New TLDs are coming ... Eventually (16 March 2022)
In a recent blog post, New TLDs are coming #Dangerclose,
Dave Piscitello reacts to the impending next round of new Top-level Domains by explaining
how DNS abuse — or more correctly, cybercrimes that employ domain names — has flourished in the new TLD era. In the blog, Dave cites concerns by the DNS security community, including ICANN's own
security advisory committee, and abuse statistics reported by Interisle and ICANN. He then describes how ICANN has done little to address this problem.
Interisle weighs in on proposed rulemaking to address cybercrime (25 October 2021)
Interisle has submitted a comment in response to the US Department of Commerce's Advance notice of proposed rulemaking (ANPRM).
The ANPRM responds Executive Order 13984 of January 19, 2021,
Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities’. The EO directs the US Commerce Secretary to implement measures to
“deter foreign malicious cyber actors' use of United States Infrastructure as a Service (IaaS) products and assist in the investigation of transactions involving foreign malicious cyber actors.”
Interisle has recommended that DNS hosting and registration services should be classified as IaaS. We explain how criminals use the DNS and how they register and weaponize thousands of domains
to perpetrate online crimes. We argue that the DNS is arguably as much of a critical infrastructure as the mobile and “hard-wired” networks that comprise the Internet.
In Fight Against COVID-19 Scam Sites, Lawmakers Push for Domain Name Ownership Records-and Some Pro-Privacy Advocates Agree (2 June 2020)
In this Morning Consult article, reporter Sam Sabin writes that
“lawmakers have begun taking the first steps to either provide relief for law enforcement and reopen the WHOIS database or hold domain name operators accountable to verifying the identities
of those who purchase web addresses themselves.” Her interviews with politicians, registrars, consumer advocates, and security experts—including Interisle's Dave Piscitello—reveal
broad support for better registration data access and stronger accountability for domain name registrants. “Too many domain name registrars and other internet companies are putting their
heads in the sand as cybercriminals and scammers try to exploit this pandemic by luring people to fraudulent coronavirus-related websites.”
Weaponizing Domain Names via Bulk Registration (31 March 2020)
In this guest blog post at The Spamhaus Project,
Dave Piscitello explains how criminals misuse domain names much in the same manner as terrorists misuse fertilizers to construct improvised explosive devices or as criminals divert pseudoephedrine
to the manufacture of methamphetamine. In all of these cases, a commodity serves as a tool in the pursuit of some malignant (criminal) activity. Domain industry parties will no doubt object to
such an extreme characterization, cyber investigators can demonstrate on an almost daily basis that hundreds or thousands of domain names are registered specifically for cyber attacks.
Dave offers insights from Interisle's Criminal Abuse of Domain Names report and Spamhaus Project editor Sarah Miller
notes that the findings from that October 2019 “emphasized the need for more stringent measures to be put in place within the domain name industry, something that the current COVID-19
pandemic is further highlighting.”
It's Not About the Internet (22 October 2019)
In the policy realm what we call “Internet issues” are not actually “Internet” issues—they are well-pedigreed social, political, cultural,
and economic issues, for which we clever technologists have provided a rich new environment in which to grow and multiply. It follows that the people best prepared
to tackle “Internet” issues may be thoughtful professionals in fields such as behavioral psychology, linguistics, sociology, education, history, ethnology,
and political science—not (exclusively) “Internet experts.” Interisle principal Lyman Chapin suggests a broadly interdisciplinary approach to what have
traditionally been considered “Internet” issues in an article that appears in the
50th Anniversary issue of the
ACM SIGCOMM Computer Communication Review.
Worth reading: "Moving the Encryption Policy Conversation Forward" (20 September 2019)
On September 10, the Encryption Working Group—convened under the auspices of the Carnegie Endowment for International Peace and Princeton University—issued a constructive
and wise report titled "Moving the Encryption Policy Conversation Forward"
This report directly addresses the increasingly heated debate over use of encryption technologies to protect privacy contrasted against the needs expressed by law enforcement
to be able to conduct criminal investigations and protect public safety. Instead of adding further heat to this on-going debate, the Encryption Group has wisely recommended
toning down the rhetoric, and instead focusing on problems where feasible solutions can be developed that resolve not just technical issues, but also conform to rational
policies and core principles. This offers a hopeful way forward where polarized debate can be replaced with constructive cooperation toward concrete results that would benefit
individuals and society at large. We hope this report is read by all players concerned with issues of privacy and legitimate access by law enforcement.
Exposing and Documenting Abusive Internet Behavior (29 April 2019)
Today's Internet is increasingly polluted by malware, phishing, scams, and other forms of abuse that degrade the online environment on which so much of our economic,
social, and political lives rely. These abuses erode user confidence and inflict serious harm on individuals and organizations in every part of the world. Countering
them is at the top of everyone's list. But accurate information about abusive behavior on the Internet is surprisingly hard to obtain. This frustrates efforts to protect
Internet users from abuse, and to change the environment in positive, lasting ways.
ICANN's Domain Abuse Activity Reporting (DAAR) project is a system for studying and reporting on abusive
behavior across top-level domain (TLD) registries and registrars. But DAAR reports only aggregated data on gTLD registries; it does not associate any metrics directly
with specific registries, does not include information about registrars, and omits ccTLDs entirely. As such it does not give organizations or individuals the information
they need to make decisions about how to safely and efficiently interact on the Internet. Achieving a safer Internet requires a trusted, neutral, public clearinghouse
to collect, publish, and persistently store information that categorizes and quantifies Internet identifier system behavior, which can be used to deploy security measures,
demonstrate the effectiveness of security or other administrative controls, inform policy makers, and conduct research.
14 March 2022
EU High Level Internet Governance
Interisle principal Dave Piscitello presented at a recent meeting of the EU High Level Internet Governance expert group, discussing domain name abuse,
following a presentation of a Study on Domain Name System (DNS) Abuse
commissioned by the European Commission. The Phishing Landscape 2021 Study and other related Interisle studies are mentioned in the EC study.
25 February 2022
Improvements to the CyberCrime Information Center
Interisle principal Colin Strutt posted a blog entry
at the CyberCrime Information Center describing recent improvements to our cybercrime analysis. CIC is now gathering domain registration data for ccTLDs;
we've improved identification of brands targeted by phishing; and we've enhanced our ability to discern phishing domains that were registered maliciously.
6 January 2022
Interisle principal Andy Malis issued 6th US patent
Interisle principal Andy Malis is a co-author of US patent 11,201,820, issued on December 14, 2021.
The patent, "Segment Routing in MPLS Network", describes methods and devices such
as routers for performing segment routing in MPLS networks. This adds the ability for MPLS networks (including those carrying IPv4 traffic) to support network
programming and router-based network services (such as network statistics, service level verification, firewall filtering, and server load balancing),
which were previously only available when segment routing is used in a native IPv6 network.
30 November 2021
Economic impact payments (EIP) Phishing: US citizens under attack from US bases of phishing operations
Interisle Principals Dave Piscitello and Colin Strutt
on a prolonged phishing campaign that targets US citizens with an Economic Impact Payment (EIP) theme.
EIP phishing emails and text messages mimic correspondence to convince US citizens to submit personal information or an advance fee payment at
a bogus IRS web site. Dave and Colin analyzed 5700 links to determine where phishers were acquiring resources for their EIP phishing pages and
identified a decidedly US nexus. US citizens are largely being phished from US hosting services using US based registrars and domain names
delegated from US based Top-level domains. Dave and Colin assess the circumstances hindering takedowns of this prolonged campaign and discuss
policy and legislative activity that could be adopted to protect US citizens specifically, and all targets of phishing generally.
17 November 2021
Malware Landscape 2021
Interisle Consulting Group has published a major new research report,
Malware Landscape 2021: A Study of the Scope and Distribution of Phishing.
Interisle collected nearly 1.7 million malware reports collected from January 1, 2021 to June 30, 2021, which shows a 663% increase in malware reports in the first half of 2021.
Our analysis allowed us to understand what malware was most prevalent, where malware was served from or distributed, and what resources criminals used to pursue their attacks.
22 September 2021
Phishing Landscape 2021
Interisle Consulting Group has published a major new research report,
Phishing Landscape 2021: An Annual Study of the Scope and Distribution of Phishing.
Interisle collected nearly 1.5 million phishing reports representing approximately 700,000 unique phishing attacks from four respected threat intelligence sources
over a period of 12 months. This extensive data set formed the basis for an in-depth analysis of how and where criminals are getting the resources they use to scam
Internet users, and points to better ways to fight phishing.
1 August 2021
New Whois Survey Findings
Dave Piscitello was one of four principal investigators of a joint M3AAWG and the Anti-Phishing Working Group (APWG) survey,
ICANN, GDPR, and the WHOIS: A Users Survey — Three Years Later.
The survey asked cyber investigators and anti-abuse service providers to describe
ongoing impacts of ICANN's implementation of the EU GDPR, the Temporary Specification for gTLD Registration Data (Temporary Specification, adopted in May 2018).
28 June 2021
Domain Security Report
Interisle Consulting Group announced the publication of an industry report,
Domain Security: A Critical Component of Enterprise Risk Management.
The report describes the adverse and costly consequences when an organization becomes a victim of domain name hijackings or misuse.
Interisle recommends that organizations need to include domain names in their enterprise risk management planning and execution.
25 June 2021
Updated Phishing Activity Reports Available
Phishing activity updates for the period November 1, 2020 through January 31, 2021 are now available at the
Cybercrime Information Center.
The updates include measurements and rankings of Top-level Domains, Domain Registrars, and Hosting Networks (ASNs) for the period.
Comparisons of measurements against the prior period — May 1, 2020 through July 31, 2020 and August 1, 2020 through October 31,2020 — are also available.
9 June 2021
Andy Malis co-authors more RFCs on Deterministic Networking
Interisle partner Andy Malis participates in the Internet Engineering Task Force's Deterministic Networking (DetNet) project,
focused on deterministic data paths providing bounds on latency, loss, jitter, and high reliability. DetNet is publishing
RFCs on this topic, with Andy as co-author on some, including
RFC 9023: Deterministic Networking (DetNet) Data Plane: IP over IEEE 802.1 Time-Sensitive Networking (TSN),
RFC 9024: Deterministic Networking (DetNet) Data Plane: IEEE 802.1 Time-Sensitive Networking over MPLS,
and RFC 9037, Deterministic Networking (DetNet) Data Plane: MPLS over IEEE 802.1 Time-Sensitive Networking (TSN).
30 April 2021
Updated Phishing Activity Reports Posted
Phishing activity updates for the period August 1, 2020 through October 31, 2020 are now available at
the Cybercrime Information Center.
The updates include measurements and rankings of Top-level Domains, Domain Registrars and Hosting Networks (ASNs) for the August 1, 2020 through October 31,2020 period.
Comparisons of measurements against the prior period, May 1, 2020 through July 31, 2020 are also available.
1 March 2021
Interisle Launches the Cybercrime Information Center
Cybercrime—phishing, pharming, botnets, malware, and spam—threatens every Internet user. To fight cybercrime we need to know how criminals acquire
and use the Internet resources that enable their criminal activity. The Cybercrime Information Center
(CIC) will gather and publish the facts about cybercrime. By publishing its measurement data, the Center will identify the sources and mechanisms of
cybercrime, as defined in the Council of Europe's Budapest Convention
on Cybercrime. Researchers, governments, businesses, and others will be able to use CIC data to evaluate the policies and practices that attract and encourage