ICANN/GNSO GNSO Email List Archives


<<< Chronological Index >>>    <<< Thread Index >>>

[council] e-Crime and Abuse of the DNS Forum: a global perspective

  • To: ccNSO Council <ccnso-council@xxxxxxxxx>, ccnso-members@xxxxxxxxx, "council@xxxxxxxxxxxxxx" <council@xxxxxxxxxxxxxx>, liaison6c <liaison6c@xxxxxxxxxxxxxx>, At-Large Worldwide <at-large@xxxxxxxxxxxxxxxxxxxxxxx>, Steve Crocker <steve@xxxxxxxxxxxx>, jun@xxxxxxxxxx, Louis Lee <louie@xxxxxxxxxxx>, adiel@xxxxxxxxxxx, Janis Karklins <janis.karklins@xxxxxxxxx>
  • Subject: [council] e-Crime and Abuse of the DNS Forum: a global perspective
  • From: Denise Michel <denise.michel@xxxxxxxxx>
  • Date: Tue, 3 Mar 2009 16:14:40 -0600
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:reply-to:received:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=Ie+6I9o4Dm6y/FK5vnFZ3KwDpA7kQdD8DXY4mI/qBO8=; b=ZR1y2+JPXCOCSIPhD2CLtHh2dznQbLDWsboxMhyjbZ1a5rBzrQaMn390tOGetMfEnB VgZpn1cDOjYJR/W9Px0vZzW9vDRoszW3sCIo8lfvMzE2oLqIx9gmTEYoy5hxFh2xE44h OC/gtWW2vKVk5mP3nhCkK7l5IlVIyCn9nOHmY=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:reply-to:date:x-google-sender-auth:message-id :subject:from:to:content-type; b=CN3Bye43CGlDpCRIo4CSEKMHi7UDUIPtnAPz3K+v2Ezpev0s9YhChaGBQm3McexKFg sXVmM9nkfev4VO55ZRn1WhPF1p68o0w6rRpzU3RZCYmIGZCnI6RTc+Qfd8puo+c+BSfm XhUDbZIxfN9XAF2nD+Q069KUZL/zzUr/5SNsQ=
  • List-id: council@xxxxxxxxxxxxxx
  • Reply-to: denise.michel@xxxxxxxxx
  • Sender: owner-council@xxxxxxxxxxxxxx


The main session of "e-Crime and Abuse of the DNS Forum: a global
perspective" scheduled for Wednesday, March 4, 14:00-18:00 in
Don-Alberto 2-4 (Main Room), will be scribed, and the transcript and
all presentations will be publicly posted at
<http://mex.icann.org/node/2653>.  Included below and attached in Word
is an updated agenda.  I know that overlapping meetings have been
scheduled and not all interested community members will be able to
attend the Forum, but rest assured that all available information will
be publicly posted, including the results of the break-out sessions.


Denise Michel
ICANN Vice President
Policy Development

e-Crime and Abuse of the DNS Forum: a global perspective
Organized by ICANN Staff in Cooperation with the At-Large Summit

Wednesday, March 4
Hotel Sheraton Centro Historico
Don-Alberto 2-4 Conference Room

The Forum will provide participants with an opportunity to discuss
numerous global activities and issues related to e-Crime and DNS abuse
that involve a broad array of international stakeholders.  While not
all of these issues fall within ICANN's narrow mission, the Forum is
intended to facilitate public dialogue and working relationships on
e-Crime and DNS abuse among members of the global Internet community,
as requested by the ICANN community.

Welcome   Alejandro Pisanty (former Director, ICANN Board; National
University of Mexico) Time:  14:00 – 14:10

Alejandro Pisanty will provide an introduction to the Forum including
its format, aims, and objectives.

Session 1. The e-Crime Landscape         (Time: 14:10 – 15:03)

Moderator: Cheryl Langdon-Orr (Chair, At-Large Advisory Committee) (14:10-14:13)

Panel: Beau Brendler (Consumer Reports WebWatch Project); Fred Felman
(MarkMonitor); and Jeffrey Bedser (Internet Crimes Group)

Introduction to E-Crime (20 minutes) (14:13 – 14:33)
Beau Brendler will provide an overview of the manner in which e-Crime
affects consumers as well as discuss activities that aim to educate
the public regarding e-Crime risks.  Fred Felman will review recent
e-Crime trends, and highlight types of harms to end-users.

Sizing and Scoping e-Crime (20 minutes) (14:33-14:53)
Jeffrey Bedser will describe the e-Crime ecosystem and explain how
organized crime uses the Internet and the DNS to facilitate criminal
acts against end-users. Jeffrey will also discuss emerging legal
efforts that focus on protecting end-users against Internet-based
crime. Jeffrey will use the results of extensive attack traffic, DNS,
and domain name data analysis to illustrate that e-Crime is able to
exploit resources from virtually any user and provider in the global
Internet. He will describe how criminal attack network activity is
distinguished from legitimate (production) traffic. Jeffrey will also
show the hotspots for bot and malware activity and where domain names
are used to abet e-crime are registered.

Audience Questions (10 minutes) (14:53-15:03)

Session 2. Criminal Attacks and Abuse Response Today   (Time: 15:03-16:11)

Moderator: Greg Rattray (Chief Internet Security Advisor, ICANN) Time:
15:03 – 15:06

Panel:  Rod Rasmussen (Internet Identity); Tim Ruiz (GoDaddy), Greg
Aaron (Afilias), Law Enforcement (TBD); Vanda Scartezini (At-Large
Advisory Committee); Jeff Neuman (NeuStar); Oscar Robles-Garay

Case studies in global criminal attacks (20 minutes) (15:06-15:26)
Rod Rasmussen will describe the chronology of events leading to the
discoveries and cessations of two noteworthy security incidents.  He
will describe both the parties involved in, and the events leading up
to, the disconnection of the McColo hosting provider, and the
sustained disruption of Srizbi bot communications with their command
and control servers by preventing the automated registrations of
botnet domains.  Rod will describe the events surrounding the attack
against the e-billing company, CheckFree, through its domain names,
the immediate effects, related phishing of registrars, and the
prospects for future, similar attacks against the financial sector and

Abuse Response Today – (30 minutes) (15:26-15:56)
The speakers will describe their respective roles in responding to,
and acting upon, criminal complaints where domain names are used to
abet criminal activities, and how to protect legitimate end-users from
erroneous shut-downs (false positives).  A law enforcement expert will
describe the role of the private sector in cooperating with law
enforcement agencies, and in proactively responding to E-crime so as
to protect consumers.

Audience Questions (15 minutes) (15:56-16:16:11)

Session 3.  Role of ICANN Stakeholders and Staff in Responding to
e-Crime (45 minutes) Time: 16:11-17:01

Moderator:  Lyman Chapin (former Director, ICANN Board) (16:11-16:14)

Panel: Jon Nevett (Network Solutions); Garth Bruen (Knujon); Steve
Metalitz (Intellectual Property Constituency); David Giza (ICANN
Compliance Office); Roelof Meijer (SIDN); Adam Palmer (Public Interest
Registry); Rudi Vansnick (ISOC.be); Marc Ottawa (Royal Canadian
Mounted Police); Andy Steingruebl (PayPal); Tony Harris (Cabase)

The speakers will describe how current ICANN gTLD and ccTLD policies
and contractual obligations of registries and registrars help combat
E-crime.  The role of ICANN’s Compliance Office in reinforcing these
efforts, such as in the areas of WHOIS accuracy, and registrar breach
notices, will be explained.  The speakers will also discuss the
efforts among industry groups to develop voluntary guidelines and
share data to enhance the private sector’s responses to e-Crime.

Audience Questions (15 minutes) (16:56 – 17:01)

Next Steps – e-Crime Break-Out Sessions (60 minutes) Time: 17:01 – 18:01

Instructions:   Denise Michel, ICANN Vice President, Policy Development

The public will have an opportunity to participate in further detailed
discussion and exchange of information by joining one of several
break-out sessions on specific issues moderated by the individuals
identified below:

•       Law Enforcement and ccTLDs (Marc Moreau and Erick Iriarte Ahon)
•       Consumer Protection  in Existing and New TLDs (Beau Brendler and
Holly Raiche, Executive Director, ISOC-AU)
•       The Role of ICANN (Jon Nevett, Kristina Rosette, and Doug Brent,
Chief Operating Officer, ICANN)
•       e-Crime in Latin America  - conducted in Spanish  (Vanda Scartezini
and Alejandro Pisanty)

The moderators of each break-out session will summarize any suggested
next steps and recommendations from their respective group during the
Public Forum.

Attachment: Ecrime and Abuse of the DNS 3-1-09-Script.doc
Description: MS-Word document

<<< Chronological Index >>>    <<< Thread Index >>>