SGNIC’s Measures Against Domain Name Abuses 26 August 2011 Lim Choon Sai General Manager (SGNIC)
-
Upload
darlene-morrison -
Category
Documents
-
view
214 -
download
1
Transcript of SGNIC’s Measures Against Domain Name Abuses 26 August 2011 Lim Choon Sai General Manager (SGNIC)
Scope
• Types of Abuse• Measures
• Identity Verification• Detection and Tracking• Enforcement
• Conclusion
Usage Abuse
Registration Abuse
Types of Abuse
Objectionable Domain Names
Registration in Wrong Category
Sale of Domain Names
Incomplete or Incorrect
registration detailsIdentity Theft or
Fake Identity
Cybersquatting
Pornographic
Socially or politically sensitive
Fake Drugs
Copyright violations
Scam
Spam
Malware
Phishing
Abuses that SGNIC is concerned about:
Usage Abuse
Registration Abuse
Types of Abuse
Objectionable Domain Names
Registration in Wrong Category
Sale of Domain Names
Incomplete or Incorrect
registration detailsIdentity Theft or
Fake Identity
Cybersquatting
Pornographic
Fake Drugs
Copyright violations
Scam
Spam
Malware
Phishing
In some areas, SGNIC feels more effectively measures are required:
Socially or politically sensitive
Measures
Registration in Wrong Category
Incomplete or Incorrect
registration details
Identity Theft or Fake Identity
Malware
Phishing
“VerifiedID@SG” scheme Leverages on National online personal ID
authentication (SingPass) All Singapore Citizens, Permanent Residents and Foreign
workers have SingPass ID and password issued by Government. Must use SingPass ID to access government online services.
Domain Name registrations will be linked to the SingPass authentication system. Registrations require the SingPass ID holder to vouch that the submitted details are complete, accurate and truthful
Identity Verification
Providing inaccurate or incomplete registration information is often a precursor to other domain name abuses
Domain Name Abuse Management System (AMS) provides early warnings by checking the accuracy and completeness of new registrant information
– E.g. Checks for address completeness, postal code accuracy
Detection and Tracking
Effective Detection
and Tracking
Detection and Tracking
abc.sg [OWNER] : ABC Pte Ltd [Com No.:200709805A] [ADDRESS]: 79,ROBINSON RD, ABC BUILDING #03-00 Singapore 111111[PHONE] : +65.22223333 [EMAIL] : [email protected]
ACRA Database(registry of companies)
“Company Name” must match with
“Company number” must be valid
1
Postal code Database “Postal code”
must be valid“Address” must be ‘similar’ with
2
Singapore phone number must start with ‘2’,’3’,’8’ or ‘9’. Highlight if it looks fake: +65.2221234 +65.98765432
Examines registration trends. Highlights suspicious bulk registrations from same registrant, email, telephone number.
e.g. – > 10 domains (all different registrant name) using
same email in 1 day– > 50 domains (all different registrant name) using
same email in 30 days
Detection and Tracking
Bulk Registration Tag Description
BR4-1 66 registrations in 30 days using the email [email protected].
BR4-2 54 registrations in 30 days using the phone no. +65.9872XXXX
Example of cases detected:
Automated scanning of domain name against third party security databases for malware distribution/phishing activities.
Detection and Tracking
AB C
D
example.sg
AMS continually monitors all domain names All new names are scanned weekly for 3
months, thereafter monthly scans
Detection and Tracking
Effective Detection
and Trackin
Domain names scanned by AMS
Flagged as possibly abusive
Confirmed Malicious
130,000 722 131
Initial Run results (in end July):
•Actively enforce against all types of abuses.•For malware and phishing:
• Time is of essence: Critical to send quick and timely advices to each party who may be involved (ISP, website hosting provider, registrant, admin and tech contact) for them to take action
• Formalised collaboration with SingCERT who can provide expert opinion
• For confirmed cases, will work with SingCERT for further investigation
• Last straw for serious breaches: suspend or delete - drawing powers from registrant agreement
Enforcement
Effective Enforce-
ment
SGNIC’s experience:Adopt a more proactive approach in dealing with domain name abuses
For the benefit of the community and upholding the ccTLD/country’s reputation
To assusage concern of the authority
DNS abuse management is a long term commitment and concerted effort by relevant stakeholders
New applications over DNS giving rise to new opportunity for exploitation
No single agency has control over all aspects of DNS abuses
Conclusion