1 / 23

KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen

KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen. KnujOn. Dr. Bob and son Garth Started with fighting spam Using whois data accuracy Policy Enforcement & Sunshine Registrars are the key Spam is the gateway for crime. Policies and Contracts.

tirza
Download Presentation

KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen

  2. KnujOn • Dr. Bob and son Garth • Started with fighting spam • Using whois data accuracy • Policy Enforcement & Sunshine • Registrars are the key • Spam is the gateway for crime

  3. Policies and Contracts • Policies are in contracts/agreements/rules • Critical that Policies are well constructed • Bad policy creates problems • Good policy helps decisions in novel situations

  4. Whois Data Accuracy • Long and sordid history (1982-now)‏ • Registrars required to correct WI data (RAA)‏ • Still very controversial • KnujOn cares about individual privacy • Want commercial entities policy enforcement

  5. Enforcing WI Data Accuracy • KnujOn receives spam (anonymous & clients)‏ • Extract transaction sites • Verify WI Data for each site • Complain to ICANN (Policy Enforcement)‏ • Aggregate data & publish results (Sunshine)‏

  6. Research Impact • Shutdowns – now in the 100,000s • Registrars are paying attention • “You [KnujOn] are casting a big shadow” • Steve Crocker. ICANN BoD • KnujOn now an ICANN ALAC ALS • Major influence on new RAA recommendations • Major influence on ICANN's new WDPRS

  7. Top Ten Worst Registrars May 08 • Xin Net Bei Gong Da Software • Beijing Networks • Todaynic • Joker • eNom, Inc. • MONIKER • Dynamic Dolphin • The Nameit Co/AITDOMAINS.COM • PDR (Directi)‏ • Intercosmos/DIRECTNIC

  8. Top Ten Worst Registrars Feb 09 • Xin Net • eNom • Network Solutions • Register.com • Planet Online • Regtime - 1st Russian registrar to make the list • OnlineNIC • Spot Domain/Domainsite • Wild West Domain • HiChina Web Solutions

  9. What Happened • EstDomains lost accreditation • Domains transferred to Directi • PDR (Directi) – Cooperating • Intercosomos/Directnic - Improving • Joker – breach notice - Improving • Beijing Networks – breach notice - improving • Moniker – Market losses • Dynamic Dolphin – Market losses & lawsuits

  10. On Top of That... • AIT investigated by ICANN • Possible breach notice • Atrivo/Intercage report by HostExploit.com • ISPs stopped doing business with them • A/I never recovered • McColo report by HostExploit.com • ISPs stopped doing business with them • McColo never recovered completely • Spam has only reached bottom of previous range

  11. Even More... • Ukranian takedown UkrTeleGroup Ltd. 30Jan09 • Spam levels drop dramatically, like McColo • Within a day, backup to highest since McColo • Parava Breach Notice from ICANN 27Feb09

  12. KnujOn at ICANN Cairo • Gave presentation to ICANN ALAC in CAIRO • ALAC = At Large Advisory Committee • Well received – Asked to be become an ALS • KnujOn European mirror established • ALAC RAA improvement recommendations • Participated in ALAC - Registrar meeting

  13. Registrars • Lots of pushback • Deny responsibilities • Success with Fake Pharmacies shutdowns • Reseller issues

  14. Attacks on Registars • Recent • DomainTheNet Israel Jan 2009 “Team Evil” • NetSol/CheckFree Dec 2008 • Comcast May 2008 • Not really that new • SSAC Report: Domain Name Hijacking 2005 • panix.com • hushmail.com (NetSol)‏ • HZ.com • etc.

  15. SSAC 2005 – Selected Quotes • Finding (1) Failures by registrars and resellers to adhere to the transfer policy have contributed to hijacking incidents and thefts of domain names. • Finding (2) Registrant identity verification used in a number of registrar business processes is not sufficient to detect and prevent fraud, misrepresentation, and impersonation of registrants.

  16. SSAC cont. • Finding (6) Accuracy of registration records and Whois information are critical to the transfer process. • Finding (7)...Resellers, however, may operate with the equivalent of a registrar’s privileges when registering domain names. ... The current situation suggests that resellers are effectively “invisible” to ICANN and registries and are not distinguishable from registrants. ... The responsibility of assuring that policies are enforced by resellers (and are held accountable if they are not) is entirely the burden of the registrar.

  17. Wholesale Registrars • Registrars who use resellers, some exclusively • Examples: Tucows, NetSol, eNom • Has legitimate purpose • Also has problems: • New attacks on registrars • Resellers not held accountable by registrars • Used as a channel by the bad guys

  18. Criminal Ecosystem • Two Main Views • Law Enforcement (LE) view • KnujOn View • LE = Details (Lots...)‏ • Financial theft &fraud, key loggers, hijacks,botnets • Arrest the Criminals • KnujOn = Same as Legitimate Activity • Fast Flux, domain resellers, DNS, Pharmacies • Fix and Enforce Policy

  19. US Government Criminal Ecosystem JPA RAA Registry .com .net Registrar Reseller ICANN TLD/ CC IANA ASNs Registrant ISPs DNS Hosting Services

  20. Financials • Brian Krebs story March 20 • SecurityFix • TrafficConverter2.biz shutdown • Antivirus 360 & 2009 • Visa/MasterCard and a Bank (Germany) • Financial capability to stop criminals • No money = No incentive = No Crime • About time

  21. Criminal Ecosystem Financial System Banks Credit Card Companies PayPal Merchants Good Domains Bad Actors Technical Connections Registrars ISPs Hosting Companies Resellers

  22. Any Questions? • Bob Bruen • bob.bruen@coldrain.net • http://www.coldrain.net/bruen • Garth Bruen • garth.bruen@coldrain.net • http://www.knujon.com

More Related