Feeds

Cybercrook? Bent on mischief? WE'LL GET YOU, vow Facebook and pals

Secure Domain Foundation will pull rug from under web miscreants

Build a business case: developing custom apps

Internet heavyweights have teamed up to form a non-profit organisation designed to supply internet infrastructure operators with free tools and intelligence in the fight against cybercrime.

Facebook, security intelligence firm Crowdstrike, Verisign, ESET Anti-Virus, Verizon and the Anti-Phishing Working Group, among others, are putting their support behind the Secure Domain Foundation) (SDF).

Cybercrooks have long used domain names to control botnets, distribute malware, and compromise unsuspecting visitors. The SDF’s free API product will give "credit ratings" for customers based on security reputation and contact data validation.

Domain name transactions such as new account creation, domain registration, and record updates can be queried against this trustworthiness database to flag up potential problems.

The database of malicious domains and bad actors has been in development for two years. Domain registrars are being invited to incorporate this contact data validation services into their domain registration processes.

SDF was founded by security researcher Chris Davis, who was involved in the successful Mariposa botnet takedown operation four years ago and Norm Ritchie, a domain industry expert and one of seven keyholders of the secure root zone.

“ICANN has recently mandated that domain registrars must validate postal addresses, phone numbers, and email addresses that are provided as contact information during the domain registration process,” said Norm Ritchie, chairman of the SDF.

“Many new gTLD registries have pledged to take a more proactive role in combating domain abuse within their TLDs. The SDF provides an entirely free service that not only validates the contact registration data provided but also lets the registrar and registry know if we have seen that data used previously in relation to cyber crime.”

The SDF plans to provide free-of-charge tools, technology, research, and security intelligence to Internet domain name registrars, registries, ccTLD operators, and gTLD operators. The organisation hopes to expand its services to hosting providers, DNS operators, CERTS, law enforcement and other Internet infrastructure operators over coming months.

SDF will act as a “brains trust” analysing thousands of malware samples daily before teaming up with domain registrars and other to shut down the criminals’ command and control infrastructures.

“Beyond our current offering of tools and services, we are also dedicated to raising the cost and risk of cyber crime,” said Chris Davis, president of the SDF.

“With our partners, we analyse hundreds of thousands of malware samples daily and actively engage with registries, registrars and hosting providers to shut down the criminal command and control infrastructure. Our staff and volunteer researchers and analysts work tirelessly to provide criminal attribution intelligence to the proper global law enforcement organisations and help to bring these criminals to justice.”

Chris Davis, co-founder of SDF and director of intel partnerships at CrowdStrike, acknowledged that abuse will continue despite SDF's efforts because cybercriminals often use bulletproof hosting from unscrupulous providers or hacked systems. What SDF can do is make life more difficult for bot-herders and other crooks.

"Right now there is essentially no 'barrier to entry' for a bad guy to set up something like a botnet command and control infrastructure," Davis explained. "Our hope is, if we can start in the domain space and make life harder, we can expand this model towards hosting providers and other infrastructure type orgs.

"One of our goals is to publicly name and shame or spotlight malicious and/or apathetic providers. We have on our roadmap – a plan to provide DNS RPZ feeds to allow users to easily block those providers," he added. ®

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?