For most users of the web, they are only familiar with .com, .org, .net and a few others. Cybercriminals trade mainstream privilege for privacy and security for obvious reasons: they want to evade the authorities.
Most common TLDs on the web are for commercial websites, for organizations, for government agencies, for educations, and others. According to the Internet Corporation for Assigned Names and Numbers (ICANN), which has the responsibility to regular TLD registrations, these generic domains are under strict policing.
As a result, those that want to evade the authorities, seek alternatives to those TLD systems. Also called alternative DNS roots, or ADRs, they are popular among cybercriminals.
And here, the blockchain-powered .bitTLD is one of their popular choice.
The main advantage for this kind of TLD is that the domains they register would be decentralized. What this means, the domains have no central authority and untouched by ICANN or other third-party registrars.
The reason is because the blockchain-powered TLD has three major advantages: they are untraceable, private and sinkhole-proof. These qualities help cybercriminals evade authorities, and also prevent their malicious domain names from being seized.
This is possible because the TLD are not centrally managed and have DNS lookup tables shared across a peer-to-peer network.
What's more, the domain registration is not associated with an individual's name or address, but with a unique encrypted hash of each user. This essentially creates the same anonymous system as Bitcoin for Internet infrastructure, where users are only known through their cryptographic identity.
This makes takedown efforts a lot more difficult.
These ensure that threat actors can be safe in hiding their payloads, stolen data and command and control servers.
However, there are some difficulties in using this .bit TLD, or others similar like .eth, .coin or .lib.
Most notably, the weakness in using such ADR system, is the requirement to change an infected system's DNS to be able to access non-ICANN TLDs. This is a disadvantage because keen administrators should spot any threat coming from this alternate domain with relative ease.
This should be particularly easy when the alternate domain is downloading malware or performing any suspicious activities.
But as protection improves, so will the attacks. It's predicted that threat actors are becoming more capable in leveraging the Tor network, domain generation algorithms, and also a technique called "fast-flux" to hide malicious activities.
This is where the race to secure must surpass threat actors' strategy to fool or breach systems.
And when considering the blockchain, webmasters and web owners should know that the technology can be a powerful tool. They should be aware of the dangers lurking from those using it.