Reports surfaced on Friday about cybercriminals gravitating towards the un-policed domain name of the former Soviet Union, .su. The most publicized of such sites was exposed.su, which published credit records for Michelle Obama, Donald Trump, and several other celebrities in March 2013.
The Soviet Union domain is not the only country domain name that has become a haven for hackers. The .tk domain belonging to the South Pacific territory of Tokelau is full of scam websites as well. The recent surge in .su cybercriminal domains was due to a move by the Russian government two years ago in which it tightened rules for opening up .ru (Russian) domains. Before April 2010 any person could open up a .ru account, but after the legislation went into effect passports and legal registration papers for businesses were required.
Currently, the Russian nonprofit Foundation for Internet Development has claimed responsibility for the domain name since 2007. It does not, however, have the authority or power to shut down criminal websites on the .su domain, because they are technically outside the bounds of Russian authority. (Founder Sergei Ovcharenko said the organization is working on the legal papers for tightening restrictions on .su domain registrations.) The domain is one of the few domain names that remained after the associated country was broken apart. Former Yugoslavia’s .yu and Eastern Germany’s .dd disappeared after the countries ceased to exist. Russia’s .su was left for nostalgic and commercial reasons. The commercial reason still exists. Thousands of businesses are registered under a .su name, either because they could not find their preferred name on .ru.
Besides the impracticality of shutting down over 120,000 domain names that end in .su, doing so could also take away a space for free expression from citizens of a country where contradicting the government is often not tolerated. (Members of the band Pussy Riot were imprisoned after singing lyrics critical of President Vladmir Putin.) Legitimate domains — often business that could not get their preferred domain name on .ru and political sites with dissenting views – exist in addition to the hacker websites. Examples are the parody site Chronicle.su and the site that eulogizes the former dictator Stalin.su. (Even though a site dedicated to Joseph Stalin is not pro-freedom, it shows how the .su domain can be a place for ideas that contradict the political rule.)
The regulation of former domain suffixes will continue to be an issue as nations expand their cyber-security efforts. Eliminating suffixes of former nations will not be as easy as it was before (in the case of .yu or .dd) as it could mean the destruction of thousands and millions of domains.
Regardless, how the .su sphere evolves will show the benefits and drawbacks of policing the web, and the tradeoff between free expression and web security if there is one.