All matters security

APWG Monograph: ICANN interpretation of GDPR impedes cyberinvestigations

WhoisisclosedIn the aftermath of the adoption of the EU GDPR, ICANN’s policies for access to domain registration data (Whois) have created adverse consequences for investigations into terrorist activities, political influence campaigns and cybercrimes, creating serious threats to public safety.

In this APWG monograph, I explain how Whois data is employed during preventative and forensic cyber investigations – and how ICANN’s interpretation of GDPR in particular delays development of programmatic machine-driven responses that are widely used to maintain public safety and are vital to the long-term viability of the Internet as a governable domain.

Image by 

Network hijacking: everything old is new again

My friends at Spamhaus published a fine summary of several types of network hijacking attacks, see Network hijacking: the low down.

image from securityskeptic.typepad.comI wrote a series of posts, Internet address hijacking, spoofing and squatting attacks in 2011. This series of articles explores attacks that exploit the Internet’s routing system in this manner. The series also describes the motives for such attacks, classifies the attacks based on certain distinguishing characteristics, and suggests measures that can be taken to mitigate attacks of these kinds. 

Mine is a good complement to Spamhaus' assessment of the current hijacking landscape if you're interested in digging deeper.

It's depressing that many of the 2011 attack forms remain popular today. 

We really don't learn very well, or very fast, do we?