« December 2012 | Main | February 2013 »

January 2013

Thursday, 24 January 2013

Domain Seizures Act II: Minimizing Collateral Harm

In March 2012, and on behalf of the ICANN Security Team, I published a thought paper on domain seizuers. The paper helps folks ask the right questions and gather the right information as they prepare a court order, to make clear exactly what actions the issuer expects.

This first thought paper is not an endorsement of seizures. It acknowledges that domains will beseized and that people issuing court orders for those seizures need to understand how domain names and DNS work to ensure that the seizures are done properly and, more importantly, to insure against collateral damage.

Following the Microsoft/FS-ISAC/NACHA action against the ZeuS botnet in March 2012, Michael Sandee published an analysis of operation b71 where he explained that collateral damage is not limited to suspending or making legitimate domains or web sites unreachable, that a criminal enterprise the size of ZeuS will no doubt be the target for numerous investigations, and that absent sufficient information sharing, cooperation, coordination and trust among investigating parties, there is too much room for error or interference; simply put, one party's success can hamper the erstwhile and equally important efforts of others.

In my post, Domain Name Seizures Prominent in Dismantling the ZeuS botnet, I wrote

Looking ahead, providing clear instructions for domain registries or registrars can be an important part of the level of detail that Dittrich insists must be provided.  Coupling this with the kinds of reasonable efforts Sandee encourages to verify that domains listed in complaints are "harmful" when the legal orders are executed is equally important to minimize collateral damage.

Today, and again on behalf of the ICANN Security Team, I've published a second thought paper, Domain Seizures Act II: Minimizing Collateral Harm, that discusses the collateral harm resulting from operation b71, Jotform, and Mooo.com events and recommends steps that investigators can take to minimize collateral harm in future seizure actions.

A web  and PDF version of the paper itself are hosted at ICANN's web site.

Posted at 04:43 PM in Domain names and DNS | | Comments (0)

Tuesday, 22 January 2013

Book Review: On Internet Freedom

Marvin Ammori has written an important book about the threats to free speech and expression that we are not only privileged to conduct on the Internet today but have come to treat as basic human rights.

InternetFreedom

On Internet Freedom looks at the past, present and future of the Internet as a speech technology. Ammori examines how the coordinated and determined efforts by Big Content to protect content and increasing efforts by governments to censor content threaten Internet use as we embrace it today. Ammori also explains how these acts were in fact anticipated by Clark, Sollins, Wroclawski and Braden in a paper entitled Tussle in Cyberspace: Defining Tomorow's Internet, where the authors assert,

"User empowerment, to many, is a basic Internet principle, but for this paper, it is the manifestation of the right to choose—to drive competition, and thus drive change."

Ammori cites only the first clause of this sentence - as a technologist, I believe the second is extremely important as well - but he makes clear that the Internet's end-to-end design establishes a fundamental thesis,

"If user choice is our design principle, then users should have the final say."

Unfortunately, Ammori explains that users don't have the final say but are increasingly challenged by lawyers, bureaucrats, commissioners and others who are motivated to constrain their freedoms and who want to do so by altering the Internet's fundamental design. Ammori's response, admittedly US-centric, is simple: the Internet is a speech technology, and 

"the ultimate design principle for any speech technology, at least in the United States: the First Amendment, which protects freedom of speech. The First Amendment is not generally thought of as a design principle, but, by definition, it limits what Congress or any other government actor may or may not adopt in shaping the Internet’s future."1 

This sets the context for the remainder of the book. In Part II, Ammori looks at events leading to the 18 January 2012 Internet Blackout in protest of SOPA/PIPA and how these and possibly future legislation threaten "the speech tools of the many while reshaping our speech environment for the benefit of the few"2.

Conveniently, Part II is largely about how the few benefit. Before judging whether you believe this is even-handed or not, remember that the litmus test throughout this book is the First Amendment of the US Constitution. This Part ought to make every Internet user or free speech advocate pause, or shiver. One of the most worrisome speculations Ammori offers is the extent to which legislation could stilt adoption of emerging technologies like 3D printing or stifle future innovations of this kind.

Part III looks at how the Internet as speech technology influences governments, now governments have attempted to exert influence, and how Internet users and dominent Internet forces (Google, Amazon, Facebook, Twitter) respond. This Part will probably be illuminating for most readers, as it explains situations where a private conversation between a government official and an ISP or hosting company can circumvent the First Amendment, and why Terms of Service are often more speech-restricting than the Amendment as well.

Part IV focuses on the net neutrality issue. Ammori draws the battle lines:  ISPs seek to differentiate, rate control, block, or charge users differently for content that is transmitted on their networks. However, content includes speech and if the Intenet is speech technology, then ISPs should not be able to decide what you say or see, or they do so in violation of your First Amendment rights. Ammori also explains that net neutrality is not only a First Amendment issue but an economic one: net neutrality violations can influence investments in or creation of new technology.

I began by saying that Marvin Ammori has written an important book. It is also an extremely readable book. Ammori does a commendable job explaining constitutional law and technology in very plain speak. I highly recommend the book as something not only something for people who are intested in law or technology but for anyone who advocates freedom of expression.

On Internet Freedom is currently available as a Kindle download

1 Ammori, Marvin (2013-01-15). On Internet Freedom (Kindle Locations 469-474). Elkat Books. Kindle Edition.

2 Op. cit., (Kindle Locations 588-589).

Posted at 07:19 AM in Books, Web/Tech | | Comments (0)

Next »
Find me on Mastodon and Facebook

Spotlight Posts

  • Interisle Study Reveals Alarming Rise in Online Abuse and Identifies Exploitable Links in Cybercriminal Supply Chains
    My Interisle colleagues and I today published our 2024 Cybercrime Suppy Chain study. We analyzed 16 million cybercrime events to expose a dramatic rise in criminal exploitation of name, address, hosting, and financial supply chains. Our year-over-year findings show that cybercriminals exploit lax policies to easily and cheaply obtain resources for phishing, malware, and spam campaigns. In our report, we provide actionable insights for those aiming to curb cybercrime. Among the major findings in the study, Interisle reports that: The total number of malware, phishing, and spam attacks grew year-over-year by nearly 54%, to nearly 16.3 million attacks. Spam doubled,...
  • Malware quarterly reports for July-September
    Malware quarterly reports for July-September 2024 is now posted at the Cybercrime Information Center. For the period... Malware identified as targeting endpoint devices increased 277% over the prior period. WordPress blog sites used for malware accounted for nearly all the malicious documents reported for this period. We continue to see an uptick in malicious scripts. IPv4 addresses reported for exhibiting characteristics of attackware and traffic injectors increased 38% to just under 1 million. ASNs in China and India again have the most IPv4 addresses reported for hosting malware. More malware trends for the period at https://www.cybercrimeinfocenter.org/malware-trends-july-september-2024. For historical reporting of...
  • Interisle's Phishing Landscape 2024 is here
    Our Interisle team today announced the publication of an industry report, Phishing Landscape 2024, A Study of the Scope and Distribution of Phishing. Interisle’s fourth annual study examines nearly four million phishing reports collected from May 2023 to April 2024 and provides historical measurements using over 15 million phishing reports collected at the Cybercrime Information Center over a four year period. Findings from the study: • The total number of phishing attacks grew to ~1.9 million incidents worldwide. • Phishing attacks hosted at subdomain providers increased by 450,000+ reported names, representing 24% of all phishing attacks. • The use of...
  • Malware Trends, January - March, 2024 posted at the Cybercrime Information Center
    2024 began with a rise in domain names reported for hosting malware unlike any we have seen since we began measuring malware attacks in 2021. The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO) from the prior quarter. The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase). All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. Several registrars had 4- and 5-figure percentage increases in domains reported....
  • Malware Trends, January - March, 2024 posted at the Cybercrime Information Center
    2024 began with a rise in domain names reported for hosting malware unlike any we have seen since we began measuring malware attacks in 2021. The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO) from the prior quarter. The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase). All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. Several registrars had 4- and 5-figure percentage increases in domains reported....

Search

My Photo

Categories