Interisle Consulting Group

When the answer isn't obvious.

Headlines

Collateral Damage from Freenom Phishing Attacks (12 April 2023)
Brian Krebs, reporting at KrebsOnSecurity, recently reported that, sued by Meta, registry operator Freenom halted domain registrations.
According to Krebs, Meta alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.
Meta's actions come as no surprise to us. The Cybercrime Information Center has collected phishing data since May 2020. Freenom's commercialized ccTLDs have repeatedly appeared among the TLDs with the most phishing domains and highest phishing scores.
While brands and individuals of victims of phishing attacks are the most obvious harmed parties, other parties such as hosting operators received collateral damage from phishing attacks. In a post on the CyberCrime Information Center we show that while brands and individuals of victims of phishing attacks are the most obvious harmed parties, other parties such as hosting operators received collateral damage from phishing attacks as well.

New TLDs are coming ... Eventually (16 March 2022)
In a recent blog post, New TLDs are coming #Dangerclose, Dave Piscitello reacts to the impending next round of new Top-level Domains by explaining how DNS abuse — or more correctly, cybercrimes that employ domain names — has flourished in the new TLD era. In the blog, Dave cites concerns by the DNS security community, including ICANN's own security advisory committee, and abuse statistics reported by Interisle and ICANN. He then describes how ICANN has done little to address this problem.

Interisle weighs in on proposed rulemaking to address cybercrime (25 October 2021)
Interisle has submitted a comment in response to the US Department of Commerce's Advance notice of proposed rulemaking (ANPRM). The ANPRM responds Executive Order 13984 of January 19, 2021, ‘Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities’. The EO directs the US Commerce Secretary to implement measures to “deter foreign malicious cyber actors' use of United States Infrastructure as a Service (IaaS) products and assist in the investigation of transactions involving foreign malicious cyber actors.”
Interisle has recommended that DNS hosting and registration services should be classified as IaaS. We explain how criminals use the DNS and how they register and weaponize thousands of domains to perpetrate online crimes. We argue that the DNS is arguably as much of a critical infrastructure as the mobile and “hard-wired” networks that comprise the Internet.

In Fight Against COVID-19 Scam Sites, Lawmakers Push for Domain Name Ownership Records-and Some Pro-Privacy Advocates Agree (2 June 2020)
In this Morning Consult article, reporter Sam Sabin writes that “lawmakers have begun taking the first steps to either provide relief for law enforcement and reopen the WHOIS database or hold domain name operators accountable to verifying the identities of those who purchase web addresses themselves.” Her interviews with politicians, registrars, consumer advocates, and security experts—including Interisle's Dave Piscitello—reveal broad support for better registration data access and stronger accountability for domain name registrants. “Too many domain name registrars and other internet companies are putting their heads in the sand as cybercriminals and scammers try to exploit this pandemic by luring people to fraudulent coronavirus-related websites.”

Weaponizing Domain Names via Bulk Registration (31 March 2020)
In this guest blog post at The Spamhaus Project, Dave Piscitello explains how criminals misuse domain names much in the same manner as terrorists misuse fertilizers to construct improvised explosive devices or as criminals divert pseudoephedrine to the manufacture of methamphetamine. In all of these cases, a commodity serves as a tool in the pursuit of some malignant (criminal) activity. Domain industry parties will no doubt object to such an extreme characterization, cyber investigators can demonstrate on an almost daily basis that hundreds or thousands of domain names are registered specifically for cyber attacks. Dave offers insights from Interisle's Criminal Abuse of Domain Names report and Spamhaus Project editor Sarah Miller notes that the findings from that October 2019 “emphasized the need for more stringent measures to be put in place within the domain name industry, something that the current COVID-19 pandemic is further highlighting.”

It's Not About the Internet (22 October 2019)
In the policy realm what we call “Internet issues” are not actually “Internet” issues—they are well-pedigreed social, political, cultural, and economic issues, for which we clever technologists have provided a rich new environment in which to grow and multiply. It follows that the people best prepared to tackle “Internet” issues may be thoughtful professionals in fields such as behavioral psychology, linguistics, sociology, education, history, ethnology, and political science—not (exclusively) “Internet experts.” Interisle principal Lyman Chapin suggests a broadly interdisciplinary approach to what have traditionally been considered “Internet” issues in an article that appears in the 50th Anniversary issue of the ACM SIGCOMM Computer Communication Review.

Worth reading: "Moving the Encryption Policy Conversation Forward" (20 September 2019)
On September 10, the Encryption Working Group—convened under the auspices of the Carnegie Endowment for International Peace and Princeton University—issued a constructive and wise report titled "Moving the Encryption Policy Conversation Forward" This report directly addresses the increasingly heated debate over use of encryption technologies to protect privacy contrasted against the needs expressed by law enforcement to be able to conduct criminal investigations and protect public safety. Instead of adding further heat to this on-going debate, the Encryption Group has wisely recommended toning down the rhetoric, and instead focusing on problems where feasible solutions can be developed that resolve not just technical issues, but also conform to rational policies and core principles. This offers a hopeful way forward where polarized debate can be replaced with constructive cooperation toward concrete results that would benefit individuals and society at large. We hope this report is read by all players concerned with issues of privacy and legitimate access by law enforcement.

Exposing and Documenting Abusive Internet Behavior (29 April 2019)
Today's Internet is increasingly polluted by malware, phishing, scams, and other forms of abuse that degrade the online environment on which so much of our economic, social, and political lives rely. These abuses erode user confidence and inflict serious harm on individuals and organizations in every part of the world. Countering them is at the top of everyone's list. But accurate information about abusive behavior on the Internet is surprisingly hard to obtain. This frustrates efforts to protect Internet users from abuse, and to change the environment in positive, lasting ways.
ICANN's Domain Abuse Activity Reporting (DAAR) project is a system for studying and reporting on abusive behavior across top-level domain (TLD) registries and registrars. But DAAR reports only aggregated data on gTLD registries; it does not associate any metrics directly with specific registries, does not include information about registrars, and omits ccTLDs entirely. As such it does not give organizations or individuals the information they need to make decisions about how to safely and efficiently interact on the Internet. Achieving a safer Internet requires a trusted, neutral, public clearinghouse to collect, publish, and persistently store information that categorizes and quantifies Internet identifier system behavior, which can be used to deploy security measures, demonstrate the effectiveness of security or other administrative controls, inform policy makers, and conduct research.

Interisle News