• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

Domain Market Research

there is no brand name like a domain name

  • About
    • Domain investing vs domain development
  • 1 Word Domains
  • 3 Letter Domain Names
    • 4 letter domain names
    • 5 letter domain names
  • Sponsored Post
    • Make a Contribution
  • Market Pulse
  • Contact

ICANN GDPR WHOIS Policy Eliminates Pre-Emptive Protection of Internet Infrastructure Abuse; Obstructs Routine Forensics to Cybercriminals’ Advantage

October 24, 2018 By admin Leave a Comment

A joint APWG-M3AAWG survey of cybercrime responders and anti-abuse personnel indicates ICANN’s Temporary Specification for domain name WHOIS data has eliminated interventions that previously allowed investigators to stop new cybercrimes while still in the preparatory stages — and has markedly impeded routine mitigations for many kinds of cybercrimes. The survey was submitted to ICANN on Oct. 18 by the Anti-Phishing Working Group and the Messaging, Malware and Mobile Anti-Abuse Working Group.

With responses from 327 professionals, the survey revealed that losing the ability to attribute domain names to criminals or victims of abuse has irreparably eliminated their capacity to issue warnings about new abuses that known bad actors are perpetrating, even when the WHOIS registrant data is pseudonymous, according to Peter Cassidy, APWG Secretary General.

ICANN’s Temporary Specification for gTLD Registration Data, established in May in response to the European Union’s General Data Protection Regulation (GDPR), impedes investigations of cybercrime – from ransomware attacks to distribution of state-sponsored strategic disinformation. Analyses of responses from the survey reveal that:

Cyber-investigations and mitigations are impeded because investigators are unable to access complete domain name registration data.
Requests to access non-public WHOIS by legitimate investigators for legitimate purposes under the provisions of the Temp Spec are routinely refused.
“The biggest impact has been to determine who has registered a criminal/fraudulent domain, and the ability to use that information to find other domains registered by the same actor. That devastates our ability to find all of the fraudulent domains registered by the same entity,” one typical respondent wrote in the APWG-M3AAWG GDPR WHOIS User Survey report.

APWG and M3AAWG concluded their analysis with recommendations for ICANN to:

Establish a mechanism for WHOIS data access by accredited, vetted qualified security actors.
Restore redacted WHOIS data of legal entities.
Adopt a contact data access request specification for consistency across registrars and gTLD registries.
Establish a WHOIS data access scheme that does not introduce delays in collecting or processing and is not burdened by per-request authorizations.
Reassess the current redaction policy and consider replacing restricted personal data with secure hashes that can be used as a proxy for tracing criminal actors across data resources.
Publish point of contact email addresses to provide investigators with an effective means of identifying domains associated with a victim or person of interest in an investigation.
The full survey can be found at http://www.m3aawg.org/WhoisSurvey2018-10.

About the APWG
The APWG (www.apwg.org), founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,200 companies, government agencies and NGOs participating in the APWG worldwide.

APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe’s Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations.

About M3AAWG
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

Filed Under: Domain Market

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Domain Names for Business

Technologies.org
PressMediaRelease.com
MarketResearchMedia.com
VirtualTravelGuide.com
TravelMktg.com

Exclusive Domains

chipotle.app
Zapatista.org
HappyHong.com
t2e.org
DigitalCitySquare.com

Secondary Sidebar

Domain Aftermarkets

a4o.net
QuizGame.com sold for $9,100
500.app sold for $2,400
a2q.org
500ap.com
x2m.org
atm.paris
RemoteBackup.com sold for $12,000
purgatories.com
domainpickings.com

Footer

Recent Posts

  • Cloudflare Wins CISA Contract for Registry and Authoritative Domain Name System (DNS) Services
  • American companies are increasingly assuming Finnish names
  • Sold: reposco.com
  • Verisign Reports Internet Has 349.9 Million Domain Name Registrations at the End of the Third Quarter of 2022
  • 2022 CSC Domain Security Report Finds Nearly Three Quarters of Global 2000 Companies are at Alarmingly High Risk of Exposure to Security Threats
  • Sold: webxrtools.com
  • Sold InnovationMetaverse.com
  • Cruise Market: CruiseMarket.org, domain name for sale
  • Defense Acquisition: DefenseAcquisition.com, domain name for sale
  • Bootstrapping.org, domain name for sale

Media Partners

  • Opinion
  • Exclusive Domains
  • Briefly
  • OPINT
  • VPNW
  • S3H
  • Domain Aftermarkets
  • App Coding
  • API Coding
  • Blockchaining

Media Partners

  • Technology Conferences
  • Event Sharing Network
  • Cybersecurity Events
  • Event Calendar
  • Calendarial
  • Domain Market Research
  • Pixel Effect
  • Domain Name for Business

Copyright © 2018 DomainMarketResearch.com

Technologies, Market Analysis & Market Research Reports

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT