(credit: Shutterstock)

Google has won an appeal against a €1.5 billion competition fine from the European Commission in a victory for the Big Tech group as it comes under growing scrutiny from Brussels regulators.

The EU’s General Court said on Wednesday that while it accepted “most of the commission’s assessments” that the company had used its dominant position to block rival online advertisers, it annulled the hefty fine levied against Google in the case.

When launching the action against Google in 2019, Margrethe Vestager, the bloc’s competition chief, said that the search giant had imposed anti-competitive restrictions on third-party websites for a decade between 2006 and 2016. She justified the €1.5 billion fine by arguing that it reflected the “serious and sustained nature” of the infringement.

Enlarge (credit: Aurich Lawson | Getty Images)

It’s not every day that a security researcher acquires the ability to generate counterfeit HTTPS certificates, track email activity, and the position to execute code of his choice on thousands of servers—all in a single blow that cost only $20 and a few minutes to land. But that’s exactly what happened recently to Benjamin Harris.

Harris, the CEO and founder of security firm watchTowr, did all of this by registering the domain dotmobiregistry.net. The domain was once the official home of the authoritative WHOIS server for .mobi, a top-level domain used to indicate that a website is optimized for mobile devices. At some point—it’s not clear precisely when—this WHOIS server, which acts as the official directory for every domain ending in .mobi, was relocated, from whois.dotmobiregistry.net to whois.nic.mobi. While retreating to his Las Vegas hotel room during last month’s Black Hat security conference in Las Vegas, Harris noticed that the previous dotmobiregistry.net owners had allowed the domain to expire. He then scooped it up and set up his own .mobi WHOIS server there.

Misplaced trust

To Harris’s surprise, his server received queries from slightly more than 76,000 unique IP addresses within a few hours of setting it up. Over five days, it received roughly 2.5 million queries from about 135,000 unique systems. The entities behind the systems querying his deprecated domain included a who’s who of Internet heavyweights comprising domain registrars, providers of online security tools, governments from the US and around the world, universities, and certificate authorities, the entities that issue browser-trusted TLS certificates that make HTTPS work.