Written by Brian Cute, CEO of Public Interest Registry
With so many internet platforms and tools to choose from and so many security threats to avoid, it is hard to know where to begin. So, as they say, let’s start at the beginning with an internet address itself. Public Interest Registry is the not-for-profit operator of the .org, .ngo and .ong internet addresses that serve as the primary internet identity for millions of not-for-profits online. But what keeps the .org, .ngo and .ong domain names secure and stable? We need to securely handle billions of internet queries a day from internet users looking to find .org, .ngo and .ong websites. When an internet user searches for a not-for-profit, Public Interest Registry directs that user to that not-for-profit’s .org, .ngo or .ong website. That’s our job and we are proud to connect supporters and donors to worthy not-for-profits on a daily basis. It starts with “connection.” How do we protect that connection?
As we know, not-for-profits can be the target of repression from governments who see them as a threat. Public Interest Registry and not-for-profits face several harmful online security threats, from DDOS attacks to phishing and government surveillance. Each of these threats poses unique potential harm to not-for-profits. DDOS attacks aim to take a website offline entirely so that it is not accessible to internet users. Those who launch DDOS attacks accomplish this by orchestrating a high volume of internet queries at a targeted website at a volume that overwhelms that website’s ability to respond. In effect, a DDOS attack can “silence” the website and interrupt for a period of time the not-for-profits ability to communicate with stakeholders and supporters and to collect donations online. Public Interest Registry, as the operator of all the .org, .ngo and .ong domains, comes under regular DDOS attacks and we have developed the tools and experience to mitigate these. By maintaining a secure and stable platform for these internet addresses, we contribute to a not-for-profit’s ability to connect.
Another internet security risk that can impose unique harm on not-for-profits are phishing attacks. Online phishing is an attempt to obtain sensitive information such as usernames or passwords and credit card details for malicious purposes. The perpetrators of phishing will create a website that looks like the genuine website of another organization in an attempt to fool internet users into handing over data to an organization they think they can trust. Sadly, phishing sites often present as a trusted not-for-profit organization looking to collect donations particularly after a natural disaster or other crisis. Phishing can harm the reputation of a not-for-profit by raising doubts for internet users about their trustworthiness. And all of this damage can be done without the targeted not-for-profit being aware or able to intervene. Public Interest Registry recognizes the unique harm that phishing can do to the reputation of not-for-profits online. We have a strong anti-abuse policy that identifies phishing as an abuse of the domain name and actively take down phishing sites at the earliest possible time to limit any reputational damage to not-for-profits using the .org, .ngo and .ong identities. This is reflected in the .org Spamhaus score – a third-party score of internet domains that is based on how frequently they are used for spam operations or abuse on the internet – which is the best of the main Top Level Domains.
Another internet security risk for not-for-profits is government surveillance. The Snowden revelations laid bare the extent to which governments will go to exploit online platforms and tools to surveil. Public Interest Registry understands the importance of the domain name infrastructure and that not-for-profits need it to be secure and stable. We support efforts to secure internet infrastructure to frustrate any efforts, by governments or other actors, to conduct surveillance. In fact, we have supported the funding of CrypTech, an effort to develop open source hardware that can be deployed in the internet to frustrate illicit surveillance.
To further bolster internet security and stability, Public Interest Registry has also implemented Domain Name System Security Extensions (DNSSEC) with the domains we operate. DNSSEC is designed to protect internet servers from domain name system attacks. For not-for-profits, this means that using .org, .ngo, .ong or any of the domains Public Interest Registry operates will help protect against impersonation attacks or other efforts of malicious users. With .org, we were the first open generic Top Level Domain to implement DNSSEC and we continue to be actively involved in ongoing DNSSEC design and deployment initiatives to help protect the overall security and longevity of the internet.
As not-for-profits, it is in our shared interest to fight for a safe and secure internet for civil society and all the good that it can do. At Public Interest Registry, maintaining a secure and stable .org, .ngo and .ong internet address is part of our mission. We believe it is important for not-for-profits to understand the risks they face online and to have the tools to create safe and secure connections with stakeholders, supporters and donors so they can reap the benefits of being online.