ICANN/GNSO GNSO Email List Archives


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [council] e-Crime and Abuse of the DNS Forum: a global perspective

  • To: <denise.michel@xxxxxxxxx>, "'ccNSO Council'" <ccnso-council@xxxxxxxxx>, <ccnso-members@xxxxxxxxx>, <council@xxxxxxxxxxxxxx>, "'liaison6c'" <liaison6c@xxxxxxxxxxxxxx>, "'At-Large Worldwide'" <at-large@xxxxxxxxxxxxxxxxxxxxxxx>, "'Steve Crocker'" <steve@xxxxxxxxxxxx>, <jun@xxxxxxxxxx>, "'Louis Lee'" <louie@xxxxxxxxxxx>, <adiel@xxxxxxxxxxx>, "'Janis Karklins'" <janis.karklins@xxxxxxxxx>
  • Subject: RE: [council] e-Crime and Abuse of the DNS Forum: a global perspective
  • From: "Mike Rodenbaugh" <icann@xxxxxxxxxxxxxx>
  • Date: Wed, 4 Mar 2009 07:01:48 -0800
  • In-reply-to: <aafc0f850903031414y450499ddh39021d1f9c845a47@mail.gmail.com>
  • List-id: council@xxxxxxxxxxxxxx
  • Organization: Rodenbaugh Law
  • References: <aafc0f850903031414y450499ddh39021d1f9c845a47@mail.gmail.com>
  • Reply-to: <icann@xxxxxxxxxxxxxx>
  • Sender: owner-council@xxxxxxxxxxxxxx
  • Thread-index: AcmcTcgUhBLyMUqoS1+zrURcZigBRQAi95Cw

ICANN does not have a "narrow mission" -- as clearly proved by its $60
million annual budget.  So I respectfully request that Staff please stop
saying so in public materials. 


Mike Rodenbaugh
Rodenbaugh Law
548 Market Street
San Francisco, CA  94104

-----Original Message-----
From: owner-council@xxxxxxxxxxxxxx [mailto:owner-council@xxxxxxxxxxxxxx] On
Behalf Of Denise Michel
Sent: Tuesday, March 03, 2009 2:15 PM
To: ccNSO Council; ccnso-members@xxxxxxxxx; council@xxxxxxxxxxxxxx;
liaison6c; At-Large Worldwide; Steve Crocker; jun@xxxxxxxxxx; Louis Lee;
adiel@xxxxxxxxxxx; Janis Karklins
Subject: [council] e-Crime and Abuse of the DNS Forum: a global perspective


The main session of "e-Crime and Abuse of the DNS Forum: a global
perspective" scheduled for Wednesday, March 4, 14:00-18:00 in Don-Alberto
2-4 (Main Room), will be scribed, and the transcript and all presentations
will be publicly posted at <http://mex.icann.org/node/2653>.  Included below
and attached in Word is an updated agenda.  I know that overlapping meetings
have been scheduled and not all interested community members will be able to
attend the Forum, but rest assured that all available information will be
publicly posted, including the results of the break-out sessions.


Denise Michel
ICANN Vice President
Policy Development

e-Crime and Abuse of the DNS Forum: a global perspective
Organized by ICANN Staff in Cooperation with the At-Large Summit

Wednesday, March 4
Hotel Sheraton Centro Historico
Don-Alberto 2-4 Conference Room

The Forum will provide participants with an opportunity to discuss numerous
global activities and issues related to e-Crime and DNS abuse that involve a
broad array of international stakeholders.  While not all of these issues
fall within ICANN's narrow mission, the Forum is intended to facilitate
public dialogue and working relationships on e-Crime and DNS abuse among
members of the global Internet community, as requested by the ICANN

Welcome   Alejandro Pisanty (former Director, ICANN Board; National
University of Mexico) Time:  14:00 - 14:10

Alejandro Pisanty will provide an introduction to the Forum including its
format, aims, and objectives.

Session 1. The e-Crime Landscape         (Time: 14:10 - 15:03)

Moderator: Cheryl Langdon-Orr (Chair, At-Large Advisory Committee)

Panel: Beau Brendler (Consumer Reports WebWatch Project); Fred Felman
(MarkMonitor); and Jeffrey Bedser (Internet Crimes Group)

Introduction to E-Crime (20 minutes) (14:13 - 14:33) Beau Brendler will
provide an overview of the manner in which e-Crime affects consumers as well
as discuss activities that aim to educate the public regarding e-Crime
risks.  Fred Felman will review recent e-Crime trends, and highlight types
of harms to end-users.

Sizing and Scoping e-Crime (20 minutes) (14:33-14:53) Jeffrey Bedser will
describe the e-Crime ecosystem and explain how organized crime uses the
Internet and the DNS to facilitate criminal acts against end-users. Jeffrey
will also discuss emerging legal efforts that focus on protecting end-users
against Internet-based crime. Jeffrey will use the results of extensive
attack traffic, DNS, and domain name data analysis to illustrate that
e-Crime is able to exploit resources from virtually any user and provider in
the global Internet. He will describe how criminal attack network activity
is distinguished from legitimate (production) traffic. Jeffrey will also
show the hotspots for bot and malware activity and where domain names are
used to abet e-crime are registered.

Audience Questions (10 minutes) (14:53-15:03)

Session 2. Criminal Attacks and Abuse Response Today   (Time: 15:03-16:11)

Moderator: Greg Rattray (Chief Internet Security Advisor, ICANN) Time:
15:03 - 15:06

Panel:  Rod Rasmussen (Internet Identity); Tim Ruiz (GoDaddy), Greg Aaron
(Afilias), Law Enforcement (TBD); Vanda Scartezini (At-Large Advisory
Committee); Jeff Neuman (NeuStar); Oscar Robles-Garay

Case studies in global criminal attacks (20 minutes) (15:06-15:26) Rod
Rasmussen will describe the chronology of events leading to the discoveries
and cessations of two noteworthy security incidents.  He will describe both
the parties involved in, and the events leading up to, the disconnection of
the McColo hosting provider, and the sustained disruption of Srizbi bot
communications with their command and control servers by preventing the
automated registrations of botnet domains.  Rod will describe the events
surrounding the attack against the e-billing company, CheckFree, through its
domain names, the immediate effects, related phishing of registrars, and the
prospects for future, similar attacks against the financial sector and

Abuse Response Today - (30 minutes) (15:26-15:56) The speakers will describe
their respective roles in responding to, and acting upon, criminal
complaints where domain names are used to abet criminal activities, and how
to protect legitimate end-users from erroneous shut-downs (false positives).
A law enforcement expert will describe the role of the private sector in
cooperating with law enforcement agencies, and in proactively responding to
E-crime so as to protect consumers.

Audience Questions (15 minutes) (15:56-16:16:11)

Session 3.  Role of ICANN Stakeholders and Staff in Responding to e-Crime
(45 minutes) Time: 16:11-17:01

Moderator:  Lyman Chapin (former Director, ICANN Board) (16:11-16:14)

Panel: Jon Nevett (Network Solutions); Garth Bruen (Knujon); Steve Metalitz
(Intellectual Property Constituency); David Giza (ICANN Compliance Office);
Roelof Meijer (SIDN); Adam Palmer (Public Interest Registry); Rudi Vansnick
(ISOC.be); Marc Ottawa (Royal Canadian Mounted Police); Andy Steingruebl
(PayPal); Tony Harris (Cabase)

The speakers will describe how current ICANN gTLD and ccTLD policies and
contractual obligations of registries and registrars help combat E-crime.
The role of ICANN's Compliance Office in reinforcing these efforts, such as
in the areas of WHOIS accuracy, and registrar breach notices, will be
explained.  The speakers will also discuss the efforts among industry groups
to develop voluntary guidelines and share data to enhance the private
sector's responses to e-Crime.

Audience Questions (15 minutes) (16:56 - 17:01)

Next Steps - e-Crime Break-Out Sessions (60 minutes) Time: 17:01 - 18:01

Instructions:   Denise Michel, ICANN Vice President, Policy Development

The public will have an opportunity to participate in further detailed
discussion and exchange of information by joining one of several break-out
sessions on specific issues moderated by the individuals identified below:

.       Law Enforcement and ccTLDs (Marc Moreau and Erick Iriarte Ahon)
.       Consumer Protection  in Existing and New TLDs (Beau Brendler and
Holly Raiche, Executive Director, ISOC-AU)
.       The Role of ICANN (Jon Nevett, Kristina Rosette, and Doug Brent,
Chief Operating Officer, ICANN)
.       e-Crime in Latin America  - conducted in Spanish  (Vanda Scartezini
and Alejandro Pisanty)

The moderators of each break-out session will summarize any suggested next
steps and recommendations from their respective group during the Public

<<< Chronological Index >>>    <<< Thread Index >>>