M3AAWG Workshop on Fighting Spam and Bots

Oct. 29, 2012
FICCI Federation House, Tansen Marg, New Delhi 110001

The M3AAWG workshop was one of a series of private meetings prior to the

3rd Worldwide Cybersecurity Summit: The Next Billion Netizens Connect
– Meeting the Challenges

Workshop Agenda Ι Speaker Biographies Ι Resources

Workshop on Fighting Spam and Bots Agenda and Presentations

Workshop summary presentation and report: Stopping Cyberspace Pollution –International Cooperation on Fighting Spam and Botnets (including readout from Monday M3AAWG workshop)

A Critical Role for India -  EastWest Intitute post from the First India Workshop on Fighting Spam and Malware

Download the workshop agenda.

9:30:  Networking

10:00-10:30:  Official Welcome

• Dr. R. Chandrashekhar, Secretary, Department of Telecommunications,
  Ministry of Communications and Information Technology
• Karl Rauscher, Chief Technology Officer, EastWest Institute
• J. Satyanarayana, Secretary, Department of Information Technology, Ministry of Communications and Information Technology (TBC)
• Dr. Arbind Prasad, Director General, Federation of Indian Chambers ofCommerce and Industry, FICCI
• Dr. Kamlesh Bajaj, CEO, Data Security Council of India

10:30-10:45: Coffee & Tea

10:45-10:55:  Opening Comments and Workshop Objectives 
Michael O’Reirdan, M3AAWG Co-Chairman, Malware and Comcast Engineering Fellow

10:55-11:40: Session 1 - The Spam Problem
Worldwide, most spam is sent via "bots," that is, through malware-compromised end-user systems centrally controlled by "botmasters." Another major spam source is unsolicited bulk email sent by spammers from servers located in ISP datacenters.  Over time, malware authors, botmasters and spammers have spread worldwide, concentrating themselves in different locales, victimizing one region after another in turn.  This is a worldwide problem, previously faced by ISPs in the United States, Europe, the Far East and elsewhere. Today, we will talk about the threats posed to Indian ISPs and their customers from spammers and botmasters, and what can be done about it.

Specifically, this discussion will include cost-effective strategies for directly dealing with the spam problem, with technical as well as best practice and policy-based measures to mitigate spam.  Measures such as port 25 “outbound SMTP” management, setting an Acceptable Use Policy, and AUP enforcement will be discussed in this and subsequent sessions.  We will also cover some of the strategic, nationally-scaled impacts that might be difficult to subsequently correct if left persistently unaddressed now, including widespread spam block listing “deliverability” issues for Indian network IP address ranges that are significant sources of spam, and a broad blacklisting of dot-in domain names. India is part of a global “ecosystem” of spam and malware in more than one way on the Internet, as well as part of the online fraud ecosystem, ranging from fake pills to “call centres” scamming users with fake virus threats and loan scams.

Moderators:

• Suresh Ramasubramanian, IBM SmartCloud iNotes Antispam Architect

11:40-12:30:  Session 2 -- The Bot Problem 
While there is still a substantial spam problem, the bot problem is the modern scourge that has replaced the issue of spam for many ISPs. Driven in most cases by criminals, malware is created to perpetrate economic crimes upon unsuspecting users, and ISPs are being held to account for a situation that is not wholly their problem. In many countries the role of the ISP is seen as detecting bots and notifying end users, but the other players in the ecosystem – such as AV vendors, OS vendors, and software vendors – need to step up as well. Remediation is the big issue and the tools offered are not always very useful or effective. This session will give an overview of the approaches to the bot problem undertaken globally and explain how an ISP looking to deal with the bot and malware issue can get started.

Moderators:

• Michael O’Reirdan, M3AAWG Co-Chairman, Malware and Comcast Engineering Fellow
• Ram Mohan, Afilias Limited Executive Vice President and Chief Technology Officer

12:30-13:30: Lunch
Speaker: Communications and Information Technology Secretary J. Satyanarayana

13:30 -14:15: Session 3 – The Mobile Problem
Mobile spam, malware and other mobile abuse have grown rapidly, driven by the ascent of mobile data.  What were once national issues are now international, with cross-border attacks on the rise. While inheriting much from the non-mobile space, mobile attacks and defenses are different. What do government and industry need to do? A number of innovative defense approaches are discussed, and key resources and forums where the industry can learn together and share this information are identified. 

Moderator: Alex Bobotek, M3AAWG Co-Chairman, Mobile and AT&T Labs Lead of Messaging Anti-Abuse Architecture and Strategy

14:15-15:00  Session 4 -- Solutions from the Around the Globe
Around the world service providers, IT vendors, non-profits and governments have worked to create solutions to the difficult problems discussed today across messaging, malware and mobile. This panel session introduces several of those solutions that are ready to be adopted more broadly.

Moderator: Kevin Sullivan, Microsoft Principal Security Strategist, Global Security Strategy and Diplomacy team

15:00--15:30: Session 5 – Public Policy: A Solution or a Problem?
A review of public policy activities within M3AAWG and a roundtable discussion of public policy issues impacting cybersecurity, including a focus on specific issues impacting ISPs and ESPs globally. Anticipated to be an open discussion with meeting attendees.

Moderator: Chris Boyer, M3AAWG Public Policy Co-Chair and AT&T Services Vice President of Public Policy

15:30 –16:30:  Session 6 – Participants’ Round Table Report on Next Steps
Each table creates and reports three proposed next steps, of which one should be technical or operational in nature.

16:30-16:45: Closing 
Jerry Upton, M3AAWG Executive Director