The Ghosts of Banking Past: Empirical Analysis of Closed Bank Websites
We study what happens to the domains used by US banks for their customer-facing websites when the bank is shut down or merges with another institution. The Federal Deposit Insurance Corporation (FDIC) publishes detailed statistical data about the many thousands of US banks, including their website URLs. We extracted details of the 3 181 banks that have closed their doors since 2003 and determined the fate of 2 302 domain names they are known to have used. We found that 47 % are still owned by a banking institution but that 33 % have passed into the hands of people who are exploiting the residual good reputation attached to the domain by hosting adverts, distributing malware or carrying out search engine optimization (SEO) activities. We map out the lifecycle of domain usage after the original institution no longer requires it as their main customer contact point – and explain our findings from an economic perspective. We present logistic regressions that help explain some of reasons why closed bank domains are let go, as well as why others choose to repurpose them. For instance, we find that smaller and troubled banks are more likely to lose control of their domains, and that the domains from bigger banks are more likely to be repurposed by others. We draw attention to other classes of domain that are best kept off the open market lest old botnets be revivified or other forms of criminality be resurrected. We end by exploring what the public policy options might be that would protect us all from ghost domains that are no longer being looked after by their original registrants.
KeywordsPolicy Option Large Bank Small Bank Bank Size Federal Deposit Insurance Corporation
The authors thank the anonymous reviewers for their helpful feedback. This work was partially funded by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHSS&T/CSD) Broad Agency Announcement 11.02, the Government of Australia and SPAWAR Systems Center Pacific via contract number N66001-13-C-0131. Richard Clayton’s initial contribution was made whilst he was collaborating with the National Physical Laboratory (NPL) under EPSRC Grant EP/H018298/1, “Internet Security”. This paper represents the position of the authors and not that of the aforementioned agencies.
- 2.Dai, N., Davison, B.D., Qi, X.: Looking into the past to better classify web spam. In: Proceedings of the 5th International Workshop on Adversarial Information Retrieval on the Web, AIRWeb ’09, pp. 1–8. ACM, New York (2009)Google Scholar
- 3.Gyöngyi, Z., Garcia-Molina, H.: Web spam taxonomy. In: AIRWeb, pp. 39–47 (2005)Google Scholar
- 4.Hao, S., Thomas, M., Paxson, V., Feamster, N., Kreibich, C., Grier, C., Hollenbeck, S.: Understanding the domain registration behavior of spammers. In: Proceedings of the ACM SIGCOMM IMC (2013)Google Scholar
- 5.Kalafut, A.J., Gupta, M., Cole, C.A., Chen, L., Myers, N.E.: An empirical study of orphan dns servers in the internet. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, IMC ’10, pp. 308–314. ACM, New York (2010)Google Scholar
- 6.Moore, T., Clayton, R.: Examining the impact of website take-down on phishing. In: Cranor, L.F. (ed.) eCrime Researchers Summit. ACM International Conference Proceeding Series, vol. 269, pp. 1–13. ACM (2007)Google Scholar
- 7.Moore, T., Clayton, R.: The consequence of non-cooperation in the fight against phishing. In: Third APWG eCrime Researchers Summit, Atlanta, GA (2008)Google Scholar