Domain seizures, servers switched off: when authorities take down illicit activities

The internet is a simple network. Apparently. You open a window on your computer to see all the websites you want. However, behind every connection, some points or nodes can be discovered, investigated, and seized by law enforcement agencies if needed.

Domains, path and seizure

Every website has a name: nytimes.com, washingtonpost.com, or theguardian.com. It is the “domain name” or “domain“. It is usually composed of letters, easy to remember. So, it is used to reach a webpage as a substitute for a string of digits that identifies the same website but would be impossible to remind: the IP address.

The web works with Ip addresses: sequences of four numbers, such as 199.181.173.179. When typing a domain name (nytimes.com) on the browser (GoogleChrome), the computer translates it into the corresponding IP address (through a device database or a database of the websites available on the net). With this IP address (199.181.173.179), the browser can negotiate the related content on the network and return to the origin device the connected webpage (the homepage of the Ney York Times website). The domain names need registration to become active.

After authorities’ notification, domains can be suspended or seized because of criminal activities (websites selling and distributing counterfeit goods, illicit gambling, fake websites used in phishing attempts, child pornography distribution).

The judiciary usually contacts the domain registries: you are redirected to a webpage hosting a warning message if you try to access seized websites. Nevertheless, the shutdown of the websites needs caution. In 2011, the US government shuttered several domains related to child pornography. Still, more than 80 thousand websites were mistakenly seized in this operation. Unauthorised web portals streaming movies or sports streaming sites (rojadirecta.com, pirlotv.fr) can also be blocked.

Seized sports streaming website

Webserver, hardware and software

So, the domain links to a website, but the website’s contents are hosted within a web server. The web server is 1) the physical machine (hardware) that stores the files of the website (images, texts, sheets); 2) the software that delivers this content to the user who requested it. A web server can be located everywhere and can host multiple websites.

The authorities can switch off the servers. Last January, an international investigation involving UK National Crime Agency (NCA) and the Hanover Police Department in Germany led to the seizure of 15 server infrastructure used by cybercriminals in distinct countries. John Denley, Deputy Director of the NCA’s National Cyber Crime Unit, says: “This operation shows that there is no hiding place from the combined power of global law enforcement when it comes to taking down illegal IT infrastructure”.