GDPR impact on Whois data raising concern

The negative impact of the GDPR on internet domain registration information is raising concern in cyber security circles because the data is key to cyber crime fighting operations. The EU’s General Data Protection Regulation (GDPR) is resulting in internet domain registrars hiding domain registration information to avoid fines for non-compliance. Domain registration information is published by domain registrars in the international Registration Directory Service (RDS), formerly known as Whois, which enables anyone to find the name, address and contact details of all domain registrants. This data is often used by cyber crime fighters to link malicious domains so that once one is discovered, others being used by the same cyber criminals can be flagged and blocked proactively to prevent further damage by single cyber crime actors or cyber crime campaigns. Cyber criminals typically register a few hundred, even thousands, of domains for their activities, and even if fake details are used, registrants have to use a real phone number and email address, which is enough for the security community to link associated domains. Using high-speed machine-to-machine technology and with full access to Whois data, Barlow said organisations such as IBM were able to block millions of spam messages or delay activity coming from domains associated with the individuals linked to spam messages.