Characterizing Robocalls through Audio and Metadata Analysis

CAUCE mainly focuses on abusive messaging, but our board has a wide and diverse background in anti-abuse efforts.

 

Recently we came across this presentation on abusive robocalls dealing with an increase in Robocalling, trends in abusive calls, who is calling and who is being targeted. This study took place in 2019 and lasted most of the year. 

Authors:
Sathvik Prasad, Elijah Bouma-Sims, Athishay Kiran Mylappan, and Bradley Reaves, North Carolina State University

Source: https://www.usenix.org/conference/usenixsecurity20/presentation/prasad

CRTC UNDERTAKING NOTESOLUTION INC. (ONECLASS)

On September 30, 2020 the Canadian Radio-television and Telecommunications Commission (CRTC) announced a new undertaking under Canada’s Anti-Spam Legislation (CASL) with Notesolution Inc. (OneClass) that alleges multiple violations of the anti-spam Act.

The undertaking reads that OneClass voluntarily entered the undertaking for the following alleged violations of paragraphs 6(1)(a), 8(1)(a), 10(1)(a), 10(3), 10(4), and 10(5)(a) of the Act as well as sections 4 and 5 of the Electronic Commerce Protection Regulations (CRTC) SOR/2012-36 (the Regulations (CRTC)). These alleged infractions took place between October 2016 and March 2020.

The results of the undertaking between the CRTC show that OneClass has agreed to pay $100,000 in penalties, bring their software and marketing efforts into alignment with the Act and implement a compliance program.

The CRTC has also updated their guidance for installing a computer program on their information pages, Canada’s Anti-Spam Legislation Requirements for Installing Computer Programs.

CAUCE Applauds the work of the CRTC in taking action to protect consumers and provide guidance for business that may be building or considering building applications similar to those described in the undertaking. 

For more information read CAUCE Board members blog post about this on EmailKarma. 

Dave Piscitello on Ransomware

CAUCE board member Dave Piscitello talked with host Gary Berman about ransomware on the Unsung Cyber Hero podcast. He shared stories about what has happened, and what you can do about it.

Watch him here: Podcast episode

Domain Name Registration Data at the Crossroads

New Report Shows Widespread Issues with Domain Name System Registration Accountability
Urgent Actions Required To Respond to Growing Online COVID-Themed Scams and Phishing Attacks

BOSTON, MA - Today, Interisle Consulting Group, a leading organization on the frontlines of cybersecurity issues, released a new report, Domain Name Registration Data at the Crossroads: The State of Data Protection, Compliance, and Contactability at ICANN. This study reveals widespread problems with access to and the reliability of domain name registration data systems (WHOIS). These failures have real-life security implications, which are being seen in the current wave of cybercrime accompanying the COVID-19 pandemic.

Across the Internet, everyone from individual consumers to advocacy groups to law enforcement agencies use domain registration information for vital purposes, including security scanning, problem-solving, and to provide legal and social accountability. “The COVID-19 pandemic has led to a recent explosion of cybercrime, with thousands of new domain names using terms like ‘covid’ or ‘corona’ being used to perpetrate spam, phishing, malware campaigns and to peddle fake products,” said Dave Piscitello, partner at Interisle Consulting Group and editor of the report. “Investigators need quick, unencumbered access to domain registration data to disrupt COVID-themed attacks before they cause losses and harm. The problems our study exposes have made that all but impossible.”

The report was designed to measure the effectiveness and impact of the registration data policies of ICANN (Internet Corporation for Assigned Names and Numbers). Over the course of five months, Interisle analyzed the practices of 23 domain registrars, and how the registrars performed against five key standards. The report details how the registrars failed to meet contractual obligations and contactability goals in 40% of the cases studied, with problems in an additional 16% of cases.

“Domain registration data is supposed to be available in guaranteed, reliable ways. Unfortunately, we documented widespread failures, both technical and legal,” said Greg Aaron, the author of the study. “These problems make it hard to distinguish bad Internet actors from good, severely impacting public security. And they make it harder to communicate and solve a range of other problems, eroding trust on the Internet.”

Other findings show that access to critical registration data has been significantly curtailed over the past two years, and ICANN compliance problems. The report also recommends actions that can be taken to ensure a healthy Internet and naming system. The full report can be found at: http://interisle.net/domainregistrationdata.html .

ABOUT INTERISLE CONSULTING GROUP
Interisle Consulting Group is comprised of experienced practitioners with extensive track records in industry and academia and world class expertise in business and technology strategy, Internet technologies and governance, financial industry applications, and software design. Interisle is focused on resilient systems, networks, and organizations, and the research it conducts for clients frequently leads to insights with lasting significance. More information is available at www.interisle.net.

Criminal Abuse of Domain Names: Bulk Registration and Contact Information Access

In this report, we study "bulk registration misuse" by criminal actors. Bulk registrations refers to the practice of rapidly acquiring domain names, using these in an attack, and abandoning them as if they were throw-away ("burner") phones. These domains are a critical resource for cyber criminals.

We use reputation block list (RBL) data to reveal how the use of bulk registrations, coupled with the crippling of registration data access by the ICANN Temp Spec for Whois, presents cybercrime investigators with the dual impediments of harder-to-pursue criminal activity and harder-to-obtain information about the criminals. From our analyses of sample RBL data for five Top-level Domains we:

• Confirm that cyber criminals take advantage of bulk registration services to "weaponize" large numbers of domains for their attacks,
• Identify four specific registrars at which abusive registration activity appears to be concentrated,
  profile registrants that misuse bulk registrations to acquire and weaponize thousands of domains,
• Confirm that ICANN's Temp Spec policy of redacting Whois point of contact information to comply with the GDPR significantly encumbers and delays cybercrime investigation.

Based on these findings, we recommend that the ICANN organization and community consider several Consensus Policies which, if adopted and incorporated into contracts, would contribute to reducing cybercrime and mitigating its effects on victims.

 

Read the full report: http://interisle.net/criminaldomainabuse.html

 

Dave Piscitello (CAUCE Director at large) ad Dr. Colin Strutt

GDPR Didn't Affect Spam? Not So Fast
By John Levine

http://www.circleid.com/posts/20180905_gdpr_didnt_affect_spam_not_so_fast/

RIP Don Blumenthal

It is with a heavy heart that we note the passing of dear friend, colleague and member of the CAUCE board board of directors, Don Blumenthal on September 28, 2019 in Ann Arbor, Michigan. He was 67.

Don was an anti-spammer for as long a there was an anti-spam community: he helped design, deploy and maintain the famous ‘Spam Fridge’, the repository of junk email maintained by the Federal Trade Commission (FTC). He contributed the wisdom he gleaned from that experience to the design process of Canada’s Spam Freezer.

 

 

Don Blumenthal later worked at the Public Interest Registry (PIR.org) maintaining anti-abuse work for the .ORG TLD

Don was a welcome, active participant to the Anti-Phishing Working Group (APWG.org), at the meetings held by the Messaging Anti-Abuse Working Group (M3AAWG.org), the Internet Corporation for Assigned Names and Numbers (icaan.org) and, of course, he was a long-time board member of the Coalition Against Unsolicited Commercial Email (CAUCE.org).

His interests also lay outside the realm of anti-abuse work, Don was a football scout for the Oakland Raiders.

Don Blumenthal worked tireless to make the Internet a better place, had a considerable degree of success doing so, and he will be sorely missed by us all. Simply put, he was a tremendously nice guy.

Rest in peace, Don.

Operation ReWired arrests 281 Business Email Compromise criminals

Cybercrime & Doing Time // Gary Warner :

Operation: ReWired

On September 10, 2019, the Department of Justice announced that 281 arrests related to Business Email Compromise had been made, with 74 of those arrested being in the United States.  It will take some time to track down the names of all of those arrested, as many of the arrests were overseas.  Twenty-three US Attorneys Offices participated in the Operation, although only five sets of arrests were discussed in the Department of Justice Press Release about Operation ReWired.  While we work to obtain the rest of the information, we'll go ahead and share some details from those already made public in the Press Release. >> MORE

CSA recap: CAUCE discusses international email and security

At the Certified Senders Alliance summit in Cologne Germany, CAUCE president John Levine talks about international email and its security.

John explained that, EAI is being used by literate computer users who cannot read English characters. He gave India as an example? in the state of Rajasthan, the Indian government is currently handing out email addresses in Hindi.

In the past, email addresses were all ASCII, but now they can be in UTF-8 encoded Unicode. A complication with Unicode is that there can be several ways to create a Unicode character (e.g. an ?can either be encoded as a character in its own right, or as an a followed by an accent). For human readers, this makes no difference to understanding the character, but for computers that can be difficult.

Some mail systems accept EAI mail, but many still don't. As a result, EAI senders need to be prepared for their email to fail if they are sending to ASCII recipients.

 

EAI Security issues

• Homographs: e.g. Latin O, Cyrillic O & Greek Omicron all look the same, appearing bit-for-bit identical in some programs.
• Bidirectional Text: Left-to-right vs right-to left text flow. Avoid combining different direction text within an address or URL,
• Avoid mixed scripts. In theory, an address could combine a Chinese character, and Arabic, Cyrillic, etc., but combining them is bad practice. It is unreadable and impossible to type. While compatible scripts are ok (e.g. the three scripts used to write Japanese), mixed scripts should be treated very skeptically by spam filters.
• Variant characters (e.g. different version of Chinese characters).

Challenges

• Long domain names: there are top-level domains names as long as 24 characters.
• Several ways to write the same character (is it ?or a + ? ?). If it is possible to combine the elements into a single pre-defined character, it is better to do so.
• Punctuation is possible in local parts: it is allowable, but not advisable.
• It is technically legal to use an emoji in an email address. This should be avoided. An email address must be easy to read and to type. Two different emojis with slightly different skin tones are not easy to differentiate or type.

Conclusion

EAI is on the way. It is going to be popular, particularly in countries like Thailand and India, where there is a literate population that does not read or write English. And finally, it is not difficult, but it is important to get ready.

CAUCE welcomes Dave Piscitello to Board of Directors

Spam infrastructures have evolved to become formidable means of delivery of a diverse and growing set of cyber attacks, from financial fraud and business compromise to political influence and malware campaigns. Central to these attacks is an ever increasing dependency on and exploitation of domain names and the domain name system (DNS).

We welcome Dave Piscitello, formerly VP of Security at the Internet Corporation for Assigned Names and Numbers (ICANN) to the CAUCE Board. Since 2005, Dave has been practicing at the nexus of domain abuse and mitigation. He has been instrumental in bringing operational security, law enforcement, and Internet Identifier communities together to confront abuses of the Internet name space. Dave has sought to raise cross-community awareness of abuses and misuses of domain names and the DNS by studying and calling attention to policy vacuums and weaknesses, by promoting abuse reporting systems that can help governance bodies and lawmakers make informed decisions , and by delivering DNS investigations training programs for law enforcement.