Electronic Crime Research in Toronto
The Anti-Phishing Working Group (APWG) is an international body set up to tackle cybercrime. Its members come from the internet industry, law enforcement agencies and academia.
For SIDN and the Netherlands, it is the very important that the .nl domain remains secure and stable. We therefore belong to the APWG and make use of APWG services, such as anti-phishing feeds and cybercrime reports.This year, the APWG's annual eCrime symposium took place in Toronto, Canada, in the first week of June. The symposium brings together people from various disciplines with a professional interest in tackling cybercrime. Interdisciplinary contact is valuable for all concerned: university researchers can benefit from learning about the operational problems faced by the internet industry, for example. The Toronto symposium was divided into an industrial track and an academic track. My colleague Bert ten Brinke (SIDN's Security Officer and Secretary of the Abuse Information Exchange) and I both made presentations as part of the industry track.
At the eCrime-symposium, we presented our paper 'ENTRADA: Enabling DNS Big Data Applications'. In the paper, my co-authors and I describe how SIDN Labs uses ENTRADA in the fight against cybercrime. ENTRADA is a system developed by SIDN for the analysis of large volumes of network traffic ('big data'). Our paper explains how ENTRADA works and, for illustration, outlines a number of usage cases. Other registries and e-mail service providers (ESPs) expressed a lot of interest in ENTRADA. One of the ESPs in question sent large amounts of legitimate e-mail for third parties. Our article was reviewed by various international experts before being accepted for presentation at the symposium. It is now being published by IEEE.
In his presentation 'Going Dutch: National Collaboration Fighting Botnets in the Netherlands' (staat niet online?), Bert ten Brinke described the approach used in the Netherlands, where the internet industry and government work together through the Abuse Information Exchange to tackle botnets. Bert highlighted the advantages and functionality of the automated platform known as the AbuseHUB. APWG symposiums are ideal for the exchange of information about such initiatives. There was clear interest in the Dutch approach, with a lot of questioners focusing on how it could be translated to other countries.
From our viewpoint, the symposium was a great success. We were able to share our knowledge and experience, and we received a lot of valuable feedback. We also made new contacts, which we believe will help us get new projects off the ground with the aim of making .nl and the internet as a whole more stable and more secure.