knujon icann policy enforcement mit spam conference march 1009 dr. robert bruen garth bruen
TRANSCRIPT
![Page 1: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/1.jpg)
KnujOnICANN Policy Enforcement
MIT Spam ConferenceMarch 1009
Dr. Robert BruenGarth Bruen
![Page 2: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/2.jpg)
KnujOn
Dr. Bob and son Garth
Started with fighting spam Using whois data accuracy Policy Enforcement & Sunshine Registrars are the key Spam is the gateway for crime
![Page 3: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/3.jpg)
Policies and Contracts
Policies are in contracts/agreements/rules
Critical that Policies are well constructed
Bad policy creates problems
Good policy helps decisions in novel situations
![Page 4: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/4.jpg)
Whois Data Accuracy
Long and sordid history (1982-now)
Registrars required to correct WI data (RAA)
Still very controversial
KnujOn cares about individual privacy
Want commercial entities policy enforcement
![Page 5: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/5.jpg)
Enforcing WI Data Accuracy
KnujOn receives spam (anonymous & clients)
Extract transaction sites
Verify WI Data for each site
Complain to ICANN (Policy Enforcement)
Aggregate data & publish results (Sunshine)
![Page 6: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/6.jpg)
Research Impact
Shutdowns – now in the 100,000s
Registrars are paying attention
“You [KnujOn] are casting a big shadow” Steve Crocker. ICANN BoD
KnujOn now an ICANN ALAC ALS
Major influence on new RAA recommendations
Major influence on ICANN's new WDPRS
![Page 7: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/7.jpg)
Top Ten Worst Registrars May 08
Xin Net Bei Gong Da Software Beijing Networks Todaynic Joker eNom, Inc. MONIKER Dynamic Dolphin The Nameit Co/AITDOMAINS.COM PDR (Directi) Intercosmos/DIRECTNIC
![Page 8: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/8.jpg)
Top Ten Worst Registrars Feb 09
Xin Net eNom Network Solutions Register.com Planet Online Regtime - 1st Russian registrar to make the list OnlineNIC Spot Domain/Domainsite Wild West Domain HiChina Web Solutions
![Page 9: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/9.jpg)
What Happened
EstDomains lost accreditation Domains transferred to Directi
PDR (Directi) – Cooperating Intercosomos/Directnic - Improving Joker – breach notice - Improving Beijing Networks – breach notice - improving Moniker – Market losses Dynamic Dolphin – Market losses & lawsuits
![Page 10: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/10.jpg)
On Top of That...
AIT investigated by ICANN Possible breach notice
Atrivo/Intercage report by HostExploit.com ISPs stopped doing business with them A/I never recovered
McColo report by HostExploit.com ISPs stopped doing business with them McColo never recovered completely Spam has only reached bottom of previous range
![Page 11: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/11.jpg)
Even More...
Ukranian takedown UkrTeleGroup Ltd. 30Jan09
Spam levels drop dramatically, like McColo Within a day, backup to highest since McColo Parava Breach Notice from ICANN 27Feb09
![Page 12: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/12.jpg)
KnujOn at ICANN Cairo
Gave presentation to ICANN ALAC in CAIRO ALAC = At Large Advisory Committee
Well received – Asked to be become an ALS KnujOn European mirror established ALAC RAA improvement recommendations Participated in ALAC - Registrar meeting
![Page 13: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/13.jpg)
Registrars
Lots of pushback
Deny responsibilities
Success with Fake Pharmacies shutdowns
Reseller issues
![Page 14: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/14.jpg)
Attacks on Registars
Recent DomainTheNet Israel Jan 2009 “Team Evil” NetSol/CheckFree Dec 2008 Comcast May 2008
Not really that new
SSAC Report: Domain Name Hijacking 2005 panix.com hushmail.com (NetSol) HZ.com etc.
![Page 15: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/15.jpg)
![Page 16: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/16.jpg)
SSAC 2005 – Selected Quotes
Finding (1) Failures by registrars and resellers to adhere to the transfer policy have contributed to hijacking incidents and thefts of domain names.
Finding (2) Registrant identity verification used in a number of registrar business processes is not sufficient to detect and prevent fraud, misrepresentation, and impersonation of registrants.
![Page 17: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/17.jpg)
SSAC cont. Finding (6) Accuracy of registration records and
Whois information are critical to the transfer process.
Finding (7) ...Resellers, however, may operate with the equivalent of a registrar’s privileges when registering domain names. ... The current situation suggests that resellers are effectively “invisible” to ICANN and registries and are not distinguishable from registrants. ... The responsibility of assuring that policies are enforced by resellers (and are held accountable if they are not) is entirely the burden of the registrar.
![Page 18: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/18.jpg)
Wholesale Registrars
Registrars who use resellers, some exclusively Examples: Tucows, NetSol, eNom Has legitimate purpose Also has problems:
New attacks on registrars Resellers not held accountable by registrars Used as a channel by the bad guys
![Page 19: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/19.jpg)
Criminal Ecosystem
Two Main Views Law Enforcement (LE) view KnujOn View
LE = Details (Lots...) Financial theft &fraud, key loggers, hijacks,botnets Arrest the Criminals
KnujOn = Same as Legitimate Activity Fast Flux, domain resellers, DNS, Pharmacies Fix and Enforce Policy
![Page 20: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/20.jpg)
ICANN
Registry.com .net Registrar Reseller
IANAASNs
ISPs
TLD/ CC
Hosting Services
Registrant
DNS
US Government
CriminalEcosystem
RAAJPA
![Page 21: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/21.jpg)
Financials
Brian Krebs story March 20 SecurityFix
TrafficConverter2.biz shutdown Antivirus 360 & 2009
Visa/MasterCard and a Bank (Germany) Financial capability to stop criminals No money = No incentive = No Crime About time
![Page 22: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/22.jpg)
Financial System
Banks
Credit Card Companies
PayPal
CriminalEcosystem
Merchants
Good Domains
Bad Actors
Technical Connections
Registrars
ISPs
Hosting Companies
Resellers
![Page 23: KnujOn ICANN Policy Enforcement MIT Spam Conference March 1009 Dr. Robert Bruen Garth Bruen](https://reader035.vdocument.in/reader035/viewer/2022062722/56649f2b5503460f94c4543c/html5/thumbnails/23.jpg)
Any Questions?
Bob Bruen [email protected] http://www.coldrain.net/bruen
Garth Bruen [email protected] http://www.knujon.com