WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
Federal authorities have made the first arrest under the Truth in Domain Names Act, the legislation signed earlier this year by President Bush that makes it a crime to use a misleading Web address to direct children to pornographic Internet sites.
John Zuccarini, 53, was arrested early Wednesday morning in Hollywood, Fla., and charged with creating an estimated 3,000 domain names that slightly transposed well known commercial site names popular with children and teenagers such as dinseyland.com for Disneyland.com. Accessing Zuccarini's sites directed users to advertising sites, many of them pornographic.
Federal prosecutors said Wednesday the advertising sites paid Zuccarini as much as $1 million a year for directing traffic to their sites.
Zuccarini's scam is well known to prosecutors and the courts. Last year, he was ordered by a federal court to stop a similar scheme that bombarded those who mistyped Web addresses with gambling pop-up ads and then directed them to graphic adult sites. In 2001, the Federal Trade Commission (FTC) charged Zuccarini with using more than 5,500 copycat Web addresses to divert surfers from their intended Internet destinations to one of his sites. The FTC action led to a court order requiring him to pay back $1.8 million in "ill-gotten gains."
"The defendant is accused of taking advantage of children's common mistakes, and using that to profit by leading them by the hand into the seediest and most repugnant corners of cyberspace. His alleged actions are not clever but criminal," Manhattan U.S. Attorney James Comey said.
If convicted under the new law, Zuccarini faces a maximum of four years in prison and a $250,000 fine. Zuccarini is due at a bail hearing today in Florida and federal prosecutors are expected to ask the court to hold him in jail before being sent to New York for prosecution.
According to the 2001 FTC complaint, the scheme works like this: Zuccarini registers domain names that are misspellings of legitimate domain names or that incorporate transposed or inverted words or phrases. For example, he registered 41 variations on the name of teen pop star, Britney Spears. Surfers looking for a site who misspell its Web address or invert a term are taken to Zuccarini's sites.
There, they are hit with a rapid series of windows displaying ads for goods and services ranging from Internet gambling to pornography. An FTC investigator entered one of Zuccarini's copycat domain names, annakurnikova.com, and 29 browser windows opened automatically. In some cases, the legitimate site to which the consumer is attempting to go isalso launched, so that consumers think the hailstorm of ads to which they are being exposed is from a legitimate Web site.
Once consumers go to one of Zuccarini's sites, it is very difficult for them to exit. In a move called "mousetrapping," special programming code at the sites obstructs surfers' ability to close their browser or go back to the previous page. Clicks on the "close" or "back" buttons cause new windows to open.
"After one FTC staff member closed out of 32 separate windows, leaving just two windows on the task bar, he selected the back button, only to watch as the same seven windows that initiated the blitz erupted on his screen, and the cybertrap began anew," the FTC papers filed with the court stated.
The Truth in Domain Names Act was passed by Congress in April as part of the Protect Act of 2003, which includes a broad range of protections for children. Among the tougher penalties for crimes against children is a provision for criminal sanctions against deceptive adult Internet site operators.