Mwahahahaha.

That’s my best attempt at transcribing a token diabolical laugh. You know the one: the slow, deep chortle that super villains emit just after they’ve unveiled their evil master plans in the movies.

It’s what popped into my head immediately upon reading Andy Greenberg’s recent Forbes post about hacker group Anonymous’ alleged plan to “shut the Internet down” by attacking the 13 root servers that form the backbone of the domain name system on March 31. According to a communiqué from the group, the attack is meant to protest “SOPA, Wallstreet [sic], our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun.”

And then they’re going to blow up the moon! The moon is totally the 1%!

Remember the scene in the first Austin Powers movie, where Dr. Evil demands a ransom of $1 million, but then, once his henchmen inform him that’s not actually very much money anymore, he ramps up his sum to “one…hundred…BILLION DOLLARS!” [cue the pinky to the mouth]? That’s kind of how Anonymous sounds right now.

Ignoring the fact that, by announcing the plan this far in advance, Anonymous is giving groups like, you know, the Pentagon over a month to prepare, experts have actually pointed out that, because of the way the 13 servers are divided and configured, it would actually be next to impossible to successfully orchestrate an attack on all 13 at once.

Sorry, guys.

Then again, there’s always the chance that Anonymous chose the March 31 date, knowing the attack will not actually take place, just to set up a really elaborate April Fool’s Day joke.

Those crazy tricksters.

Until I heard about Jeremy Lin, I really couldn't have cared less about the NBA and especially, as a Boston girl, the New York Knicks. For the most part, my disinterest continues. Still, it's difficult to not to be inspired by Lin's unlikely and meteoric rise from a third-string point guard who crashed on his brother's couch to the star of the NBA who out-maneuvered Kobe Bryant.

According to recent reports, that "Linspiration" has already reached the domain name space with the registration of dozens of names in the last two weeks, most of which are a play on Lin's name, such as Linsational.com or LinderellaStory.com. In fact, just about every "Lin" domain I could come up with had been registered since February 9th, including Linfection.com, TheLinja.com, and Linfuse.com. One registrant who isn't surprised by Lin's sudden success? His former high school basketball coach, who registered Linsanity.com and TheJeremyLinShow.com back in 2010 and now uses Linsanity.com to sell Jeremy Lin t-shirts.

Oh, and for those still hoping to get in on the Linsane domain action, Lintensify.com and TaiwaneseTornado.com were still available at the time of this posting.

The first UDRP decision involving a .XXX domain name was handed down by a National Arbitration Forum (NAF) Panelist on Tuesday. HEB Grocery Company, L.P. prevailed in its Complaint against Eric Gonzales over the domain name HEB.xxx. The decision itself was unremarkable as Mr. Gonzales clearly lacked rights or interests to the domain name. In fact, Mr. Gonzales admitted to registering HEB.xxx simply because the grocery chain had failed to "exhibit a proactive approach" towards registering in the new .XXX top-level domain.

Mr. Gonzales' move to register HEB.xxx reminded me of the early days of the Internet. Way back in 1994, when there were less than three full-time employees at the Internet Network Information Center ("InterNIC") handling domain registrations in .COM and only one-third of Fortune 500 companies had registered their main trademark in the .COM space, Josh Quittner wrote an article in Wired about corporate adoption of the Internet. In what now seems an almost quaint analysis, Quittner examined the practice of cybersquatting, which was burgeoning as companies that had yet to get the message about "the Next Big Thing" failed to register their domains and Internet intellectual property laws and domain dispute arbitration were still in their infancy. As Quittner saw it, companies that didn't register their .COM domain name should suffer the consequences. To prove his point, he registered McDonalds.com. Without a UDRP procedure or a precedent for domain recovery arbitration, Quittner was able to hold on to McDonalds.com for over three months, and only surrendered it to the fast food chain after extracting a $3,500 donation to a public school.

Fast-forward 18 years, and Mr. Gonzales' attempt to make a point about HEB Grocery's failure to register in .XXX was met with a swift and sound decision from the NAF Panelist. As ICANN paves the way for the introduction of hundreds, possibly thousands, of new gTLDs, the first .XXX UDRP decision is a reminder that we've come a long way since 1994. And, like the domain name space itself, the ways in which brand owners protect their online reputations are continuing to evolve.

The Russian Legal Information Agency (RAPSI) is reporting that the Russian Ninth Commercial Court of Appeals will hear an appeal from Tissot, the luxury Swiss watchmaker and member of the Swatch Group, over Holmrook Limited's use of the “Tissot” trademark and the domain name Tissot.ru. Back in December, the Moscow Commercial Court ruled against Tissot on the grounds that the Tissot.ru domain was operated by an authorized third party as an informational website about the French painter, James Tissot. Tissot (the brand) contended that this content was only put on the site after it had filed its suit.

Indeed, the Court's decision does seem curious given that it had previously ruled in favor of other Swatch Group brands Rado and Longines, against Holmrook Limited, over similar trademark and domain name issues. In September 2011, for example, the court ordered the Rado.ru domain transferred to Rado and commanded that Holmrook pay out 50,000 rubles (about $1,650) to Rado in damages. Given that the Tissot suit marks the third case in which Holmrook Limited has been the defendant in domain name disputes involving Swatch Group brands, all signs seem to point towards a bad faith registration. And yet, the Russian court did not see it that way.

Unfortunately, the inconsistencies in this case are (ironically enough) quite consistent with my experience with the .RU ccTLD. The bottom line is, thanks to lax copyright enforcement and a rampant counterfeiting industry, cybersquatting flourishes in the .RU space. Compounding the problem is the lack of any kind of dispute resolution policy (DRP) for .RU domains, which leaves trademark holders with the unpalatable choice of pursuing legal action through the expensive, slow, and inconsistent Russian court system, or attempting to purchase the domain directly from the domain owner.

For brand owners, the best defense is a strong offense: I advise registering all key trademarks in the .RU domain before cybersquatters can. If you're already too late, attempt to negotiate a sale of the disputed domain with the registrant. When all else fails, try the Russian courts as Tissot is now preparing to do for a second time. I will be closely following the appeal, which the court is scheduled to hear on February 8th. 

With the biggest game of the football season – not to mention the most-watched television broadcast in the U.S. – just three days away, it should come as no surprise that scammers are seeking every opportunity to take advantage of Pats and Giants fans, as well as the more casual Super Bowl viewer, on the Internet. In addition to websites promising last-minute ticket sales and hawking counterfeit merchandise, government officials are swooping down on sites such as FirstRowSports.tv and FirstRowSports.com that advertise unauthorized streaming coverage of the big game itself. Such operations have become a predictable aspect of most major sporting events, including the 2011 Baseball World Series.

This morning, U.S. Immigration and Customs Enforcement (ICE) Director John Morton, U.S. Customs and Border Protection (CBP) Director of Field Operations in Chicago David Murphy, and NFL Vice President for Legal Affairs Anastasia Danias appeared in Indianapolis (the city hosting Sunday's game) to report that "Operation Fake Sweep" had led to the seizure of 307 infringing websites and one arrest. Fake Sweep comes as part of the broader "Operation In Our Sites" program, which, since its inception in June 2010, has reportedly led to the seizure of 669 domain names.

The ICE has promised that the domain crackdown will continue throughout the weekend. In the meantime, fans searching for Super Bowl XLVI memorabilia should be sure to only purchase merchandise from authorized vendors with familiar domains. And remember, for those without a TV like myself, the NFL and NBC will be streaming the game live – and legally – on NBCSports.com.

Things could be about to get real for Filipino cybersquatters. The Filipino Senate recently passed the Cybercrime Prevention Act of 2012. While still awaiting passage in the Filipino House of Representatives, the proposed legislation criminalizes cybersquatting, making it a "punishable act." Those found guilty could face six to twelve years in prison, a fine of up to 500,000 Philippine pesos (the equivalent of about $11,600), or both.

That's quite a contrast to the U.S.'s Anti-Cybersquatting Consumer Protection Act (ACPA) of 1999. Although ACPA allows for the awarding of damages between $1,000 and $100,000 for cases involving willful cybersquatting, research by FairWinds in 2008 revealed that courts have rarely assessed damages at the upper end of this range. Accordingly, trademark holders prefer the relative ease and lower cost of recovering cybersquatted domains through the Uniform Domain-Name Dispute-Resolution Policy (UDRP), which only has the power to transfer or cancel domains, and therefore provides little deterrent to cybersquatters. The result? Just about anybody can register a domain that is identical or confusingly similar to a registered trademark with relative impunity.

If the Cybercrime Prevention Act passes, it will be interesting to see what happens to cybersquatting in the Philippines. As for the U.S., I suspect that the risk of twelve years behind bars would be enough to deter all but the boldest of cybersquatters.

A few days ago, a client sent me an email asking me to weigh in on what domain names her company should register to correspond with its presence in markets in the Middle East. While she was planning to register the core brand name in the relevant ccTLDs, or country code top-level domains (Brand.ae for the United Arab Emirates, Brand.co.il for Israel, etc.), her distributor in the region had advised her that local Internet users tend not to direct navigate to domains in their ccTLDs. Instead, she said that consumers typically type in the brand name followed by “ME” in .COM. So, the distributor advised, our client should register BrandME.com.

The client asked me if I agreed that this was a common practice, and if other major brands followed this naming convention. To my knowledge, it was much more common for brands to stick with ccTLD domains. Off the top of my head, I couldn’t think of any big brands that follow the BrandME.com practice my client had described. But it sounded interesting, so I wanted to look into it further.

I decided to take a sample of the biggest brands and see whether or not they used BrandME.com domain names. For a quick reference, I looked at the top 20 brands on Interbrand’s Best Global Brands of 2011 list.

Of those 20, I found that only four owned their BrandME.com domain names: Coca-Cola (Coca-ColaME.com, but not CocaColaME.com or CokeME.com), Google (GoogleME.com), McDonald’s (McDonaldsME.com), and Disney (DisneyME.com). Of those four, only two, McDonald’s and Disney, actually direct those domains to content. McDonaldsME.com redirects to McDonaldsArabia.com; DisneyME.com displays Disney content in English.

Of the other 16, some brands’ BrandME.com domains had been registered by third parties. Most pointed to Pay-Per-Click ads or parked pages. Others did not resolve to content. The rest of the BrandME.com domains were not currently registered.

Because the client is a cosmetics company, I checked about five other cosmetic brands’ BrandME.com domains as well. None resolved to brand content. In fact, none resolved to content at all.

So what did I end up telling the client? Basically, it won’t hurt her to make sure all her bases are covered by registering her BrandME.com domain name. But the standard practice is to stick to registering the brandname in the ccTLDs of the relevant markets. If a company has a presence in Saudi Arabia, in other words, it should go after Brand.com.sa.

Please note: this blog post is meant to be a humorous piece. I advise placing your tongue inside your cheek before reading.

I’m wiling to bet that nearly every tech entrepreneur out there dreams of coming up with the idea for THE new technology, the one that changes the way humans conduct their lives or interact with content and each other. And I’m sure none would shy away from the fame, not to mention the financial windfall, that such an invention would entail.

At the same time, I’m also willing to bet that very few of these entrepreneurs dream of going down in a massive police raid during their birthday party, or of being found hiding in their safe room clinging to sawed-off shot gun. No one dreams of being infamous instead of famous. No one dreams of going out like Kim Dotcom.

Call him the Jabba the Hutt of digital piracy. The media has painted the German-born Kim Dotcom, formerly Kim Schmitz, as a self-styled gangster and international digital kingpin. Aside from putting the “mega” in MegaUpload.com, the founder of the massive Hong Kong-based file hosting site also has a penchant for hacking and even racked up a conviction for insider trading. Reports from the raid say that police seized various luxury cars, including (of course) a Rolls Royce; valuable artwork; and over $8 million. No word yet on whether Dotcom also had a gold-bikini-clad princess chained up somewhere in his mansion.

The indictment, which charged Dotcom and his associates with conspiracy to commit racketeering, piracy to commit copyright infringement, and piracy to commit money laundering, claims that MegaUpload.com inflicts harm on copyright holders to the tune of $500 million. MegaUpload.com is what’s known as a cyberlocker, a site where users can upload files for others to download. Unsurprisingly, these kinds of sites, while they have many legitimate uses, are often hotbeds for the exchange of pirated content.

Interestingly, Dotcom’s arrest came just a day after the widespread protests over two anti-piracy bills, the PROTECT IP Act and the Stop Online Piracy Act.

When asked to comment on his arrest, Dotcom muttered, “Bring me Solo and the Wookiee. They will all suffer for this outrage.”

Just kidding.

For brand owners, the launch of a new generic top-level domain (gTLD) brings with it a now all-too familiar nuisance: the Sunrise period. Sunrise periods are a necessary evil for businesses: on the one hand, they provide businesses with the opportunity to protect their brand in newly launched extensions, but on the other hand, they require businesses to monitor for announcements, navigate through the steps of registering their trademarks, and pay the associated fees. For companies that hold multiple trademarks, this can be an expensive and time-consuming process. However, as the number of gTLDs is poised to expand significantly, participating in Sunrise periods will remain an important aspect of businesses’ online brand protection strategies.

Unfortunately, there is a lack of clarity among many businesses about when participating in a Sunrise period is a smart defensive move. Some registrars appear willing to take advantage of this confusion, and the “better safe than sorry” attitude that often accompanies it, with vague marketing practices. Take, for example, the so-called "Sunrise period" for the .JP.NET extension that opened on January 16. Let's get one thing straight right off the bat: .JP.NET is not a top-level domain. Rather, the registry services provider CentralNic has registered "JP" as a second-level domain in the .NET domain space. Businesses that register their trademarks in .JP.NET are actually purchasing a third-level domain on the JP.net second-level domain.

CentralNic argues rightly that the third-level registrations in the JP.net domain open up opportunities for businesses that were unable to obtain their desired domain name in the .NET gTLD or Japan's .JP country-code TLD (ccTLD). What is unsettling, however, is that .JP.NET is being marketed by registrars as the debut of another top-level domain with no reference to the fact that .JP.NET is not, in fact, a top-level domain. Rather, the .JP.NET rollout seems designed to mirror the recent, high profile launch of the .XXX gTLD with a four-phase registration process that includes Sunrise and Landrush periods along with a promotional period for .JP and .NET owners to register matching .JP.NET domains before General Availability begins. This strategy seems aimed at inciting brand owner confusion and anxiety, and, of course, drumming up sales.

The bottom line is that registrants should be told, up front, what they are actually getting by registering a .JP.NET domain. Without such an explanation, however, the burden falls upon brand owners to be informed and strategic with regard to domain name registrations. As countries increasingly open up ccTLDs to general registrations (Columbia's .CO and Montenegro's .ME are two of the most recent examples), and with the first extensions from ICANN's New gTLD Program predicted to go live in early 2013, the number of Sunrise periods is only going to increase as time goes on. Staying aware and informed will be the key to making smart decisions.  
 

Back in September, we published a Perspectives paper about a survey scam that targeted social networks: when Internet users mistyped the domain names of popular social media sites like Facebook, Twitter, YouTube and others into their browsers’ address bars, they were led to a website that was formatted similarly to the target homepage, but displayed a survey in place of the expected content. The surveys promised prizes for answering questions and – surprise, surprise – never delivered on those prizes. Instead, they stole users’ valuable personal information.

In the study, we noted that shortly before we published, Facebook had filed a lawsuit against 25 defendants over 104 different domain names, many of which we identified as hosting this survey scam. Now, according to Fusible, Google has come out on top in its own struggle against survey scammers. The search engine giant, and owner of YouTube, filed a Uniform Domain-Name Dispute-Resolution Policy (UDRP) complaint with the National Arbitration Forum over the domain names youtbe.com, youtub.com, youtue.com, youube.com, and yutube.com, all of which had popped up in our study as hosting the survey scam.

Recovering these domains was by no means a bad move on Google’s part, but it amounts to a drop in the bucket: in total, we had identified 81 typos of YouTube.com that had been squatted to host this scam, many of which receive extremely high volumes of traffic (by our calculations, a single domain receives over 19 million visitors annually). These five domains receive fewer than 300,000 visitor per year, accounting for only 0.72 percent of the total traffic that all the squatted Youtube.com typos in our study receive. Conversely, if Google had targeted the top five typos that receive the most visitors, it could have recovered over 90 percent of traffic, or more than 35 million annual visitors, that are exposed to these survey scams. That would have gone a long way in protecting YouTube’s users, and in turn would have stemmed a significant portion of the damage that these scams have inflicted on the YouTube brand.

But on the bright side, Google is clearly aware of the survey scam problem, and the UDRP Panelist reached a fairly open-and-shut decision. These two factors bode well for the company, should it decide to pursue more of these typosquatted domains.