[gnso-rds-pdp-wg] [For Background] APWG report on phishers use of Domain Name System

Greg Aaron gca at icginc.com
Wed Jun 28 13:24:49 UTC 2017 

Dear Benny:

Contact information is absolutely essential for some of this analysis, as is information about registration dates, nameservers, registrar name, etc. 

So it depends on what you mean by "gated access."  If you mean that contact data should be gated and not seen by responders and researchers, then that would cripple this type of work.  Contact data is also essential for operational response.  It is used by the security responders, phishing targets, hosting providers, and law enforcement to figure out what is happening, make decisions, and stop the phishing.

All best,
--Greg and Rod


-----Original Message-----
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of benny at nordreg.se
Sent: Wednesday, June 28, 2017 1:31 PM
To: John Bambenek <jcb at bambenekconsulting.com>
Cc: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] [For Background] APWG report on phishers use of Domain Name System

I don’t want to start a long discussion on this topic, but only point out that a gated access designed right will not stop any of you from doing the same work as I see it.
--
Med vänliga hälsningar / Kind Regards / Med vennlig hilsen

Benny Samuelsen
Registry Manager - Domainexpert

Nordreg AB - ICANN accredited registrar
IANA-ID: 638
Phone: +46.42197080
Direct: +47.32260201
Mobile: +47.40410200

> On 28 Jun 2017, at 13:26, gnso-rds-pdp-wg at icann.org wrote:
> 
> Thanks for chiming in and largely that was my point. I understand that several people have concerns about the privacy of registrants in whois. What I don't feel gets sufficient appreciation is that having access to whois data helps investigate and PREVENT large security and privacy risks. For instance, the recent malware outbreak that started in Ukraine (Petya/NotPetya). I can be more explicit on that when its over. 
> 
> --
> John Bambenek
> 
>> On Jun 28, 2017, at 06:18, Rod Rasmussen <rod at rodrasmussen.com> wrote:
>> 
>> Thanks John - and let me point out that the authors are here at the meeting in JNB. :-)
>> 
>> Feel free to ping Greg or I on particular aspects of the report - especially if you’re here at the meeting and have some questions.  One thing I can assure you having done the lions’ share of the data “crunching” is that whois was an invaluable part of being able to deliver various stats, classify fraudulent domains vs. compromised ones, and determine providers of subdomain reselling services to name a few.  It was necessary to really make sense out of a lot of this data to deliver value to the community around how these activities are affecting various parties in the ecosystem.
>> 
>> Greg did a short post in CircleID on this as well:  http://www.circleid.com/posts/20170627_phishing_the_worst_of_times_in_the_dns/
>> 
>> Cheers,
>> 
>> Rod
>> 
>>> On Jun 27, 2017, at 9:42 AM, John Bambenek via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org> wrote:
>>> 
>>> http://docs.apwg.org/reports/APWG_Global_Phishing_Report_2015-2016.pdf
>>> 
>>> Relevant to our discussions.
>>> 
>>> -- 
>>> --
>>> 
>>> John Bambenek
>>> 
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>> 
> 
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list