Prevent and suspend – Keeping the UK namespace as one of the safest in the world

3rd December 2020

Russell Haworth

Russell Haworth
CEO (until March 2021)

Cyber criminals have been given an opportunity by the turbulence of 2020. New global trends and anxieties are bounty to those who look to exploit others for their own gains. As guardians of the national namespace, Nominet is well versed in the tricks and rapid pivots of the cyber criminals, but our ongoing efforts – a combination of prevention and suspension – aim to keep the worst of them at bay. Over the last year, we’ve worked hard to make sure the .UK Domain remains one of the most hostile country code top level domains (ccTLDs) to criminals globally.

Evidence to support this can be found in our annual Criminality Report, which looks back over the last twelve months The report details our work to reduce criminality in the namespace. This is in collaboration with law enforcement agencies (LEAs) and organisations like Internet Watch Foundation – reporting agencies when it comes to criminality in the namespace – as well as through our own in-house initiatives.

When LEAs identify criminal activity based on their intelligence gathering and investigation, they request that the domain involved is suspended. In the past year, we suspended 22,158 .UK domains based on requests – less than last year’s figure of 28,937 – which accounts for around 0.22% of the total number of .UK domains registered.

In a year where the world moved online, this decline may be surprising, but it reflects a trend over the last few years. For the last year, the majority of the decrease is due to a reduced number of suspension requests from the City of London’s Police Intellectual Property Crime Unit (PIPCU).

PIPCU, which processes and co-ordinates requests relating to IP infringements from nationwide sources, is responsible for the largest volume of requests we receive to suspend. It made 21,632 during the 12 months, a significant amount but still less than the previous year which shows us that their work to identify and interrupt the counterfeiters keen to sell their wares online is having an effect. It also suggests that the organised crime groups behind a multitude of scams are also starting to realise that using .UK domains runs a high risk of prompt suspension. While that’s good news for .UK, it does mean the criminals simply go elsewhere so consumers must remain vigilant.

The news is less positive when it comes to fraud. Our report shows a rise in fraud and scams this year, with an increase in suspension requests from the Financial Conduct Authority (FCA) and the National Fraud Intelligence Bureau (NFIB). This isn’t altogether unsurprising in a year when so many more people had to use the internet for more activities and criminals spotted new opportunities to prey on the vulnerable and the anxious. This trend is also in line with the general increase in this type of crime: the FCA’s most recent annual report shows an 11% increase in the number of cases of firms and individuals trying to carry out business without FCA authorisation as compared to the previous year.

Our work with all the LEAs is driven by a joint commitment to eliminate criminality in the .UK namespace as swiftly as we can. In addition, Nominet is committed to prevention, stopping criminal domains that might be used for phishing before they go live. We achieve this with our Domain Watch tool, which identifies at the point of registration domains which we believe may be used for illegal purposes – such as and Domain Watch puts these domains on hold until they are proven to be registered for legitimate use.

At the start of the pandemic, we also focused our efforts on identifying covid-related domains that roused suspicion as they may be registered for criminal intent. Since March, almost 4,000 covid-related domains have been put on hold pending registrant checks. A total of 1,568 of these domains subsequently passed due diligence and are now registered in the namespace.

In what has been an unusual year for everyone, it’s satisfying to recognise that it’s been a tough year for the cyber criminals. Making life difficult for those who exploit online is a team sport and we are proud to continue to play our part alongside our LEAs and key reporting organisations. By tweaking and pivoting our own processes in response to malintent – and acting on the reports from LEAS – Nominet has maintained our track record and kept the national namespace as a safe and secure place to be for the millions of individuals and businesses who rely on it every day.

Download the Criminality Report on the website. Meet some of the LEAs we work with on the blog. Read our Criminal Practices Policy.

Like this? Try these...