Help Us Shape The Internet's Future

E-Crime and Abuse of the DNS Forum Launched at Mexico City

6 April 2009

At a Glance

Dialogue at ICANN Mexico City Meeting opens channels of communication with law enforcement, consumer protection advocates, interveners, ccTLDs, registrars and registries to enhance response to e-crime.

Recent Developments

ICANN conducted an e-Crime and Abuse of the DNS Forum on 4 March 2009 at its Mexico City meeting. The forum was designed to facilitate dialogue and working relationships among a wide variety of stakeholders. Panelists included law enforcement, security researchers, consumer advocates, ccTD registries and gTLD registries and registrars from around the world. Participants received what opening speaker Alexandro Pisanty termed "an overview of the general landscape of cybercrime, the abuses of the Domain Name System, a number of different responses, a role for ICANN in particular in some of these cases."

Panel One included a presentation by Beau Brendler, director of Consumer Reports Webwatch. Brendler said that consumers in the U.S. lost $8.5 billion to e-crime, including $2.9 billion to viruses, $3.6 billion to spyware and $2 billion to phishing. Panelist Fred Felman of MarkMonitor discussed how crimes against brand rights are actually crimes against consumers, while Panelist Jeffrey Bedser, President and Chief Operating Officer of the Internet Crimes Group discussed the purposes and methods behind criminal botnets, networks of millions of hijacked servers used for activities such as identity theft, phishing and pharming. Bedser warned that technology companies will remain by definition reactive to the problems posed by criminal botnets and said the necessary intelligence gathering requires the cooperation of those involved in infrastructure, policymaking and law enforcement.

Rod Rassmussen, President and Chief Technology Officer at Internet Identity, served as lead off speaker on Panel Two, provided a series of case studies, including one describing how compromised servers at an on-line check paying firm resulted in the re-direction of thousands of users to a malware site in the Ukraine, disruption of service and the inability of consumers to pay bills, the infection of machines and the shut down of a bill paying system for two days. Other speakers included:

  • Tim Ruiz, Vice President of Corporate Development and Policy at GoDaddy, who described the process of how the registrar responds to complaints about criminal activity or abuse;
  • Greg Aaron, Director, Key Account Management and Domain Security, Afilias, who reviewed how his registry acts as a problem reporting clearinghouse for the organization's registrars. Aaron said Afilias worked with registrars in 2008 to suspend approximately 90,000 domains and remove vulnerabilities from thousands of others;
  • Jeff Neuman, Vice President for Law and Policy, Neustar, a gTLD registry, who stated that his firm adopted an anti-abuse policy in 2006. Neuman said his registry became involved in abuse prevention out of concern for legitimate owners, creating a testing lab and establishing a policy giving registrars 12 hours to remove problem-causing domain names;
  • Bobby Flaim, Supervisory Special Agent, Federal Bureau of Investigation, noted that his agency received 275,000 complaints last year related to e-crime, a 33 percent increase over 2007 levels.

Break-Out Session Notes

The e-Crime Forum closed with dedicated break-out sessions for participants to share their experiences and concerns in greater detail. Summaries of the key points discussed in these break-out sessions are provided below.

Law Enforcement and ccTLDs

Mr. Erick Iriarte Ahon, General Manager of LACTLD Marc Moreau, Royal Canadian Mounted Police served as moderators of this session.

This break-out session facilitated interaction between representatives from the law enforcement and ccTLD community. Both of these communities expressed a desire to achieve enhanced cooperation with respect to e-Crime prevention initiatives. Both law enforcement and ccTLD participants recognized that there are gaps that can be addressed in the delivery of each of their services. However, there is a strong sense of optimism from both sides that open the doors to opportunities for continued dialogue. To this end, both law enforcement and ccTLD managers have requested a workshop session at the ICANN meeting in Sydney, Australia in June 2009.

Participating law enforcement representatives emphasized the importance of enhancing communication with the broader ICANN community. They expressed an interest in working with the ICANN community to work collaboratively to make the Internet a safer place for its end users.

Role of ICANN in Responding to e-Crime

Kristina Rosette, Special Counsel of Covington & Burling, and Jon Nevett, Chief Policy Counsel of Network Solutions, and Doug Brent, Chief Operating Officer of ICANN, moderated a break-out session dedicated to the Role of ICANN in responding to e-Crime.

The participants shared varied perspectives on ICANN's role in responding to e-Crime and the limitations imposed by ICANN's mandate. Recognizing that ICANN is unable to serve as a police of criminal conduct over the Internet, the participant's identified several priorities for ICANN in responding to e-Crime and DNS abuse, including:

Policy Development - ICANN's GNSO Council might consider focusing on policy initiatives that flow from "use of the DNS" and give contracting parties (Registrars/Registries) the ability to take action where appropriate.

Contract Compliance - ICANN should be encouraged to develop processes that scale to the expected growth from new TLDs and registries, and enhance ICANN's advisory role to registrars to encourage them to respond appropriately to DNS abuse

Operational Response - ICANN could encourage cooperation among effected stakeholders in the areas of enhancing data gathering and information sharing. Specifically, ICANN could do more in the area of providing advice, tools and coordination, cooperation among broader community of entities and industries affected by DNS abuse.

The participants in this break-out session also identified certain priorities for ICANN to consider, including,

  • WHOIS work that falls within ICANN's mandate (also some held the view that some aspects of WHOIS proxy are believed to be out of scope)
  • Contractual Compliance (including RAA Amendments)
  • Facilitating/leading awareness raising
  • Adopting a better model to bring non-contracted parties into compliance and operations response (lesser extent) activities
  • ICANN and the community should understand, and be educated on a macro level, the different e-Crime threats and tactics to enable them to deal with different types of e-Crime in the future.

Consumer Protection in New TLDs

Moderators Holly Raiche, Executive Director of ISOC-AU and Beau Brendler of Consumer Reports, WebWatch, conducted a break-out session on protection of consumers in new gTLDs, existing TLDS and ccTLDs.

Various recommendations came out of this session, including a desire for uniformity of contractual requirements for existing TLDs, new gTLDs and ccTLDs. Accurate information should be achievable at all levels, including, making registrar contact details clearly available on their website. The RAA should include clear requirements for timely takedown requests for malicious use of the domain name system.

With regard to WHOIS, some participants expressed the view that registrars should be responsible for the accuracy of registrant information and the WHOIS data base. Some participants suggested that ICANN explore the possibility of tiered information - with more information required from corporations than individuals (who may have legitimate reasons for protecting their  personal information). However, in addressing the needs for access to WHOIS information, privacy rights need to be respected.

ICANN was encouraged to strive for better coordination/information about registrant/consumer complaints and to assist consumers by providing a road map of where to complain and to provide links on the ICANN site to on various national consumer protection officer and consumer organizations. There was also a suggestion to have ICANN work with international consumer organizations on including information on safety and security of the Internet on their websites.     

e-Crime in Latin America (Conducted in Spanish)

The moderators of this break-out session, Vanda Scartezini (former ICANN Board Member and Co-Founder of Polo Consultores) and Alejandro Pisanty, (former ICANN Board Member and Director of Computing Academic Services of the National Autonomous University of Mexico) surveyed participants from various countries in Latin America to understand the unique challenges faced in their country.

The parties discussed a Brazilian governmental initiative to combat child pornography. In an effort to better address this issue, Brazil has signed cooperation agreements with Google, Yahoo and Brazilian ISPs, and Telcos. In Brazil the federal police organized specialized teams to investigate online crime. Brazil has also created special departments dedicated to research and reaction to internet issues that includes honey pots, DNSSEC, and blocking initiatives. Brazil was one of the first countries to implement DNSSEC for domains. Banks are obliged to use DNSSEC. There are also extensive efforts to provide training and education on these issues. This coordinated effort between private companies and government agencies may be a model to be copied in other jurisdictions.

In Ecuador, the lack of education among Internet users is more of a problem than the lack of laws to protect against abuse. In many cases these laws are not taken advantage of because Internet users are often not aware of the protections afforded to them. In Ecuador there are only 1 million Internet users, so the costs are very high for implementing specific laws relating to abuse.

In Argentina, it was noted that offering domain registrations free of charge promotes abusive uses of the domain name system.

In Chile, NicChile appears to be well-organized, and has organized a tribunal dedicated to electronic crimes. Notwithstanding this, problems with copyright laws still exist.

In Mexico, there is a need to create an awareness campaign to educate Internet users. Mexico has adopted an interesting legal framework to address e-Crime, but unfortunately, these remedies not pursued as often as the trademark remedies.

The participants noted that on-line crime is not only an issue for Latin America, but is a global issue. There is no technical solution that will solve all problems. Requiring ISPs to retain and provide data to law enforcement is a solution that has been successfully implemented in some Latin American countries. Although a solution needs to involve all stakeholders, ICANN can play a role by involving and facilitating discussions and cooperation among all stakeholders; government, ISPs, law enforcement, etc. Doing so will enhance the credibility of the Internet.

Next Steps

The Community requested additional sessions on DNS Abuse in Sydney, including focused sessions for ccTLDs and law enforcement representatives to explore enhanced cooperation, information sharing and best practices; and protecting consumers from e-crime and DNS Abuse.

More Information

Staff Contact:

Margie Milam