibly indicating a range of dates between mid-August and September 29, that attackers planned to operate within the U.S., Livingstone said.

Two other names contained the year 2001, reducing, if not eliminating, any confusion with the World Trade Center attack in 1993, he said.

The list of domain names provided to Livingstone by an industry insider included:

"august11horror.com"
"august11terror.com"
"horrorinamerica.com"
"horrorinnewyork.com"
"nycterroriststrike.com"
"pearlharborinmanhattan.com"
"terrorattack2001.com"
"towerofhorror.com"
"tradetowerstrike.com"
"worldtradecenter929.com"
"worldtradetowerattack.com"
"worldtradetowerstrike.com"
"wterroristattack2001.com"

Four of the web addresses had been re-registered after the attacks. They are:

"attackamerica.com"
"attackonamerica.com"
"attackontwintowers.com"
"worldtradecenterbombs.com"

FAIR USE NOTICE: This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of criminal justice, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.