Archived News

2022

23 September 2022 (Updated 1 November)

Dave Piscitello to present at M3AAWG

Dave Piscitello will present findings and recommendations from two recent Interisle studies of phishing and malware at the M3AAWG meeting in October. Data from three million phishing reports, as well as analysis and recommendations about two and a half million records of malware will be shared.
Update: 1 November 2022
Anne Price summarized Dave's presentation in a M3AAWG blog post, "Coordinated Action is Needed as Phishing and Malware Attacks Skyrocket; Domains, Brands and Services Targeted".

——————————

10 August 2022

Making the Internet a More Secure Place

David Strom interviews Dave Piscitello for Czech company Avast's popular Cybersecurity blog, where he reviews Interisle's 2022 Phishing Landscape Study. Strom notes that "What makes [the] report especially powerful is that it includes data from four commercial information sources" and the two Davids discuss the merits/benefits when organizations employ more than one blocklist in their antiphishing defenses.

——————————

31 July 2022

Interview with Dave Piscitello

Interisle principal Dave Piscitello was interviewed for Authority Magazine's series 5 Things You Need To Know To Optimize Your Company's Approach to Data Privacy and Cybersecurity.

——————————

19 July 2022

Phishing Landscape 2022

Interisle Consulting Group has published a major new research report, Phishing Landscape 2022: An Annual Study of the Scope and Distribution of Phishing. Interisle collected more than 3 million phishing reports representing over 1.1 million phishing attacks from four respected threat intelligence sources over a period of 12 months. This extensive data set formed the basis for an in-depth analysis of how and where criminals are getting the resources they use to scam Internet users, and points to better ways to fight phishing.

——————————

14 June 2022

Malware Landscape 2022

Interisle Consulting Group has published a major new research report, Malware Landscape 2022: A Study of the Scope and Distribution of Phishing. The study, which analyzed 2.5 million records of distinct malware events from April 1, 2021 to March 31, 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.

——————————

16 March 2022

New TLDs are coming ... Eventually

In a recent blog post, New TLDs are coming #Dangerclose, Dave Piscitello reacts to the impending next round of new Top-level Domains by explaining how DNS abuse — or more correctly, cybercrimes that employ domain names — has flourished in the new TLD era. In the blog, Dave cites concerns by the DNS security community, including ICANN's own security advisory committee, and abuse statistics reported by Interisle and ICANN. He then describes how ICANN has done little to address this problem.

——————————

14 March 2022

EU High Level Internet Governance

Interisle principal Dave Piscitello presented at a recent meeting of the EU High Level Internet Governance expert group, discussing domain name abuse, following a presentation of a Study on Domain Name System (DNS) Abuse commissioned by the European Commission. The Phishing Landscape 2021 Study and other related Interisle studies are mentioned in the EC study.

——————————

25 February 2022

Improvements to the CyberCrime Information Center

Interisle principal Colin Strutt posted a blog entry at the CyberCrime Information Center describing recent improvements to our cybercrime analysis. CIC is now gathering domain registration data for ccTLDs; we've improved identification of brands targeted by phishing; and we've enhanced our ability to discern phishing domains that were registered maliciously.

——————————

6 January 2022

Interisle principal Andy Malis issued 6th US patent

Interisle principal Andy Malis is a co-author of US patent 11,201,820, issued on December 14, 2021. The patent, "Segment Routing in MPLS Network", describes methods and devices such as routers for performing segment routing in MPLS networks. This adds the ability for MPLS networks (including those carrying IPv4 traffic) to support network programming and router-based network services (such as network statistics, service level verification, firewall filtering, and server load balancing), which were previously only available when segment routing is used in a native IPv6 network.

2021

30 November 2021

Economic impact payments (EIP) Phishing: US citizens under attack from US bases of phishing operations

Interisle Principals Dave Piscitello and Colin Strutt report on a prolonged phishing campaign that targets US citizens with an Economic Impact Payment (EIP) theme. EIP phishing emails and text messages mimic correspondence to convince US citizens to submit personal information or an advance fee payment at a bogus IRS web site. Dave and Colin analyzed 5700 links to determine where phishers were acquiring resources for their EIP phishing pages and identified a decidedly US nexus. US citizens are largely being phished from US hosting services using US based registrars and domain names delegated from US based Top-level domains. Dave and Colin assess the circumstances hindering takedowns of this prolonged campaign and discuss policy and legislative activity that could be adopted to protect US citizens specifically, and all targets of phishing generally.

——————————

17 November 2021

Malware Landscape 2021

Interisle Consulting Group has published a major new research report, Malware Landscape 2021: A Study of the Scope and Distribution of Phishing. Interisle collected nearly 1.7 million malware reports collected from January 1, 2021 to June 30, 2021, which shows a 663% increase in malware reports in the first half of 2021. Our analysis allowed us to understand what malware was most prevalent, where malware was served from or distributed, and what resources criminals used to pursue their attacks.

——————————

25 October 2021

Interisle weighs in on proposed rulemaking to address cybercrime

Interisle has submitted a comment in response to the US Department of Commerce's Advance notice of proposed rulemaking (ANPRM). The ANPRM responds Executive Order 13984 of January 19, 2021, ‘Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities’. The EO directs the US Commerce Secretary to implement measures to “deter foreign malicious cyber actors' use of United States Infrastructure as a Service (IaaS) products and assist in the investigation of transactions involving foreign malicious cyber actors.”
Interisle has recommended that DNS hosting and registration services should be classified as IaaS. We explain how criminals use the DNS and how they register and weaponize thousands of domains to perpetrate online crimes. We argue that the DNS is arguably as much of a critical infrastructure as the mobile and “hard-wired” networks that comprise the Internet.

——————————

22 September 2021

Phishing Landscape 2021

Interisle Consulting Group has published a major new research report, Phishing Landscape 2021: An Annual Study of the Scope and Distribution of Phishing. Interisle collected nearly 1.5 million phishing reports representing approximately 700,000 unique phishing attacks from four respected threat intelligence sources over a period of 12 months. This extensive data set formed the basis for an in-depth analysis of how and where criminals are getting the resources they use to scam Internet users, and points to better ways to fight phishing.

——————————

1 August 2021

New Whois Survey Findings

Dave Piscitello was one of four principal investigators of a joint M3AAWG and the Anti-Phishing Working Group (APWG) survey, ICANN, GDPR, and the WHOIS: A Users Survey — Three Years Later. The survey asked cyber investigators and anti-abuse service providers to describe ongoing impacts of ICANN's implementation of the EU GDPR, the Temporary Specification for gTLD Registration Data (Temporary Specification, adopted in May 2018).

——————————

28 June 2021

Domain Security Report

Interisle Consulting Group announced the publication of an industry report, Domain Security: A Critical Component of Enterprise Risk Management. The report describes the adverse and costly consequences when an organization becomes a victim of domain name hijackings or misuse. Interisle recommends that organizations need to include domain names in their enterprise risk management planning and execution.

——————————

25 June 2021

Updated Phishing Activity Reports Available

Phishing activity updates for the period November 1, 2020 through January 31, 2021 are now available at the Cybercrime Information Center. The updates include measurements and rankings of Top-level Domains, Domain Registrars, and Hosting Networks (ASNs) for the period. Comparisons of measurements against the prior period — May 1, 2020 through July 31, 2020 and August 1, 2020 through October 31,2020 — are also available.

——————————

9 June 2021

Andy Malis co-authors more RFCs on Deterministic Networking

Interisle partner Andy Malis participates in the Internet Engineering Task Force's Deterministic Networking (DetNet) project, focused on deterministic data paths providing bounds on latency, loss, jitter, and high reliability. DetNet is publishing RFCs on this topic, with Andy as co-author on some, including RFC 9023: Deterministic Networking (DetNet) Data Plane: IP over IEEE 802.1 Time-Sensitive Networking (TSN), RFC 9024: Deterministic Networking (DetNet) Data Plane: IEEE 802.1 Time-Sensitive Networking over MPLS, and RFC 9037, Deterministic Networking (DetNet) Data Plane: MPLS over IEEE 802.1 Time-Sensitive Networking (TSN).

——————————

30 April 2021

Updated Phishing Activity Reports Posted

Phishing activity updates for the period August 1, 2020 through October 31, 2020 are now available at the Cybercrime Information Center.
The updates include measurements and rankings of Top-level Domains, Domain Registrars and Hosting Networks (ASNs) for the August 1, 2020 through October 31,2020 period.
Comparisons of measurements against the prior period, May 1, 2020 through July 31, 2020 are also available.

——————————

13 March 2021

Academic Research Corroborates Interisle Study Findings

A large-scale systematic measurement study to quantify the changes made by WHOIS providers in response to the GDPR was presented at The Network and Distributed System Security Symposium (NDSS) on 22 February. Using a collection of 1.2 billion WHOIS records spanning two years and software they developed to automate compliance checking, the researchers found levels of WHOIS redaction beyond what the GDPR would require that corroborate the findings of Interisle's recent WHOIS Contact Data Availability and Registrant Classification Study.

——————————

1 March 2021

Interisle Launches the Cybercrime Information Center

Cybercrime—phishing, pharming, botnets, malware, and spam—threatens every Internet user. To fight cybercrime we need to know how criminals acquire and use the Internet resources that enable their criminal activity. The Cybercrime Information Center (CIC) will gather and publish the facts about cybercrime. By publishing its measurement data, the Center will identify the sources and mechanisms of cybercrime, as defined in the Council of Europe's Budapest Convention on Cybercrime. Researchers, governments, businesses, and others will be able to use CIC data to evaluate the policies and practices that attract and encourage criminal activity.

——————————

25 January 2021

WHOIS Contact Data 2021

Interisle Consulting Group has published a major new research report, the WHOIS Contact Data Availability and Registrant Classification Study. The report presents an in-depth analysis of how contact data for Internet domain names–which make all web sites, email, and apps work–has disappeared from public access, impeding cybercrime investigation, consumer protection, Internet security, and online commerce.

——————————

23 January 2021

Andy Malis co-authors two RFCs on Deterministic Networking

Interisle partner Andy Malis participates in IETF's Deterministic Networking (DetNet) project, which focuses on deterministic data paths providing bounds on latency, loss, jitter, and high reliability. DetNet is publishing a set of RFCs on this topic, with Andy as co-author on some. Recently published include RFC 8938: Deterministic Networking (DetNet) Data Plane Framework and RFC 8964: Deterministic Networking (DetNet) Data Plane: MPLS.

——————————

1 January 2021

Interisle welcomes new Partner Andy Malis

Andy Malis, a well-known and widely respected contributor to the development of telecommunications technology and the Internet for over 40 years, joins Interisle as a Partner. He brings to Interisle extensive experience in networking protocol architecture and evolution, product architecture and strategic planning, service provider network planning, and technology transfer, and a strong reputation for leadership in international standardization bodies (including the IETF, Broadband Forum, ITU-T,and Open Networking Foundation), standards authorship, and chairing and speaking roles at conferences and other industry events. Andy is the author or co-author of more than 40 IETF RFCs and Internet drafts, and currently co-chairs the IETF's Pseudowire And LDP-enabled Services (PALS) working group.

2020

13 October 2020

Phishing Landscape 2020

Interisle Consulting Group has published a major new research report, Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing.
Interisle collected data about phishing attacks from four respected threat intelligence sources over a period of three months, learning about more than 100,000 newly discovered phishing sites. This extensive data set formed the basis for an in-depth analysis of how and where criminals are getting the resources they use to scam Internet users, and points to better ways to fight phishing

——————————

July 2020

Disinformation and the 2020 Election

Dave Piscitello was again a guest on the Unsung Cyber Hero Adventure TV Network for an episode entitled The 2020 Election & Disinformation: Is Our Democracy Under Attack!. Appearing with Dave was fellow cyber investigator, John Bambenek, who is a visiting lecturer at University of Illinois. Also appearing was Llewelyn King, the Co-creator and host of the PBS Show, The White House Chronicles. Host Gary Berman focused the discussion on a range of interrelated topics.

——————————

June 2020

Ransomware Exposed on Unsung Cyber Hero Adventures TV Network

Interisle principal Dave Piscitello and fellow guest Christiaan Beek of McAfee share experiences dealing with ransomware and related cybercrime during this Unsung Cyber Hero Adventures TV episode. Dave and Christiaan explain what ransomware is, how it's delivered, which sectors are the MOST vulnerable to ransomware and why, and how individuals, small businesses and large organizations should contend with it. They also share how cyber criminals are leveraging Covid-19 to deploy ransomware and answer the thorny question, “should a victim pay the ransom?”

——————————

2 June 2020

In Fight Against COVID-19 Scam Sites, Lawmakers Push for Domain Name Ownership Records-and Some Pro-Privacy Advocates Agree

In this Morning Consult article, reporter Sam Sabin writes that “lawmakers have begun taking the first steps to either provide relief for law enforcement and reopen the WHOIS database or hold domain name operators accountable to verifying the identities of those who purchase web addresses themselves.” Her interviews with politicians, registrars, consumer advocates, and security experts—including Interisle's Dave Piscitello—reveal broad support for better registration data access and stronger accountability for domain name registrants. “Too many domain name registrars and other internet companies are putting their heads in the sand as cybercriminals and scammers try to exploit this pandemic by luring people to fraudulent coronavirus-related websites.”

——————————

May 2020

Internet Infrastructure Coalition responds to Interisle's domain registration data report

On April 28 the Internet Infrastructure Coalition (i2Coalition) published comments on the Interisle Report “Domain Registration Data at a Crossroads.” The Coalition “objects to the flawed conclusions drawn by” the report and charges that it “establishes a false framework as the basis from which it assesses registrars.” They conclude that “[t]he report reads more like the promotion of specific agendas, including on policy development work in the context of the ICANN EPDP, rather than solutions.”
Interisle stands by its report and will entertain and review any data or equivalent analyses provided by the Coalition that would influence its findings or recommendations.

——————————

March 2020

Interisle releases report on domain registration data

Internet users of all kinds rely on public domain name registration data services ("Whois") to obtain accurate and up-to-date operational and registration information for vital and legitimate purposes. Over the last two years, access to domain name registration data has been drastically curtailed as a result of ICANN policies, data privacy laws, and due to practices by registrars and registry operators.
Interisle studied domain registration data, measuring the effectiveness and impact of ICANN's registration data access policies and procedures by examining the practices of 23 registrars, which collectively sponsor more than two-thirds of the registrations in the generic top-level domains (gTLDs). It determined whether they comply with ICANN's policies and related contractual obligations, and also to the European Union's General Data Protection Regulation (EU GDPR).
You can read the Full Report or the Executive Summary.

——————————

31 March 2020

Weaponizing Domain Names via Bulk Registration

In this guest blog post at The Spamhaus Project, Dave Piscitello explains how criminals misuse domain names much in the same manner as terrorists misuse fertilizers to construct improvised explosive devices or as criminals divert pseudoephedrine to the manufacture of methamphetamine. In all of these cases, a commodity serves as a tool in the pursuit of some malignant (criminal) activity. Domain industry parties will no doubt object to such an extreme characterization, cyber investigators can demonstrate on an almost daily basis that hundreds or thousands of domain names are registered specifically for cyber attacks. Dave offers insights from Interisle's Criminal Abuse of Domain Names report and Spamhaus Project editor Sarah Miller notes that the findings from that October 2019 “emphasized the need for more stringent measures to be put in place within the domain name industry, something that the current COVID-19 pandemic is further highlighting.”

——————————

March 2020

The business of domain names

John McCormac cites data from Interisle's report on Criminal Abuse of Domain Names in his November 2019 book Domnomics: The business of domain names. The book presents a comprehensively data-driven indictment of the domain name industry and ICANN's failure to recognize and respond to its abuses. [Note: Interisle receives no compensation of any kind for this or any other referral click-through.]

2019

October 2019

Interisle releases report on criminal domain abuse

Interisle studied the impact of bulk registration of domain names and how they aid cybercriminals with malware, ransomware, phishing, botnets and spam attacks.
In the report, we studied "bulk registration misuse" by criminal actors. Bulk registrations refers to the practice of rapidly acquiring domain names, using these in an attack, and abandoning them as if they were throw-away ("burner") phones. These domains are a critical resource for cybercriminals. 
You can read the full report: Criminal Abuse of Domain Names or just the Executive Summary.

——————————

22 October 2019

It's Not About the Internet

In the policy realm what we call “Internet issues” are not actually “Internet” issues—they are well-pedigreed social, political, cultural, and economic issues, for which we clever technologists have provided a rich new environment in which to grow and multiply. It follows that the people best prepared to tackle “Internet” issues may be thoughtful professionals in fields such as behavioral psychology, linguistics, sociology, education, history, ethnology, and political science—not (exclusively) “Internet experts.” Interisle principal Lyman Chapin suggests a broadly interdisciplinary approach to what have traditionally been considered “Internet” issues in an article that appears in the 50th Anniversary issue of the ACM SIGCOMM Computer Communication Review.

——————————

September 2019

ICANN must do more to fight Internet security threats

ICANN is conducting a distracting debate about the kinds of events that should be described as “DNS abuse”. The instigators of this debate hope to relieve ICANN and its constituencies of responsibility for the way in which identifiers are used to inflict harm on internet users.
However convenient it may be, it is fundamentally wrong. Harmful content itself is not ICANN's concern; the way in which Internet identifiers are used to weaponize harmful content most certainly is. This falls squarely within ICANN's Bylaws obligation to operate “for the benefit of the Internet community as a whole”.
In this DomainIncite guest post, Lyman Chapin and Dave Piscitello discuss why ICANN's remit extends broadly to how a domain name (or other Internet identifier) is misused to point to or lure a user or application to content that is harmful, or to host content that is harmful. Lyman and Dave offer a pragmatic resolution to the terminology debate: adopt a term, "security threat", that is already widely used within and outside ICANN community. Use the time otherwise wasted in a pointless terminology debate to come to terms with a remit they have studiously avoided: adopt an international treaty definition for cybercrimes and collaborate with public and private sector authorities to disrupt or mitigate these threats.

——————————

20 September 2019

Worth reading: "Moving the Encryption Policy Conversation Forward"

On September 10, the Encryption Working Group—convened under the auspices of the Carnegie Endowment for International Peace and Princeton University—issued a constructive and wise report titled "Moving the Encryption Policy Conversation Forward" This report directly addresses the increasingly heated debate over use of encryption technologies to protect privacy contrasted against the needs expressed by law enforcement to be able to conduct criminal investigations and protect public safety. Instead of adding further heat to this on-going debate, the Encryption Group has wisely recommended toning down the rhetoric, and instead focusing on problems where feasible solutions can be developed that resolve not just technical issues, but also conform to rational policies and core principles. This offers a hopeful way forward where polarized debate can be replaced with constructive cooperation toward concrete results that would benefit individuals and society at large. We hope this report is read by all players concerned with issues of privacy and legitimate access by law enforcement.

——————————

September 2019

Dave Piscitello to speak at the APWG EU eCrime Research Symposium

Dave has been invited to speak at the APWG EU eCrime Research Symposium in Barcelona, Spain. The abstract for his presentation, "Expanding the scope of blocklisting to improve risk-based threat mitigation" is posted at here.

——————————

August 2019

Corroborating community complaints about ICANN's CZDS approval process

Dave Piscitello ran a simple experiment to investigate complaints regarding the approvals process for ICANN's Centralized Zone Data Service (CZDS). He applied for all Top-level domains (TLDs) available from the CZDS on May 28 2019 to observe how promptly registries respond to approval requests. The approval process should be a simple check and sign off: it is for many registry operators but for others, the wait can be significant. Read more on Dave's blog.

——————————

June 2019

Whois is lost

In the aftermath of GDPR's establishment, ICANN's policies for access to domain registration data (Whois) have created adverse consequences for investigations into terrorist activities, political influence campaigns and cybercrimes, creating serious threats to public safety. In this APWG monograph, APWG Board Member and Interisle Principal Dave Piscitello explains exactly how Whois data is employed during preventative and forensic cyber investigations — and how ICANN's interpretation of GDPR in particular also delays development of programmatic machine-driven responses that are widely used to maintain public safety and are vital to the long-term viability of the Internet as a governable domain.

——————————

May 2019

EU Directive on Security of Network and Information Systems

European Union Directive 2016/1148 (NIS) is the first EU-wide legislation on cybersecurity. Although the EU's General Data Protection Regulation (GDPR) has received almost all of the world's attention, the impact of the NIS on network operators is potentially far greater. Interisle's Jim Reid presented On the Implementation of the EU NIS Directive at the ICANN DNS Symposium on 10 May 2019; it's an excellent introduction to the Directive and its consequences. You can listen to Jim's presentation here until June 13, 2019

——————————

May 2019

Network Collective Podcast on EU GDPR

The European general data protection regulation (GDPR) went into effect nearly a year ago. The regulation applies to EU citizens and residents, but the adoption of the regulation and subsequent compliance implementations impact cybersecurity and influence business practices globally. In this podcast episode, Dave Piscitello, Brian Honan, and host Russ White discuss how the regulation has influenced risk assessment for businesses that process personal data and highlight unintended consequences resulting from efforts to comply with the regulation. Listen to Episode 50 — GDPR

——————————

29 April 2019

Exposing and Documenting Abusive Internet Behavior

Today's Internet is increasingly polluted by malware, phishing, scams, and other forms of abuse that degrade the online environment on which so much of our economic, social, and political lives rely. These abuses erode user confidence and inflict serious harm on individuals and organizations in every part of the world. Countering them is at the top of everyone's list. But accurate information about abusive behavior on the Internet is surprisingly hard to obtain. This frustrates efforts to protect Internet users from abuse, and to change the environment in positive, lasting ways.
ICANN's Domain Abuse Activity Reporting (DAAR) project is a system for studying and reporting on abusive behavior across top-level domain (TLD) registries and registrars. But DAAR reports only aggregated data on gTLD registries; it does not associate any metrics directly with specific registries, does not include information about registrars, and omits ccTLDs entirely. As such it does not give organizations or individuals the information they need to make decisions about how to safely and efficiently interact on the Internet. Achieving a safer Internet requires a trusted, neutral, public clearinghouse to collect, publish, and persistently store information that categorizes and quantifies Internet identifier system behavior, which can be used to deploy security measures, demonstrate the effectiveness of security or other administrative controls, inform policy makers, and conduct research.

——————————

April 2019

Pioneers in Skirts

Dave Piscitello recently had the opportunity to preview Pioneers in Skirts, a character-driven documentary addressing gender bias. By revealing how women have overcome bias to succeed when circumstances conspire against them, the movie seeks to encourage cultures worldwide to adopt gender parity.
We at Interisle believe that Pioneers in Skirts is an important film for every work environment, a film that speaks to the issues present in the producers work world and beyond. Please read Dave's call to support Pioneers in Skirts.

——————————

February 2019

Dave Piscitello receives the M3AAWG 2019 Mary Litynski Award

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) announced today that Interisle partner Dave Piscitello is the recipient of the 2019 Mary Litynski Award, which recognizes "the lifetime achievements of an individual who has significantly contributed to making the Internet safer, working far from the public eye over a significant period of time for the greater good." The Award was presented at the 45th M3AAWG meeting in San Francisco.

——————————

19 February 2019

Conservative abuse reporting throws new TLD program under the bus

ICANN has released a January 2019 domain abuse report generated from the Domain Abuse Activity Reporting system (DAAR). DAAR is a system for studying and reporting on domain name registration and security threat (domain abuse) behavior across top-level domain (TLD) registries and registrars. It provides a distribution of domains identified as security threats and a breakdown of security threats by class for all new and legacy registries for which the DAAR project can collect TLD zone data. But the report provides only aggregated summary statistics for TLDs, in pie-chart format; these “findings” are misleading and do not represent actionable intelligence. The report also omits registrar information. By failing to be open and transparent about the high levels of abuse in specific new TLDs and registrar portfolios, ICANN actively frustrates efforts to promote Universal Acceptance of domain names and email addresses and calls future new TLD delegations into question. Read Dave Piscitello's Security Skeptic blog post: Conservative abuse reporting throws new TLD program under the bus.

——————————

February 2019

APWG Publishes 2019 Mission Statement

The Anti-Phishing Working Group (APWG) has published its Mission Statement: "2019: A Critical Year for Privacy Rights, Data Protection and Public Safety", written by Interisle partner Dave Piscitello on behalf of the APWG Board of Directors.

——————————

February 2019

CAUCE welcomes Dave Piscitello to Board of Directors

The Coalition Against Unsolicited Commercial Email (CAUCE) announced the addition of Dave Piscitello to the Board of Directors. Dave's field and policy experience with exposing and mitigating the exploitation of domain names and the domain name system (DNS) by spammers, cyber-attackers, and cyber-criminals complements the law enforcement, threat research, and email abuse skill sets already present on the board. He will work with CAUCE to raise cross-community awareness of abuses and misuses of domain names and the DNS by studying and calling attention to policy vacuums and weaknesses, by promoting abuse reporting systems that can help governance bodies and lawmakers make informed decisions, and by delivering DNS investigations training programs for law enforcement.

2018

20 October 2018

APWG and M3AAWG Survey Finds ICANN WHOIS Changes Impede Cyber Investigations

Dave Piscitello's The Security Skeptic blog has a column focusing on how ICANN's "Temporary Specification for gTLD Registration Data" has affected access and usage of domain name registration by cyber investigators and anti-abuse service providers. Read Dave's column and follow Dave's Security Skeptic blog.

——————————

July 2018

Dave Piscitello to join Interisle

David Piscitello, a widely respected security and cybercrime expert with an international reputation fighting criminal abuse of the Internet and its Domain Name System (DNS), will join Interisle Consulting Group upon his retirement from the International Corporation for Assigned Names and Numbers (ICANN). He brings 40 years of experience with network security practices; cybercrime policy, mitigation, and response; and DNS abuse investigation training. For more information about Dave, see his brief bio or check out his recent publications at The Security Skeptic.

——————————

January 2018

Why People Hate ISPs

Underlying the debate on "network neutrality" is a pervasive negative attitude in the US towards ISPs. Interisle principal Fred Goldstein has written an article on this topic on TMCnet.

Latest News.

In the Press.