18 June 2020

Dave Piscitello on Ransomware

CAUCE board member Dave Piscitello talked with host Gary Berman about ransomware on the Unsung Cyber Hero podcast. He shared stories about what has happened, and what you can do about it.

Watch him here: Podcast episode

Posted at 16:56 in Technology, Warnings |

31 March 2020

Domain Name Registration Data at the Crossroads

New Report Shows Widespread Issues with Domain Name System Registration Accountability
Urgent Actions Required To Respond to Growing Online COVID-Themed Scams and Phishing Attacks

BOSTON, MA - Today, Interisle Consulting Group, a leading organization on the frontlines of cybersecurity issues, released a new report, Domain Name Registration Data at the Crossroads: The State of Data Protection, Compliance, and Contactability at ICANN. This study reveals widespread problems with access to and the reliability of domain name registration data systems (WHOIS). These failures have real-life security implications, which are being seen in the current wave of cybercrime accompanying the COVID-19 pandemic.

Across the Internet, everyone from individual consumers to advocacy groups to law enforcement agencies use domain registration information for vital purposes, including security scanning, problem-solving, and to provide legal and social accountability. “The COVID-19 pandemic has led to a recent explosion of cybercrime, with thousands of new domain names using terms like ‘covid’ or ‘corona’ being used to perpetrate spam, phishing, malware campaigns and to peddle fake products,” said Dave Piscitello, partner at Interisle Consulting Group and editor of the report. “Investigators need quick, unencumbered access to domain registration data to disrupt COVID-themed attacks before they cause losses and harm. The problems our study exposes have made that all but impossible.”

The report was designed to measure the effectiveness and impact of the registration data policies of ICANN (Internet Corporation for Assigned Names and Numbers). Over the course of five months, Interisle analyzed the practices of 23 domain registrars, and how the registrars performed against five key standards. The report details how the registrars failed to meet contractual obligations and contactability goals in 40% of the cases studied, with problems in an additional 16% of cases.

“Domain registration data is supposed to be available in guaranteed, reliable ways. Unfortunately, we documented widespread failures, both technical and legal,” said Greg Aaron, the author of the study. “These problems make it hard to distinguish bad Internet actors from good, severely impacting public security. And they make it harder to communicate and solve a range of other problems, eroding trust on the Internet.”

Other findings show that access to critical registration data has been significantly curtailed over the past two years, and ICANN compliance problems. The report also recommends actions that can be taken to ensure a healthy Internet and naming system. The full report can be found at: http://interisle.net/domainregistrationdata.html .

ABOUT INTERISLE CONSULTING GROUP
Interisle Consulting Group is comprised of experienced practitioners with extensive track records in industry and academia and world class expertise in business and technology strategy, Internet technologies and governance, financial industry applications, and software design. Interisle is focused on resilient systems, networks, and organizations, and the research it conducts for clients frequently leads to insights with lasting significance. More information is available at www.interisle.net.

Posted at 13:20 in Press Releases, Technology, World |

Tags: Coronavirus, COVID-19, cybercrime, Fraud, registrations

23 October 2019

Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access

In this report, we study "bulk registration misuse" by criminal actors. Bulk registrations refers to the practice of rapidly acquiring domain names, using these in an attack, and abandoning them as if they were throw-away ("burner") phones. These domains are a critical resource for cyber criminals.

We use reputation block list (RBL) data to reveal how the use of bulk registrations, coupled with the crippling of registration data access by the ICANN Temp Spec for Whois, presents cybercrime investigators with the dual impediments of harder-to-pursue criminal activity and harder-to-obtain information about the criminals. From our analyses of sample RBL data for five Top-level Domains we:

  • Confirm that cyber criminals take advantage of bulk registration services to "weaponize" large numbers of domains for their attacks,
  • Identify four specific registrars at which abusive registration activity appears to be concentrated,
    profile registrants that misuse bulk registrations to acquire and weaponize thousands of domains,
  • Confirm that ICANN's Temp Spec policy of redacting Whois point of contact information to comply with the GDPR significantly encumbers and delays cybercrime investigation.
Based on these findings, we recommend that the ICANN organization and community consider several Consensus Policies which, if adopted and incorporated into contracts, would contribute to reducing cybercrime and mitigating its effects on victims.
 
 
Dave Piscitello (CAUCE Director at large) ad Dr. Colin Strutt

Posted at 17:55 in Technology |

06 October 2019

GDPR Didn't Affect Spam? Not So Fast
By John Levine

http://www.circleid.com/posts/20180905_gdpr_didnt_affect_spam_not_so_fast/

Posted at 14:25 |

01 October 2019

RIP Don Blumenthal

Don2

It is with a heavy heart that we note the passing of dear friend, colleague and member of the CAUCE board board of directors, Don Blumenthal on September 28, 2019 in Ann Arbor, Michigan. He was 67.

Don was an anti-spammer for as long a there was an anti-spam community: he helped design, deploy and maintain the famous ‘Spam Fridge’, the repository of junk email maintained by the Federal Trade Commission (FTC). He contributed the wisdom he gleaned from that experience to the design process of Canada’s Spam Freezer.

 

 

Don Blumenthal later worked at the Public Interest Registry (PIR.org) maintaining anti-abuse work for the .ORG TLD

Don was a welcome, active participant to the Anti-Phishing Working Group (APWG.org), at the meetings held by the Messaging Anti-Abuse Working Group (M3AAWG.org), the Internet Corporation for Assigned Names and Numbers (icaan.org) and, of course, he was a long-time board member of the Coalition Against Unsolicited Commercial Email (CAUCE.org).

His interests also lay outside the realm of anti-abuse work, Don was a football scout for the Oakland Raiders.

Don Blumenthal worked tireless to make the Internet a better place, had a considerable degree of success doing so, and he will be sorely missed by us all. Simply put, he was a tremendously nice guy.

Rest in peace, Don.

Posted at 21:48 in History, Legal, News, United States, World | | Comments (2)

16 September 2019

Operation ReWired arrests 281 Business Email Compromise criminals

Cybercrime & Doing Time // Gary Warner :

Operation: ReWired


On September 10, 2019, the Department of Justice announced that 281 arrests related to Business Email Compromise had been made, with 74 of those arrested being in the United States.  It will take some time to track down the names of all of those arrested, as many of the arrests were overseas.  Twenty-three US Attorneys Offices participated in the Operation, although only five sets of arrests were discussed in the Department of Justice Press Release about Operation ReWired.  While we work to obtain the rest of the information, we'll go ahead and share some details from those already made public in the Press Release. >> MORE

Posted at 07:13 |

30 April 2019

CSA recap: CAUCE discusses international email and security

image from pbs.twimg.com
At the Certified Senders Alliance summit in Cologne Germany, CAUCE president John Levine talks about international email and its security.

John explained that, EAI is being used by literate computer users who cannot read English characters. He gave India as an example? in the state of Rajasthan, the Indian government is currently handing out email addresses in Hindi.

In the past, email addresses were all ASCII, but now they can be in UTF-8 encoded Unicode. A complication with Unicode is that there can be several ways to create a Unicode character (e.g. an ?can either be encoded as a character in its own right, or as an a followed by an accent). For human readers, this makes no difference to understanding the character, but for computers that can be difficult.

Some mail systems accept EAI mail, but many still don't. As a result, EAI senders need to be prepared for their email to fail if they are sending to ASCII recipients.

 

EAI Security issues

  • Homographs: e.g. Latin O, Cyrillic O & Greek Omicron all look the same, appearing bit-for-bit identical in some programs.
  • Bidirectional Text: Left-to-right vs right-to left text flow. Avoid combining different direction text within an address or URL,
  • Avoid mixed scripts. In theory, an address could combine a Chinese character, and Arabic, Cyrillic, etc., but combining them is bad practice. It is unreadable and impossible to type. While compatible scripts are ok (e.g. the three scripts used to write Japanese), mixed scripts should be treated very skeptically by spam filters.
  • Variant characters (e.g. different version of Chinese characters).

Challenges

  • Long domain names: there are top-level domains names as long as 24 characters.
  • Several ways to write the same character (is it ?or a + ? ?). If it is possible to combine the elements into a single pre-defined character, it is better to do so.
  • Punctuation is possible in local parts: it is allowable, but not advisable.
  • It is technically legal to use an emoji in an email address. This should be avoided. An email address must be easy to read and to type. Two different emojis with slightly different skin tones are not easy to differentiate or type.

Conclusion

EAI is on the way. It is going to be popular, particularly in countries like Thailand and India, where there is a literate population that does not read or write English. And finally, it is not difficult, but it is important to get ready.

Posted at 17:58 in Technology, World |

Tags: Certified Senders Alliance, international email

04 February 2019

CAUCE welcomes Dave Piscitello to Board of Directors

Spam infrastructures have evolved to become formidable means of delivery of a diverse and growing set of cyber attacks, from financial fraud and business compromise to political influence and malware campaigns. Central to these attacks is an ever increasing dependency on and exploitation of domain names and the domain name system (DNS).

DavePiscitello

We welcome Dave Piscitello, formerly VP of Security at the Internet Corporation for Assigned Names and Numbers (ICANN) to the CAUCE Board. Since 2005, Dave has been practicing at the nexus of domain abuse and mitigation. He has been instrumental in bringing operational security, law enforcement, and Internet Identifier communities together to confront abuses of the Internet name space. Dave has sought to raise cross-community awareness of abuses and misuses of domain names and the DNS by studying and calling attention to policy vacuums and weaknesses, by promoting abuse reporting systems that can help governance bodies and lawmakers make informed decisions , and by delivering DNS investigations training programs for law enforcement.

Posted at 17:03 in News |

09 December 2017

CAUCE Welcomes Two New Board Members - Tom Grasso and Allison Nixon

With the rapid evolution of spam and threats to consumers CAUCE has recruited two industry veterans to round out our board and continue being the consumer voice to Law Enforcement and Regulatory communities around the world.

We would like to welcome Allison Nixon, Director of Security Research at Flashpoint and Tom Grasso, Supervisory Special Agent at the FBI to the CAUCE board.

 Allison is a threat researcher, verifier of leaks, and hunter of humans. She has been a background source for numerous investigations and articles that focus on the post-breach issue of "who dunnit?". She performs original threat research and is at the forefront of answering questions that people have not yet thought to ask. In 2013, she spoke at Blackhat about bypassing DDOS protection. In 2014, she released a paper detailing methods for vetting leaked data. She has been looking into the issue of "booters" and DDOS services. She researches DDOS attribution, cybercrime attribution, and criminal communities. In her spare time she grows tomatoes and makes puns.
Tom has been a FBI Agent since 1998 and has worked for the FBI’s Regional Computer Crime Squad in Chicago and the High Technology Crimes Task Force in Pittsburgh. He has also served as the FBI Liaison to the CERT/CC at Carnegie Mellon University. Mr. Grasso is now part of the FBI’s Cyber Division and is assigned to the National Cyber-Forensics and Training Alliance (NCFTA) in Pittsburgh, a joint partnership between law enforcement, academia, and industry. Mr. Grasso is also an Adjunct Professor of Criminology at La Roche College in Pittsburgh.

It goes without saying that we are all very excited with these additions.

Posted at 02:37 in Press Releases, World |

Tags: Board, Directors

27 October 2017

Standing Committee on Industry, Science and Technology Review of CASL

Standing Committee on Industry, Science and Technology

Review of CASL, Canada's Anti-Spam Law

Hour 1: Privacy Commissioner of Canada

Hour 2: Neil Schwartzman & Matthew Vernhout, CAUCE.org

http://parlvu.parl.gc.ca/XRender/en/PowerBrowser/PowerBrowserV2/20171024/-1/28163

Posted at 17:50 in Canada, Legal, News, World |

« Newer | Older »
Subscribe to this blog's feed
Logo-casl
Logo-onguardonlinegov
Logo-getcybersafe
Logo-maawg

Categories

Archives

Search