International Security

FairWinds Partners —  August 23, 2011

Early this week, Mashable reported that Nic.ly, the site of Libya’s country-code top-level domain (ccTLD) .LY registry, had been hacked by a group calling itself Electr0n. The group pointed the domain to a site with anti-Muammar Gaddafi messages. Fortunately, the hack did not impact the most widely-used .LY sites like Bit.ly and Ow.ly, but the vulnerability of Nic.ly points out something that brand owners need to be very much aware of, which is that certain ccTLDs are much less stable than others. Some brand owners with whom we have been brainstorming about the new gTLD program have suggested that they may apply for and operate .BRAND gTLDs in hopes of making this an issue of the past.

Some ccTLDs, like the United Kingdom’s .UK, Japan’s .JP and Germany’s .DE, are highly secure, and are operated with the utmost stability. Others are run much less securely, sometimes out of universities and government offices, or by private individuals, with few digital or sometimes even physical security measures in place. Recently, the ccTLD registry of Fiji (.FJ) was hacked, which caused many familiar brands’ ccTLD domains to be rerouted to a different website. And during the riots this spring, the Libyan government shut down the country’s Internet access, putting U.S.-based sites like Bit.ly and Ow.ly in jeopardy of being shut down.

In the current domain name system, companies often register domain names in the ccTLDs where they have a business presence, or simply in order reserve the domain and safeguard their trademark. IBM, for example, owns the domains IBM.at, IBM.ca and IBM.it, among others; Austria, Canada and Italy are all countries where IBM has operating companies and a substantial presence. In the era of new gTLDs, brands may want to consider ending the practice of communicating ccTLDs for their respective markets and instead promote a second-level domain like COUNTRY.BRAND. Following the IBM example, that would mean redirecting its Austrian ccTLD domain, IBM.at, to Austria.IBM; its Canadian ccTLD domain to Canada.IBM; its Italian ccTLD to Italy.IBM or Italia.IBM, etc. until their customers and partners grow accustomed to the new addressing standard.

On one hand, we reject the notion that the success or failure of new gTLDs will depend on whether consumers’ Internet navigation behavior changes or adapts to the new naming conventions; this is because in most cases, a .BRAND extension will be nothing more than a label that redirects to content found on existing, well-indexed domains that have earned SEO value over a long period of time. But in certain instances where global Internet security standards can be raised to a higher level on a private network, it may make sense to invest in migrating content away from a space that a company cannot control to one that it can.

Because brand owners will oversee the operation of their .BRAND gTLDs in this scenario, they will not have to worry about potential instability or Internet shut downs in ccTLDs. In the long run, under the new gTLD naming conventions, this could be an attractive option for multinational brands concerned about the distributed nature and varying security across ccTLD registries.