for APWG eCrime Tuesday 17 September 2013 in San Francisco:
Birds of a Feather (BOF)
Botnet Data Exchange for Botnet Node Remediation
and Network Reputation Ranking
–Pat Cain, APWG
–John S. Quarterman, Quarterman Creations
I’ll be talking about
among other reputational rankings.
APWG PR of 29 August 2013 says:
association APWG is hosting its eCrime 2013 members meeting and research
conference in San Francisco next month to launch its second decade of
leading the global engagement with cybercrime, assembling commercial
leaders from multinational technology and financial services companies,
government and law enforcement agencies and industrial and academic
researchers from around the world to update the global agenda for the
long-term containment of the cybercrime scourge.
This is the tenth year of APWG,
and the seventh year of the eCrime Researchers Summit.
Stop-eCrime aims to reduce electronic crime by increasing transparency
of information and communications technologies.
Born out of 2010 meetings organized by the Anti-Phishing Working Group
and the IEEE Standards Association,
Stop-eCrime has already been
working on ecrime event data exchange standards and protocols, as well
as operational protocols for dealing with computers compromised by ecrime.
Now Stop-eCrime wants you to help tie these technical and operational
levels together into an ecrime detection and response system
coordinated among the public, business, academia, and government.
There’s plenty of work to be done on technical standards and
operational protocols (such as glossaries, metrics, and monetary
effects), plus Stop-eCrime needs educational materials and marketing
to explain incentives for everyone to participate in reducing ecrime.
If you grew up in a small town, you’d likely cross the street without stopping to look each way. Try that in New York City, and you’ll end up in the hospital. Similarly, most of us grew up in meatspace and clicking on any old link in cyberspace often ends up with our bank account in the hospital.
OK, that was my mangled simile, but it illustrates what Michael Kaiser and the National Security Alliance are trying to do: educate the public about what to do and not do in cyberspace without losing their audience with technical details or lengthy pedantic instructions. In his talk at APWG he had all sorts of interesting points, such as address different audiences (K-12, small business, elderly, etc.) differently, and that it’s not just unlearning bad habits (including ones that would be good habits in other contexts), it’s teaching good habits. ANd changing habits of any kind requires repetition and persistence. As Kaiser said, look at the CDC and its ongoing campaigns of prevention of HIV, domestic violence, etc.
Personally, I think staysafeonline.org could use more graphics and less text, or, more importantly, more storyline. It seems a tad pedantic to me. More poets in prevention! Or more marketing in staying safe. Or something.
When you take down a phishing domain or server, don’t just take it off the net: redirect it to this education page so victims of phishing can learn in the act of being suckered by a phisher that they should be more careful what they click on.
As someone in the audience pointed out, whatever you do don’t redirect phishing pages back to the actual sites being phished, i.e., if the phisher was pretending to be a bank, don’t take down the phisher’s redirect and replace it with a redirect to the bank itself. THat just teaches people the wrong thing, to follow a bad link.
Instead, link to the APWG/CMU landing page. Which could use a catchier name (how about Phishing: Fail!), but it’s already a really good service.