IGF 2020 Pre-Event #47 DNS-Abuse in the age of COVID-19

Time
Monday, 2nd November, 2020 (18:35 UTC) - Monday, 2nd November, 2020 (20:05 UTC)
Room
Room 3
About this Session
The session will describe how the Internet’s Domain Name System (DNS) is a critical technology that end users rely on every day to work well, and will define the term DNS Abuse, particularly in the context of the COVID-19 pandemic. Speakers will describe the global efforts to expose and mitigate this abuse and the extortion and fraud campaigns exploiting the pandemic. They will explain how these technical operations are relevant for the on-going digital policy and governance initiatives.

ICANN

Description

This session is intended to be part of the Parliamentarian Track proposed for the 2020 IGF. The duration requested for the event would also include a substantive Q&A session following the presentations.

The session will introduce the technical operations of the Domain Name System (DNS) and its role, and a brief overview of Internet technical operations during the COVID-19 pandemic. Then the session will define the term DNS Abuse, particularly in the context of the Covid-19 pandemic. Speakers will describe the global efforts to expose and mitigate this abuse and the extortion and fraud campaigns exploiting the pandemic. Speakers will explain how these technical operations are relevant for the on-going digital policy and governance initiatives. The session will be presented by ICANN with possible participation from other technical actors within Internet infrastructure.

ICANN’s response to DNS Abuse is always multifaceted, reflecting the need to address abuse within the constraints of ICANN’s Bylaws and policies as defined by the ICANN community, and by obeying local law and regulatory requirements. Recently, there have been numerous reports of spikes in the use of COVID-19-related domain names for DNS Abuse.

In the case of COVID-19-related abuse, actors within the ICANN organization have prioritized handling of COVID-19-related DNS Abuse, working with their respective communities to help mitigate the new threats. These threats include phishing, business email compromise, malware distribution, scams, and many other types of attacks.

ICANN’s mission is to keep the Internet secure and stable and the session aims to educate policy makers on the functions of the DNS and on DNS-Abuse in the context of the pandemic.

The Security, Stability, and Resiliency team within OCTO has built a system that helps identify abusive domains leveraging the coronavirus pandemic. In addition to developing this new analysis and reporting platform, team members from OCTO joined both the COVID-19 Cyber Threat Coalition (CTC) and the COVID-19 Cyber Threat Intelligence League (CTI League) along with hundreds of researchers from private companies and law enforcement officers from several countries.

These and other activities will be expanded upon during the session.

 

Moderator

  • John Crain (Chief Security, Stability & Resiliency Officer, Office of the CTO, ICANN)

Speakers

  • Elena Plexida (Vice-President, Government and IGO Engagement, ICANN)
  • Adiel Akplogan (Vice-President Technical Engagement, Office of the CTO, ICANN)
  • Samaneh Tajalizadekhoob (Lead Security, Stability & Resiliency Specialist, Office of the CTO, ICANN)
  • Marc Rogers (Co-Founder of the CTI-League, the Cyber Threat Intelligence League)
1. Key Policy Questions and related issues
- How can users who expect that the DNS is secure, enabling them to navigate to the correct sites, have emails properly delivered and be able to trust Apps be protected?
- COVD-19 pandemic has brought to the surface pre-existing vulnerabilities of institutions and companies. What are they and how should these be addressed ?
- Can cooperation and collaboration between the technical community, governments, law enforcement and the private sector help to align incentives between all actors?

2. Summary of Issues Discussed
  • ICANN has found COVID19 related DNS-Abuse but did not find sufficient evidence that some other sources had suggested exists.
  • Other vulnerabilities have been disclosed in record number and many companies were unprepared for such an even leaving them vulnerable.
  • According to the CTI League, attacks on the healthcare sector originated from the US and EU but origination does not equal attribution.
  • These issues can only be addressed through collaboration between governments, the technical and security information communities, law enforcement agencies, national CERT’s. ICANN and the CTI League are such structures where multistakeholder collaboration is possible.
  • Security problems are often not really technical but a misalignment of incentives between actors.
  • The need for better collaboration and the breaking of silos is also true for policy makers, they can help and give tools or impede the work being conducted.
  • Protecting users’ rights online is the responsibility of the policy makers rather than the technical community’s.

 

6. Final Speakers
  • Elena Plexida (Vice-President, Government and IGO Engagement, ICANN)
  • Adiel Akplogan (Vice-President Technical Engagement, Office of the CTO, ICANN)
  • Samaneh Tajalizadekhoob (Lead Security, Stability & Resiliency Specialist, Office of the CTO, ICANN)
  • Marc Rogers (Co-Founder of the CTI-League, the Cyber Threat Intelligence League)
7. Reflection to Gender Issues

The session did not discuss gender issues.