Malware

San Francisco, February 19, 2019 – As a young security consultant, Dave Piscitello wondered, “how do these guys get away with all this spam and malware?” which led him to take on the challenging work of persuading the online ecosystem to address DNS abuse and related issues through his years at ICANN and in his involvement with other industry associations. Acknowledging the range and significance of these efforts, the Messaging, Malware and Mobile Anti-Abuse Working Group presented the 2019 M3AAWG Mary Litynski Award to Piscitello at the M3AAWG 45th General Meeting on February 19 in San Francisco.

“With his persistent and unswerving outreach, Dave was eventually able to push the industry to address domain name system abuse to the point that preventive measures have become an ongoing discussion area within the ICANN community.  This is an example of how one person can change the accepted perspective around a problem and make a difference, which is the spirit behind the M3AAWG lifetime achievement award,” said Severin Walker, M3AAWG Chairman of the Board.

“It’s also just one of the many contributions he has made over the years in driving the industry to adopt better security measures and he is still energetically urging both the industry and public managers to take action around critical issues. For example, Dave has been actively meeting with law enforcement and data protection policy makers to educate them on the importance of WHOIS access for security researchers, which has been severely restricted due to ill-conceived and overreaching policies implemented to comply with the European Union’s new privacy laws,” Walker said.

Piscitello was recently named a partner at Interisle Consulting Group and serves on the APWG (Anti-Phishing Working Group) and the CAUCE (Coalition Against Unsolicited Commercial Email) Boards of Directors. During his career, Piscitello served on the Internet Engineering Task Force and the IETF Steering Group and was a technical advisor to security and broadband access companies during the turbulent dot com era. He recently retired from ICANN, the Internet Corporation for Assigned Names and Numbers, which is the not-for-profit organization that coordinates the unique identifiers used on the internet that allow computers to find each other.  While there, Piscitello served as an ICANN SSAC (Security and Stability Advisory Committee) Fellow and later, as the vice president of security and ICT coordination.

Piscitello was responsible for bringing law enforcement into the ICANN Public Safety Working Group and encouraged private/public cooperation at ICANN. As he and industry trailblazers Vint Cerf, Steve Crocker and Tom Grasso explain in his acceptance video at https://youtu.be/tgLqRR-iVMs, Dave developed a highly-lauded, international law enforcement training program and was the project lead on creating the ICANN Domain Abuse Activity Reporting (DAAR) system to identify patterns of domain registration exploitation.  He also has written numerous articles on DNS and abuse issues to educate the industry on how to protect end-users and regularly blogs at www.securityskeptic.com.
 
GDPR and WHOIS Access Concerns

Piscitello said in accepting the award, “We need to adopt privacy and data rights protection but not at the cost of public safety,” addressing the implementation policy adopted by ICANN to comply with the EU General Data Privacy Regulation that has restricted security researchers’ access to the data that identifies the owner of a domain name.   
“There’s a disconnect here. Without the ability to identify suspicious actors, legitimate and lawful investigators such as security researchers and law enforcement are blindfolded.  We’re not third-parties who are using WHOIS information commercially, but, rather, we’re the first responders of cybercrime, part of a critical community that mitigates threats and provides for the public’s safety,” he said.

He also noted that both industry and government need to be more transparent for the internet to thrive and not be overrun with abuse. “Both are going to have to be more accountable. This is an interesting period for us and we all have to adjust because there’s so much at stake,” he said.

Piscitello started working in the computer industry in 1974 when he took a programming job at Burroughs Corp. to pay for graduate school where he was studying to become a philosophy teacher.  He was assigned to rewrite some remote access software and became intrigued by data communications, which led to his career in networking and security.  
   
The M3AAWG Mary Litynski Award is presented annually to recognize the lifetime achievements of an individual who has significantly contributed to making the internet safer for all. Details and submissions for the 2020 award are at /events/m3aawg-mary-litynski-award.

The 2019 award was announced at the M3AAWG 45th General Meeting where about 550 participants from over 20 countries are attending more than 50 sessions on cybersecurity, current malware threats, DDoS attacks, mobile issues, and other topics.  The next M3AAWG meeting will be June 3-6 in Budapest, Hungry, and details are available at /upcoming-meetings.

About M3AAWG (the Messaging, Malware and Mobile Anti-Abuse Working Group)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than two billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: pr@m3aawg.org

M3AAWG Board of Directors and Sponsors: 1 & 1 Internet SE; Adobe Systems Inc.; AT&T; Comcast; Endurance International Group; Facebook; Google, Inc.; LinkedIn; Mailchimp; Marketo, Inc.; Microsoft Corp.; Orange; Proofpoint; Rackspace; Return Path, Inc.; SendGrid, Inc.; Vade Secure; Valimail; VeriSign, Inc., and Verizon Media (Yahoo & AOL).

M3AAWG Full Members: Agora, Inc.; Akamai Technologies; Campaign Monitor; Cisco Systems, Inc.; CloudFlare, Inc.; Cyren; dotmailer; eDataSource Inc; ExactTarget, Inc.; IBM; iContact; Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus; McAfee; Mimecast; Oracle Marketing Cloud; OVH; Spamhaus; Splio; Symantec; USAA; and Valimail.

A complete member list is available at /about/roster

San Francisco, Nov. 1, 2018 – Strengthening Asian efforts to protect the internet and online users, the First General Meeting of the Japan Anti-Abuse Working Group will be held Nov. 8 in Tokyo with security and operational professionals from messaging service providers, cloud hosting services, ISPs and other infrastructure organizations. The meeting is an independent regional offshoot of the global Messaging, Malware and Mobile Anti-Abuse Working Group and will focus on cybersecurity issues related to Japan’s unique challenges.

“JPAAWG was formed as a place where local industry professionals can collaborate and share information to better protect our internet users. Our goal is to disseminate the proven industry best practices developed by M3AAWG and explore how these apply to Japan then bring back to M3AAWG information on the specific abuse in our region. We also are encouraging other Asian countries to participate in the global anti-abuse community through our regional organization,” said the JPAAWG Secretariat Shuji Sakuraba, who is also the application service department general manager at the Internet Initiative Japan (IIJ).

The one-day meeting will cover topics such as DMARC, a widely-used email authentication technology; identity and data protection; how to protect against spam; and the global threat outlook. M3AAWG Chairman of the Board Severin Walker will open the meeting along with Sakuraba and M3AAWG Vice Chairperson Janet Jones will be the keynote, with other M3AAWG members also presenting.  The meeting is part of the 18th Anti-Spam Conference being held at the Akasaka Intercity Conference Center (AIR).

Walker said, “Regional organizations like JPAAWG are important because online threats tend to flow from country to country, so there is both a global and local aspect to protecting end-users. In M3AAWG, we bring together professionals from around the world to share what has worked for them in fighting cybercrime and online abuse, then we distill this information into best practices and other anti-abuse work. The local professionals in the regional organizations decide how best to apply these processes to their ecosystem and also raise new issues to be addressed by the M3AAWG community.”

IIJ has been an active member of M3AAWG since it was founded in 2004. They have taken the lead and collaborated with TwoFive and several other local businesses to develop JPAAWG.

M3AAWG holds three global meetings each year, two in North America and one in Europe, with about 500 cybersecurity professionals from 30 countries attending.  M3AAWG also offers support to other regional organizations starting local anti-abuse groups, for example, in the Latin America and Caribbean NIC region. The 45th M3AAWG General Meeting will be San Francisco, Feb. 18-21, 2019.

About the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than two billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

#  #  #

Media Contact: pr@m3aawg.org

M3AAWG Board of Directors and Sponsors: Adobe Systems Inc.; AT&T; Comcast; Endurance International Group; Facebook; Google, Inc.; LinkedIn; Marketo, Inc.; Microsoft Corp.; Oath (Yahoo/AOL); Orange; Proofpoint; Rackspace; Return Path, Inc.; SendGrid, Inc.; Vade Secure; Valimail; and VeriSign, Inc.

M3AAWG Full Members: 1&1 Internet SE; Agora, Inc.; Akamai Technologies; Campaign Monitor; Cisco Systems, Inc.; CloudFlare, Inc.; Cyren; dotmailer; eDataSource Inc; ExactTarget, Inc.; IBM; iContact; Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus; McAfee; Mimecast; Oracle Marketing Cloud; OVH; PayPal; Spamhaus; Splio; Symantec; USAA; and Valimail.

A complete member list is available at /about/roster.

Cambridge, Mass. and San Francisco, Oct. 24, 2018 – A joint APWG-M3AAWG survey of cybercrime responders and anti-abuse personnel indicates ICANN’s Temporary Specification for domain name WHOIS data has eliminated interventions that previously allowed investigators to stop new cybercrimes while still in the preparatory stages -- and has markedly impeded routine mitigations for many kinds of cybercrimes. The survey was submitted to ICANN on Oct. 18 by the Anti-Phishing Working Group and the Messaging, Malware and Mobile Anti-Abuse Working Group.

With responses from 327 professionals, the survey revealed that losing the ability to attribute domain names to criminals or victims of abuse has irreparably eliminated their capacity to issue warnings about new abuses that known bad actors are perpetrating, even when the WHOIS registrant data is pseudonymous, according to Peter Cassidy, APWG Secretary General.

ICANN’s Temporary Specification for gTLD Registration Data, established in May in response to the European Union’s General Data Protection Regulation (GDPR), impedes investigations of cybercrime – from ransomware attacks to distribution of state-sponsored strategic disinformation. Analyses of responses from the survey reveal that:

• Cyber-investigations and mitigations are impeded because investigators are unable to access complete domain name registration data.
• Requests to access non-public WHOIS by legitimate investigators for legitimate purposes under the provisions of the Temp Spec are routinely refused.

“The biggest impact has been to determine who has registered a criminal/fraudulent domain, and the ability to use that information to find other domains registered by the same actor. That devastates our ability to find all of the fraudulent domains registered by the same entity,” one typical respondent wrote in the APWG-M3AAWG GDPR and WHOIS User Survey report.

APWG and M3AAWG concluded their analysis with recommendations for ICANN to:

• Establish a mechanism for WHOIS data access by accredited, vetted qualified security actors.
• Restore redacted WHOIS data of legal entities.
• Adopt a contact data access request specification for consistency across registrars and gTLD registries.
• Establish a WHOIS data access scheme that does not introduce delays in collecting or processing and is not burdened by per-request authorizations.
• Reassess the current redaction policy and consider replacing restricted personal data with secure hashes that can be used as a proxy for tracing criminal actors across data resources.
• Publish point of contact email addresses to provide investigators with an effective means of identifying domains associated with a victim or person of interest in an investigation.

The full survey can be found at /WhoisSurvey2018-10.  

About the APWG

The APWG (www.apwg.org), founded in 2003 as the Anti-Phishing Working Group, is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multi-lateral treaty organizations, research centers, trade associations and government agencies. There are more than 2,200 companies, government agencies and NGOs participating in the APWG worldwide.

APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations.

About M3AAWG

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG (www.m3aawg.org) members represent more than one billion mailboxes from some of the largest network operators worldwide. It leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services through technology, collaboration and public policy. It also works to educate global policy makers on the technical and operational issues related to online abuse and messaging. Headquartered in San Francisco, Calif., M3AAWG is driven by market needs and supported by major network operators and messaging providers.

Media Contacts

Anti-Phishing Working Group
Peter Cassidy, 617-669-1123
pcassidy@apwg.org

M3AAWG (Messaging, Malware and Mobile Anti-Abuse Working Group)
pr@m3aawg.org