RSS Alerts

Related Stories

  • An Olympic Effort to Secure the Games
    Managing the security of the 2010 Olympic Games in Vancouver is no mean feat. Danny Bradbury went behind the scenes at the Olympic site to talk to the people who are tasked with ensuring the event goes smoothly
  • Is Patient Data Privacy on its Sickbed?
    As we stand on the cusp of a massive healthcare modernization program, we face increasing challenges over healthcare data privacy. Danny Bradbury explores what’s happening in the US from a technological perspective, and what it means for our sensitive data
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Searching for Security
    With more than 30 000 web pages being compromised every day, search engine results could increasingly lead to malware infection. Kari Larsen asks what the search engines are doing to mitigate security threats, and how users can protect themselves
  • ISF’s Howard Schmidt becomes US cybersecurity czar
    Howard Schmidt, president and CEO of the Information Security Forum (ISF) was appointed White House Cybersecurity Coordinator just before the Holidays.

News

Anti-phishing group in info-sharing move

16 March 2009

The Anti-Phishing Working Group (APWG) is preparing a common cyber-crime reporting system that will include a hosted database and a universal crime reporting format. The non-profit group is hoping to make it easier for private and public sector groups to work together on tracking online criminals.

Speaking at the OCTOPUS Cooperation Against Cybercrime conference in Brussels last week, the non-profit group's secretary general Peter Cassidy described an XML format that will standardise cyber-crime reporting. The format is a set of extensions to an existing specification - the Incident Object Data Exchange Format created by the IETF - which was designed to let computer security incident response teams (CSIRTS) exchange information on security incidents.

A white paper describing the Extension to IODEF-Document Class for Reporting Phishing, Fraud, and Other Non-Network Layer Reports says that the format could be used in a variety of use cases, including collaboration between between private sector customers and their business partners in preparing reports for law enforcement. It can also help companies to share data for trend tracking purposes, added David Jevans, chair of the APWG.

"You might not notice something if you're just one bank, but if ten banks share this information then you will start to see these patterns," he said.

The reporting format will form the basis for the expanded APWG online reporting system, which Jevans says has been four years in the making, and which will be unveiled at the third Counter eCrimes Operation Summit (CeCOS) in Barcelona in May.

The APWG already operates a phishing URL repository that enables partners to share information at a single point. The expanded system will harbor information such as source IP addresses for malicious attacks, sites that are recruiting money mules, and domains that are being registered for malicious purposes.

"We're also using it to accelerate the work  [PPT presentation]  that we've been doing with ICAAN around domain name registrar accelerated take-down," he said. "You need to be able to start communicating with domain registrars, and getting them to de-register a domain name ASAP."

Investigators have complained in the past that sites used for cyber crimes like phishing and escrow fraud have not been taken down in time by ISPs. By the time a court order is obtained, a month could have passed, and the financial damage to victims has already been done.

"We co-locate it. The APWG runs the gear, and some of them donate gear to us," Jevans said, adding that it was necessary for a non-profit group to host the system. "You can't find people willing to build this kind of thing, because it's an investment of time and effort. But if a non-profit works will all the different industry guys, it's proven to work in the past for us."

The APWG is also working on a cyber crime reporting tool that will enable companies to convert proprietary cyber crime incident information into its new format. The pre-alpha version of the e-Crime Reporting and Incident Sharing Project (e-Crisp X) is available here

 

This article is featured in:
Internet and Network Security Public Sector Security Training and Education

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water