knujon icann policy enforcement mit spam conference march 1009 dr. robert bruen garth bruen
DESCRIPTION
KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen. KnujOn. Dr. Bob and son Garth Started with fighting spam Using whois data accuracy Policy Enforcement & Sunshine Registrars are the key Spam is the gateway for crime. Policies and Contracts. - PowerPoint PPT PresentationTRANSCRIPT
KnujOnICANN Policy Enforcement
MIT Spam ConferenceMarch 1009
Dr. Robert BruenGarth Bruen
KnujOn
Dr. Bob and son Garth
Started with fighting spam Using whois data accuracy Policy Enforcement & Sunshine Registrars are the key Spam is the gateway for crime
Policies and Contracts
Policies are in contracts/agreements/rules
Critical that Policies are well constructed
Bad policy creates problems
Good policy helps decisions in novel situations
Whois Data Accuracy
Long and sordid history (1982-now)
Registrars required to correct WI data (RAA)
Still very controversial
KnujOn cares about individual privacy
Want commercial entities policy enforcement
Enforcing WI Data Accuracy
KnujOn receives spam (anonymous & clients)
Extract transaction sites
Verify WI Data for each site
Complain to ICANN (Policy Enforcement)
Aggregate data & publish results (Sunshine)
Research Impact
Shutdowns – now in the 100,000s
Registrars are paying attention
“You [KnujOn] are casting a big shadow” Steve Crocker. ICANN BoD
KnujOn now an ICANN ALAC ALS
Major influence on new RAA recommendations
Major influence on ICANN's new WDPRS
Top Ten Worst Registrars May 08
Xin Net Bei Gong Da Software Beijing Networks Todaynic Joker eNom, Inc. MONIKER Dynamic Dolphin The Nameit Co/AITDOMAINS.COM PDR (Directi) Intercosmos/DIRECTNIC
Top Ten Worst Registrars Feb 09
Xin Net eNom Network Solutions Register.com Planet Online Regtime - 1st Russian registrar to make the list OnlineNIC Spot Domain/Domainsite Wild West Domain HiChina Web Solutions
What Happened
EstDomains lost accreditation Domains transferred to Directi
PDR (Directi) – Cooperating Intercosomos/Directnic - Improving Joker – breach notice - Improving Beijing Networks – breach notice - improving Moniker – Market losses Dynamic Dolphin – Market losses & lawsuits
On Top of That...
AIT investigated by ICANN Possible breach notice
Atrivo/Intercage report by HostExploit.com ISPs stopped doing business with them A/I never recovered
McColo report by HostExploit.com ISPs stopped doing business with them McColo never recovered completely Spam has only reached bottom of previous range
Even More...
Ukranian takedown UkrTeleGroup Ltd. 30Jan09
Spam levels drop dramatically, like McColo Within a day, backup to highest since McColo Parava Breach Notice from ICANN 27Feb09
KnujOn at ICANN Cairo
Gave presentation to ICANN ALAC in CAIRO ALAC = At Large Advisory Committee
Well received – Asked to be become an ALS KnujOn European mirror established ALAC RAA improvement recommendations Participated in ALAC - Registrar meeting
Registrars
Lots of pushback
Deny responsibilities
Success with Fake Pharmacies shutdowns
Reseller issues
Attacks on Registars
Recent DomainTheNet Israel Jan 2009 “Team Evil” NetSol/CheckFree Dec 2008 Comcast May 2008
Not really that new
SSAC Report: Domain Name Hijacking 2005 panix.com hushmail.com (NetSol) HZ.com etc.
SSAC 2005 – Selected Quotes
Finding (1) Failures by registrars and resellers to adhere to the transfer policy have contributed to hijacking incidents and thefts of domain names.
Finding (2) Registrant identity verification used in a number of registrar business processes is not sufficient to detect and prevent fraud, misrepresentation, and impersonation of registrants.
SSAC cont. Finding (6) Accuracy of registration records and
Whois information are critical to the transfer process.
Finding (7) ...Resellers, however, may operate with the equivalent of a registrar’s privileges when registering domain names. ... The current situation suggests that resellers are effectively “invisible” to ICANN and registries and are not distinguishable from registrants. ... The responsibility of assuring that policies are enforced by resellers (and are held accountable if they are not) is entirely the burden of the registrar.
Wholesale Registrars
Registrars who use resellers, some exclusively Examples: Tucows, NetSol, eNom Has legitimate purpose Also has problems:
New attacks on registrars Resellers not held accountable by registrars Used as a channel by the bad guys
Criminal Ecosystem
Two Main Views Law Enforcement (LE) view KnujOn View
LE = Details (Lots...) Financial theft &fraud, key loggers, hijacks,botnets Arrest the Criminals
KnujOn = Same as Legitimate Activity Fast Flux, domain resellers, DNS, Pharmacies Fix and Enforce Policy
ICANN
Registry.com .net Registrar Reseller
IANAASNs
ISPs
TLD/ CC
Hosting Services
Registrant
DNS
US Government
CriminalEcosystem
RAAJPA
Financials
Brian Krebs story March 20 SecurityFix
TrafficConverter2.biz shutdown Antivirus 360 & 2009
Visa/MasterCard and a Bank (Germany) Financial capability to stop criminals No money = No incentive = No Crime About time
Financial System
Banks
Credit Card Companies
PayPal
CriminalEcosystem
Merchants
Good Domains
Bad Actors
Technical Connections
Registrars
ISPs
Hosting Companies
Resellers
Any Questions?
Bob Bruen [email protected] http://www.coldrain.net/bruen
Garth Bruen [email protected] http://www.knujon.com