Help Us Shape The Internet's Future

e-Crime and Abuse of the DNS Forum: A Global Perspective

4 March 2009 - 14:00 - 18:00
Don Alberto 2-4 (Main Room)

E-Crime and Abuse of the DNS Forum Launched at Mexico City

Véase la agenda en español por abajo [PDF, 170K]

Veuillez trouver la version française de l'agenda en bas [PDF, 174K]

Interpretation | There will be simultaneous interpretation for this session starting at 15:30.

Remote Participation Options|

1. Telephonic remote participation (English only)
2. Chat between remote participants and those in the room (English, Spanish, and French)


Instructions on how to participate remotely may be found at this URL:

(participations will be muted by default, please submit your questions via chat interface)

Co-sponsored by the At-Large Summit, this public Workshops is sure to be one of the major highlights of the entire ICANN 34th International Meeting. The Forum, composed of presentations, panel discussions, and breakout sessions of the participants, will explore how E-Crime online works, how it relates to the DNS, and how arious communities work together to respond to it. With substantial involvement in the session by At-Large Experts from around the World, this session is a must-attend-event not just for Summit delegates but for all ICANN stakeholders.

What it is | The Forum provides participants with an opportunity to discuss numerous global activities and issues related to e-Crime and DNS abuse that involve a broad array of international actors.  While not all of these issues fall within ICANN's narrow mission, the Forum intends to facilitate public dialogue and working relationships on e-Crime and DNS abuse among members of the global Internet community, as requested by the ICANN community.

Why it is important |  As e-Crime and DNS-based abuse targets Internet users and providers worldwide, a key challenge for the Internet community is to understand the environment, policies and legal framework used to combat these online threats.

Who should attend? | Anyone interested in examining: the e-Crime and DNS abuse landscape; and the role of ICANN Staff, ICANN stakeholders, law enforcement agencies, and others in responding to such abuse.     

Summit Microsite | The At-Large Summit microsite has complete information at:

Background: What is the “At-Large Summit”?
The Mexico City meeting is a landmark for ICANN’s At-Large community (“At-Large” is the name used for the individual Internet user community participating in ICANN).
The whole At-Large community will be meeting together face-to-face in the ‘At-Large Summit’. Approximately 90 representatives of At-Large organisations (called “At-Large Structures”) are already confirmed. You will be able to spot them easily, as each will have a ribbon indicating their status as a Summit delegate attached to their ICANN meeting badges.

The Summit is being held 28 February through 5 March 2009 at the Mexico City Sheraton and also at the nearby Melia Mexico Reforma Hotel.  All ICANN meeting attendees are invited and encouraged to attend the sessions, all of which are open to everyone.

As proposed by the At-Large community, the Summit has the following objectives:

•    Develop the community’s capacity for engagement in ICANN by increasing its knowledge and understanding of the key issues confronting ICANN and ICANN’s roles and responsibilities;
•    Provide an opportunity for the community to finalise and present its advice on some of the most important issues facing the ICANN community today; and last but not least,
•    Highlight the successes of the community in recent years and build upon them to ensure that the interests of the world’s more than 1 billion individual Internet users are well represented in the development of Internet name and number policy.

Agenda details: 


e-Crime and Abuse of the DNS Forum: a global perspective

Organized by ICANN Staff in Cooperation with the At-Large Summit

Wednesday, March 4

14: 00-18: 00

Hotel Sheraton Centro Historico

Don-Alberto 2-4 Conference Room

The Forum will provide participants with an opportunity to discuss numerous global activities and issues related to e-Crime and DNS abuse that involve a broad array of international stakeholders.  While not all of these issues fall within ICANN's narrow mission, the Forum is intended to facilitate public dialogue and working relationships on e-Crime and DNS abuse among members of the global Internet community, as requested by the ICANN community.

Welcome Alejandro Pisanty (former Director, ICANN Board; National University of Mexico)

Alejandro Pisanty will provide an introduction to the Forum including its format, aims, and objectives.

Session 1. The e-Crime Landscape

Moderator: Cheryl Langdon-Orr (Chair, At-Large Advisory Committee)

Panel: Beau Brendler (Consumer Reports WebWatch Project); Fred Felma (MarkMonitor); and Jeffrey Bedser (Internet Crimes Group)

Introduction to E-Crime

Beau Brendler will provide an overview of the manner in which e-Crime affects consumers as well as discuss activities that aim to educate the public regarding e-Crime risks. Fred Felman will review recent e-Crime trends, and highlight types of harms to end-users.

Sizing and Scoping e-Crime

Jeffrey Bedser will describe the e-Crime ecosystem and explain how organized crime uses the Internet and the DNS to facilitate criminal acts against end-users. Jeffrey will also discuss emerging legal efforts that focus on protecting end-users against Internet-based crime. Jeffrey will use the results of extensive attack traffic, DNS, and domain name data analysis to illustrate that e-Crime is able to exploit resources from virtually any user and provider in the global Internet. He will describe how criminal attack network activity is distinguished from legitimate (production) traffic. Jeffrey will also show the hotspots for bot and malware activity and where domain names are used to abet e-crime are registered.

Audience Questions

Session 2. Criminal Attacks and Abuse Response Today

Moderator: Greg Rattray(Chief Internet Security Advisor, ICANN)

Panel: Rod Rasmussen (Internet Identity); Tim Ruiz (GoDaddy), Greg Aaron (Afilias), Robert Flaim (Federal Bureau of Investigation); Vanda Scartezini (At-Large Advisory Committee); Jeff Neuman (NeuStar); Oscar Robles-Garay (

Case studies in global criminal attacks

Rod Rasmussen will describe the chronology of events leading to the discoveries and cessations of two noteworthy security incidents. He will describe both the parties involved in, and the events leading up to, the disconnection of the McColo hosting provider, and the sustained disruption of Srizbi bot communications with their command and control servers by preventing the automated registrations of botnet domains. Rod will describe the events surrounding the attack against the e-billing company, CheckFree, through its domain names, the immediate effects, related phishing of registrars, and the prospects for future, similar attacks against the financial sector and end-users.

Abuse Response Today

The speakers will describe their respective roles in responding to, and acting upon, criminal complaints where domain names are used to abet criminal activities, and how to protect legitimate end-users from erroneous shut-downs (false positives). A law enforcement expert will describe the role of the private sector in cooperating with law enforcement agencies, and in proactively responding to E-crime so as to protect consumers.

Audience Questions

Session 3. Role of ICANN Stakeholders and Staff in Responding to e-Crime

Moderator: Lyman Chapin (former Director, ICANN Board)

Panel: Jon Nevett (Network Solutions); Garth Bruen (Knujon); Steve Metalitz (Intellectual Property Constituency); David Giza (ICANN Compliance Office); Roelof Meijer (SIDN); Adam Palmer (Public Interest Registry); Rudi Vansnick (; Marc Ottawa (Royal Canadian Mounted Police); Andy Steingruebl (PayPal);

The speakers will describe how current ICANN gTLD and ccTLD policies and contractual obligations of registries and registrars help combat E-crime. The role of ICANN’s Compliance Office in reinforcing these efforts, such as in the areas of WHOIS accuracy, and registrar breach notices, will be explained. The speakers will also discuss the efforts among industry groups to develop voluntary guidelines and share data to enhance the private sector’s responses to e-Crime.

Audience Questions

Next Steps – e-Crime Break-Out Sessions

Instructions: Denise Michel

The public will have an opportunity to participate in further detailed discussion and exchange of information by joining one of several break-out sessions on specific issues moderated by the individuals identified below:

  • Consumer Protection in Existing and New TLDs (Beau Brendler and Holly Raiche, Executive Director, ISOC-AU) - Room: Don Julian

The moderators of each break-out session will summarize any suggested next steps and recommendations from their respective group during the Public Forum.