Anti-Phishing Working Group

Similar documents
Issues in Using DNS Whois Data for Phishing Site Take Down

Phishing Activity Trends

Phishing Activity Trends Report August, 2006

Phishing Activity Trends Report August, 2005

Phishing Activity Trends

Phishing Activity Trends

DRAFT: gtld Registration Dataflow Matrix and Information

Phishing Activity Trends

The Anti-Phishing Working Group: Electronic Crime, Fraud and Useful Attempts to Battle the Miscreants. Foy Shiver Deputy Secretary-General APWG

CE Advanced Network Security Phishing I

Anti-Phishing Working Group

Updates on Sharing Threat Data, Security Awareness and Policy Efforts to Fight Cybercrime

DNS Abuse Handling. FIRST TC Noumea New Caledonia. Champika Wijayatunga Regional Security, Stability and Resiliency Engagement Manager Asia Pacific

Registry Internet Safety Group (RISG)

RSA FRAUDACTION ANTI-PHISHING SERVICE: BENEFITS OF A COMPREHENSIVE MITIGATION STRATEGY

Phishing Activity Trends Report January, 2005

Phishing Read Behind The Lines

Security & Phishing

PURPOSE STATEMENT FOR THE COLLECTION AND PROCESSING OF WHOIS DATA

Explanation of Data Element Data Element Potentially Legitimate purposes for Collection/Retention

Chapter 6 Network and Internet Security and Privacy

.rio Registration Policies 2016 Dec 16

Co-operation against cybercrime CSIRTs LE private sector

Webomania Solutions Pvt. Ltd. 2017

Law Enforcement Recommended RAA Amendments and ICANN Due Diligence Detailed Version

This descriptive document is intended as the basis for creation of a functional specification for 2

GDPR. The new landscape for enforcing and acquiring domains. You ve built your business and your brand. Now how do you secure and protect it?

Whois Study Table Updated 18 February 2009

Phishing Activity Trends Report October, 2004

Phishing Activity Trends Report March, 2005

- To aid in the investigation by identifying. - To identify the proper ISP, webhosting. - To use in search warrant affidavits for to

Forum on DNS Abuse. Nii Narku Quaynor Moderator. 24 October 2011

Attachment 3..Brand TLD Designation Application

The Cost of Phishing. Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015

.CAM Registry. GDPR integration. Version nd May CAM AC Webconnecting Holding B.V. Beurs plein AA Rotterdam

Ethical Hacking. Content Outline: Session 1

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Radix Acceptable Use and Anti-Abuse Policy

Improving Domain Names Utilization

Attachment 3..Brand TLD Designation Application

REGISTRY POLICY STATEMENT ACCEPTABLE USE POLICY AND TERMS OF SERVICE

Bank of america report phishing

Phishing Activity Trends Report November, 2004

How to Handle Domain Hijacking Incidents (Prevention, Investigation and Recovery)

PHISHING Takedown Process

Fast Flux Hosting Final Report. GNSO Council Meeting 13 August 2009

Registrar Session ICANN Contractual Compliance

Phishing Activity Trends Report. 4 th Quarter Unifying the. Global Response To Cybercrime. October December 2012

Cyber Insurance: What is your bank doing to manage risk? presented by

Anti-Phishing Working Group

1. Anti-Piracy Services. 2. Brand Protection (SAAS) 3. Brand Protection Services. Data Protection and Permitted Purpose. Services

Effective October 31, Privacy Policy

Phishing Activity Trends Report. 3 rd Quarter Unifying the. Global Response To Cybercrime. July September 2012

ACCEPTABLE USE POLICY

2014 INTERNET COMMERCE CASE STUDY. The Battle Against Phishing and Fraudulent s. 100 S. Ellsworth Ave 4th Floor San Mateo, CA

Protecting Against Online Fraud. F5 EMEA Webinar August 2014

G8 Lyon-Roma Group High Tech Crime Subgroup

Korea Phishing Activity Trends Report

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

General Data Protection Regulation (GDPR)

Contractual ICANN. An Overview for Newcomers 11 March 2012

GAC PRINCIPLES REGARDING gtld WHOIS SERVICES. Presented by the Governmental Advisory Committee March 28, 2007

Custom Plugin A Solution to Phishing and Pharming Attacks

Case studies in global criminal attacks: McColo & CheckFreea

GNSO Issues Report on Fast Flux Hosting

SECURE USE OF IT Syllabus Version 2.0

2018 Edition. Security and Compliance for Office 365

The Domain Abuse Activity Reporting System (DAAR)

Security and Compliance for Office 365

ISSUE CHART FOR THE GNSO RAA REMAINING ISSUES PDP ON PRIVACY/PROXY SERVICES

Detecting Abuse in TLDs

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

CAREERBUILDER.COM - PRIVACY POLICY

Protecting Against Online Banking Fraud with F5

ICANN and Russia. Dr. Paul Twomey President and CEO. 10 June International Economic Forum St. Petersburg, Russia

Legal Foundation and Enforcement: Promoting Cybersecurity

Public Safety Working Group (PSWG)

Intellectual Property Constituency (IPC)

The importance of Whois data bases for spam enforcement

Topic LE /GAC position Registrar Position Agreement in Principle 1. Privacy and Proxy services

The Rise of Phishing. Dave Brunswick Tumbleweed Communications Anti-Phishing Working Group

4 th Quarter Phishing Activity Trends Report. Unifying the Global Response To Cybercrime. Activity October December 2017.

Who We Are! Natalie Timpone

Industry Connections Security Group (ICSG) Industry Connections Activity Initiation Document (ICAID) Version: 3.0, 31 May 2016

ECDL / ICDL IT Security. Syllabus Version 2.0

Luminous: Bringing Big(ger) Data to the Fight

Thailand Initiatives and Challenges in Cyber Terrorism

Privacy and Proxy Service Provider Accreditation. ICANN58 Working Meeting 11 March 2017

Phishing Activity Trends Report. 4 th Quarter Committed to Wiping Out Internet Scams and Fraud

Evolution of Spear Phishing. White Paper

Exploring Replacements for WHOIS A Next Generation Registration Directory Service (RDS)

ACCEPTABLE USE AND TAKEDOWN POLICY. Version 1.0

Frequently Asked Questions (FAQ)

Update on ICANN Domain Name Registrant Work

The Tension. Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes

716 West Ave Austin, TX USA

CYBER SECURITY & CYBER LAWS

Personal Cybersecurity

Introduction. Prepared by: ICANN Org Published on: 12 January 2018

Frauds & Scams. Why is the Internet so attractive to scam artists? 2006 Internet Fraud Trends. Fake Checks. Nigerian Scam

Transcription:

Anti-Phishing Working Group www.antiphishing.org DNS Policy Sub-Committee Overview Rod Rasmussen Rod.Rasmussen@InternetIdentity.com

Anti-Phishing Working Group Launched in 2003 2600+ members 1600+ companies and agencies (worldwide) e-commerce, financial, telecomm, ISP s, solution vendors, law enforcement, academics, national CERTs, etc. Focus: Eliminating fraud and identity theft that result from phishing, pharming and email spoofing of all types

APWG Successes Public Awareness and Education Phish Site URL Repository Up several years; Everybody loves the statistics Submit URLs and a confidence factor to APWG Every 5 minutes a new list of URLS to block is generated Most big ISPs/Tools pull list to use in filters/blocking Now includes DOMAIN NAMES registered for fraud Blind Contact List Find a phished brand-owner via federated list Submit to providers with fraud or hacking problem

39 members DNS Policy Sub-Committee Participants include registries, CERT s, solution providers, ISP s, researchers, financial institutions, etc. Goal: Ensure that anti-phishing concerns are represented during the creation or modification of Domain Name System policies

Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and/or financial account credentials. Phishing Definition

The Overall Phishing System Lure to Potential Victims Mainly email, but VOIP, IM, phone, letter are used Malware (keystroke logger, worm) attached, too Web Interface to User/Victim Personal web pages, hacked servers, phish domains Multiple DNS Servers, fast flux, all the good network engineering practices Collection Point Server of some type, sometimes via e-mail drop-box Database

Number of Phishing Sites is Growing Huge growth is due: The success of browser blocking in IE and Firefox RockPhish

Phishing is a Global Problem Top countries for hosting phish sites in April 2007

Most Phish Sites Disabled within Hours Usually NOT by law enforcement

Impact of the Problem Organized International Criminal Activity $182 million reported losses in 2005 (FBI IC3) $105 billion estimated cybercrime impact in 2004 (US Treasury Department)

APWG & ICANN Interaction To Date Several individuals members of both communities December 2005 Vancouver ICANN Meeting Registrar Constituency Meeting - Briefing on Phishing Best Practices from GoDaddy and NetSol Info on phishing from Spamhaus, Internet Identity Microsoft briefing on E-mail authentication November 2006 - APWG Meeting Orlando Special session on domains used in phishing ICANN represented by John Crain GoDaddy, NetSol, Verisign also panelists Constructive discussion with several ideas exchanged Kicked-off formation of the APWG special subcommittee DNSPWG to give recommendations to ICANN and registration community in 2007 per request by panelists

Initiatives of the DNS Policy Sub-Committee Participate in ICANN WHOIS Working Group Work with.asia on a registry phish domain suspension policy and registry best practices Work with registrars on phishing best practices

WHOIS Working Group Participation Goal: Accommodate privacy concerns while maintaining phish site takedown efficacy WHOIS use cases for anti-phishing * : Email, call, and fax the owner of a hacked site to help get his/her site cleaned up Identify additional phish domains related to a phish domain (e.g., paypallogin.com, bofalogin.com, rbslogin.com) (*) White paper of WHOIS use cases is in your registration packet and available at http://www.antiphishing.org/reports/apwg_memoondomainwhoistake-downs.pdf

Main Points for ICANN WHOIS WG Most phish sites are taken down by brand owners or third party vendors, NOT law enforcement Phish site shutdown happens within hours Phish site shutdown often involves investigation via WHOIS data Protecting consumers from phishing requires brand owner and third party vendor real-time access to WHOIS data Question: Can we find a way to allow this access while maintaining privacy for natural persons?

Initiatives of the DNS Policy Sub-Committee Participate in ICANN WHOIS Working Group Work with.asia on a registry phish domain suspension policy and registry best practices Work with registrars on phishing best practices

.asia Domain Suspension Initiative

Key Points of.asia Suspension Initiative APWG will create a committee that will define policy for takedown and accredit takedown entities Eliminates the problem of phish sites that are taken down and immediately come up again on a new ISP Create whitelist of sites (like Geocities) that could never get suspended Issues to be resolved DNS caching Appeal process Determining sites that are whitelist eligible

Initiatives of the DNS Policy Sub-Committee Participate in ICANN WHOIS Working Group Work with.asia on a registry phish domain suspension policy and registry best practices Work with registrars on phishing best practices

Registrar Best Practices Goal: Provide recommendations to registrars to help them assist the anti-phishing community and make the Internet safer for all of us Focus: Evidence preservation (help LE catch the criminals) What is useful? How to preserve? Who to provide to? Registration screening tips to identify fraudsters proactively Phishing domain takedown assistance

Registrar Best Practices (cont) Understand the operational realities of the registrar business Can help registrars REDUCE costs: Reduce fraudulent domain purchases/chargebacks Reduce load on abuse departments Limit potential legal liability Provide resources to help identify malicious activity

Summary These are works in progress we are always looking for additional input If you would like to participate, please contact Laura Mather, lmather@markmonitor.com Rod Rasmussen, rod.rasmussen@internetidentity.com Brad Keller, brad.keller@wachovia.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback