From time to time, we will allow non handlers to submit editorials to be published in our diary. The editorial below was submitted by Gadi Evron. If you are interested, please send a quick proposal via our contact form.
The IGF (Internet Governance Forum) is an annual UN conference on Internet governance which was held this year in Rio de Janeiro, Brazil. The topics discussed range from human rights online to providing Internet access in developing countries. A somewhat secondary topic of conversation is Internet security and cyber-crime mostly limited to policy and legislative efforts. Techies and our industry don't have much to do there, but I have a few updates for us from the conference.I will be teaching next: Intrusion Detection In-Depth - SIEM Summit & Training 2019
One of the main problems the Internet security operations community faces is that although global encompassing incident response and information sharing is happening, it is on the technological and operational levels. We mostly do not know how to communicate with the policy makers. Some of us present there made head-way in the hallways (as the sessions are mostly just repeated talk).
I spoke with Dr Hamadoun Touré, the Secretary General of the ITU on some of our efforts and some of our operational needs, and was pleased to find an open mind and sincere interest. The ITU, at least as far as I understood, is concerned with Internet security, and appreciates the importance of the operational communities and the work we do.
On a surprised note, China ran a few security sessions in which its' delegates have shown high visibility into Internet security and abuse in China, speaking of issues of establishing trust and incident response statistics. They are highly concerned with spam, and are the only ones to have spoken in an operational manner. They quoted numbers from (mainly) US sources that showed spam and abuse activity in China, then they indicated a drop of spam being sent from the Chinese network (spam is of key importance to them in their presentations).
On the other hand they presented an increase in phishing and botnet incidents being reported. In one slide they showed numbers on phishing reports, sorted by top-reporters. The top-5 reporters were: Verisign (probably iDefense), RSA (probably Cyota), eBay (probably eBay), CastleCops (Probably PIRT) and MarkMonitor.
But wait, there's more. The Chinese delegation also discussed mitigation success rates. In phishing, out of over 600 sites reported in one time period they mitigated just over 200. They were sinciere and open on where they have to get better and to be honest, I was in awe from them, a country I considered to be a black hole of abuse reports. We made some new contacts and hope these will prove fruitful for future cooperation. I am highly impressed with the people I met from China..
Another subject of interest to me was my discussion with Milton Mueller on his advocacy of some information being removed from publicly accessible WHOIS data. Although ideologically I am with him on this privacy issue, practically it is the only, granted very poor, way for the Internet security operations community to take down abusive domain names today, through registrars, and the Internet can't do without it until another option is presented. I hope to work with him on solutions to this conundrum.
My lecture there was one I only found out I was giving a about a month ago after being contacted by a member of ICANNs SSAC. It was a part of the Case Studies session from the Diplo foundation ( http://www.diplomacy.edu ), where I spoke, technically, of lessons from the Estonian Internet war and how countries can defend themselves, as written in the post-mortem analysis and recommendations I wrote for the Estonian CERT. In the questions section we spoke of the importance of CERT organizations, how they are established and on the differences in fraud as seen in different parts of the world. My fellow session members were: Robert Guerra (Canada, session moderator), Veronica Cretu (Moldova, facilitator), and the other panelists: Olga Cavalli (Argentina) and Cristine Hoepers (who manages the Brazilian CERT). I, of course, am from Israel and work for Afilias Global Registry Services.
Nov 22nd 2007
1 decade ago