IGF 2020 WS #317 DNS-Abuse in the Age of COVID-19: Lessons Learned

Time
Monday, 9th November, 2020 (06:00 UTC) - Monday, 9th November, 2020 (07:30 UTC)
Room
Room 2
About this Session
The Internet’s Domain Name System (DNS) is a critical technology on which Internet users rely on every day. Defining, measuring, and understanding DNS-Abuse, especially in the context of COVID-19, can help in mitigating harm and protecting end users. The session aims to detail efforts to measure abuse, explore the lessons learned during this pandemic, and discuss options for how to prevent such abuse from happening.
Thematic Track

Organizer 1: Adiel Akplogan, ICANN
Organizer 2: Kathryn (Mandy) Carver, ICANN
Organizer 3: Vera Major, ICANN

Speaker 1: Jeff Bedser,  Technical Community, Western European and Others Group (WEOG)
Speaker 2: Ashley Heineman, Private Sector, Western European and Others Group (WEOG)
Speaker 3: John Crain, Technical Community, Western European and Others Group (WEOG)
Speaker 4: Merike Kaeo, Technical Community, Western European and Others Group (WEOG)

Additional Speakers

Yes, compared to the initial submission. The final speakers are indicated above. 

Moderator

Adiel Akplogan, Technical Community, Western European and Others Group (WEOG)

Online Moderator

Adiel Akplogan, Technical Community, Western European and Others Group (WEOG)

Rapporteur

Vera Major, Technical Community, Western European and Others Group (WEOG)

Format

Round Table – Circle – 90 minutes

Online duration reset to 60 minutes.
Policy Question(s)
  • What actions can users and other stakeholders take to mitigate the impact of DNS fraud and abuse?
  • How can policy and collaboration contribute towards the protection, prevention and defense against cyber threats?

The technical underpinnings of the Internet and the operation of the DNS: what is meant by the term DNS abuse and how is the DNS used in malware and phishing attacks and how these fraud and extortion campaigns pivot to use whatever event or cause is most timely. The lessons learned from the COVID-19 setting are applicable to similar bad acts taking advantage of seasonal events, natural disasters, or common themes and interests. The tools developed to combat DNS abuse in the pandemic setting will be useful for combatting abuse and fraud campaigns regardless of theme

SDGs

GOAL 9: Industry, Innovation and Infrastructure
GOAL 16: Peace, Justice and Strong Institutions
GOAL 17: Partnerships for the Goals

Description:

As the global community strains under the weight of the coronavirus pandemic, cyber criminals are taking advantage, attacking the most critical institutions and playing on fears and anxieties in campaigns of extortion and fraud. The purpose of the session is to inform the community about the work done and lessons learned to prevent that abuse. The best way to support practical outcomes and substantive policy discussions is to give participants a grounding in the technical aspects of the DNS and how to identify abuse. By increasing understanding of the concepts of DNS-Abuse and the use of DNS in phishing and malware, policy makers can learn how to mitigate the abuse and protect the users of the DNS.

Expected Outcomes
  • Increased understanding of the proactive measures DNS security ecosystem companies have taken to fight DNS Abuse
  • Increased understanding of the challenges registries and registrars face when trying to improve DNS security
  • Increased awareness of the efforts undertaken by ICANN to measure and report CoViD-related abuse
  • Increased understanding of a new ICANN-led effort called DSFI which will work to improve DNS security in the coming years

The session will include an introduction to the concepts and issues with examples of actions and policies used successfully in different locations. The audience will be invited to share their experiences implementing policies. We intend each segment to be 45 minutes.

Relevance to Internet Governance: Identifying and preventing DNS abuse is at the very core of trusted operation of the Internet and therefore to the development and application of shared principles, norms, rules and decision-making procedures impacting the use of the Internet.

Relevance to Theme: Especially during the strain of a global pandemic the world needs trusted communication and information sharing channels. Cybercriminals are taking advantage of the most critical institutions and playing on fears and anxieties in campaigns of extortion and fraud. Identifying and exposing these threats and informing the global community about how to protect themselves is critically important to maintaining trust in the Internet.

Online Participation

 

Usage of IGF Official Tool.

 

1. Key Policy Questions and related issues
What is DNS Abuse?
How to mitigate DNS Abuse
2. Summary of Issues Discussed
  • There was a spike in registration, but most were speculative and/ or were for nonfraudulent purposes
  • It is important to know which is more important: how many abuse domains are registering or how long the domains are live?
  • To tack DNS-Abuse, there is a need to adopt standard definitions of abuse, determine and assigned the appropriate primary poinf for responsibility for abuse resolution and identify and deploy best practices for evidentiary standards.
  • Utilize standardized escalation paths and reasonable timeframes for action on abuse report
  • Borrowing from the military, the noise can be filtered from the signal through experts and machine-learning from expert efforts.
  • The Framework on DNS Abuse standardizes definitions and sets expectations for actions. 
  • Industry can and does act when presented with actionable data and intelligence
  • We need to improve understanding of the roles and capabilities of the various actors involved in combatting DNS abuse
  • The limited roles of registrars, registries and ICANN must be recognized
  • There was good collaboration between the stakeholders during the health crisis.
  • The Domain Security Facilitation Initiative is a technical study group initiated by ICANN’s CEO prior to COVID19.
  • The technical study group examines what can and should ICANN be doing to improve DNS security profile
  • The study group aims to create recommendations that promote best practices, facilitate communications and strengthen collaboration to help all stakeholders mitigate and/ or respond to threats to the DNS ecosystem.
  • Its focus is on the mechanisms by which attacks are carried out rather than the content
  • Providing cross-functional expertise, it aims to provide recommendations on a number of issues, such as large scale DNS operations, handling emergecy response coordination and DNS operational security.
3. Key Takeaways

DNS-Abuse has been a subject gaining increasing attention among its stakeholders. The COVID19 pandemic has brought DNS-Abuse to light, especially DNS-abuse related to the heath crisis. A spike in registration was not unique to COVID1, a similar pattern can be detected following natural disasters, political hot topics, media frenzy topics or events such as those in Christchurch. Most of the registrations turned out to be speculative or non-fraudulent and were addressed in a timely manner within twelve to 24 hours.

The adoption of the Framework on DNS Abuse helps standardize definitions and sets expectations for actions and has now over 50 signatories. Other initiatives, such as the SSAC Report on Practical Next Steps for Tackling Abuse in the DNS and the Domain Security Faciliatation Initiative Technical Study Group also aim to address DNS-Abuse and provide recommendations

6. Final Speakers

Speaker 1: Jeff Bedser,  Technical Community, Western European and Others Group (WEOG)
Speaker 2: Ashley Heineman, Private Sector, Western European and Others Group (WEOG)
Speaker 3: John Crain, Technical Community, Western European and Others Group (WEOG)
Speaker 4: Merike Kaeo, Technical Community, Western European and Others Group (WEOG)

ModeratorAdiel Akplogan, Technical Community, Western European and Others Group (WEOG)

7. Reflection to Gender Issues

Gender-related issues were not addressed during this session.