DNS Abuse Responses: Difference between revisions
No edit summary |
|||
Line 30: | Line 30: | ||
===Governments/Intergovernmental Organizations=== | ===Governments/Intergovernmental Organizations=== | ||
IGO responses generally see DNS Abuse as a facet of [[Cybercrime]]. Government responses tend to focus on what can be adjudicated; content abuse, such as child pornography; and | IGO responses generally see DNS Abuse as a facet of [[Cybercrime]]. Government responses tend to focus on what can be adjudicated; include content abuse, such as child pornography; and outline how and when electronic evidence can be collected. | ||
==== | ====Objectives==== | ||
=====Pro-Mitigation===== | =====Pro-Mitigation===== | ||
* [[Budapest Convention]] | * [[Budapest Convention]] | ||
=====Pro-Privacy===== | =====Pro-Privacy===== | ||
*Pro-privacy legislation, such as the [[GDPR]], limits access to natural persons' data. | *Pro-privacy legislation, such as the [[GDPR]], limits access to natural persons' data. | ||
====Government Responses==== | |||
=====Domestic Legislation===== | |||
====Case Type==== | ====Case Type==== | ||
=====Civil===== | =====Civil===== | ||
Line 45: | Line 48: | ||
=====Criminal===== | =====Criminal===== | ||
=====Responding to State-Sponsored Cyberattacks===== | |||
* [[SolarWinds Hacking Attack]] | |||
* [[Microsoft Email Systems Hacking Attack]] On July 19, 2021, the Biden administration formally condemned but did not inflict sanctions against the Chinese government for working with hackers to breaching Microsoft email systems.<ref>[https://www.nytimes.com/2021/07/19/us/politics/microsoft-hacking-china-biden.html?action=click&module=Spotlight&pgtype=Homepage US Govt Accuses China of Hacking Microsoft, NY Times]</ref> | |||
===Technical Community=== | ===Technical Community=== | ||
Line 67: | Line 73: | ||
====End Users==== | ====End Users==== | ||
End users, even those who work in the DNS industry, need help managing DNS Abuse mainly because of the timeless effectiveness of [[Social Engineering Attacks]]. For instance, at the end of 2020, [[GoDaddy]] notoriously tested its workers to see if they would share sensitive information after clicking on dubious links from a spoofed email.<ref> [http://domainincite.com/26143-godaddy-pranks-employees-with-insensitive-phishing-test GoDaddy Pranks Employees DomainIncite]</ref> | End users, even those who work in the DNS industry, need help managing DNS Abuse mainly because of the timeless effectiveness of [[Social Engineering Attacks]]. For instance, at the end of 2020, [[GoDaddy]] notoriously tested its workers to see if they would share sensitive information after clicking on dubious links from a spoofed email.<ref> [http://domainincite.com/26143-godaddy-pranks-employees-with-insensitive-phishing-test GoDaddy Pranks Employees DomainIncite]</ref> | ||
==References== | |||
==References== | ==References== | ||
[[Category:Glossary]] | [[Category:Glossary]] |
Revision as of 13:52, 19 July 2021
DNS Abuse Responses are the various tools, methods, collaboration, and philosophies spawning from DNS Abuse itself.
Objectives[edit | edit source]
What are the goals of DNS abuse responses?
Overview[edit | edit source]
There are four time-related categories of responses to DNS Abuse:
- reactionary detection and removal of sources of abuse (necessarily after the fact),
- cotemporal efforts to mitigate the amount and likelihood of abuse or its impact,
- future-focused work on stopping abuse before it can happen, and
- ongoing allowance of abuse for ideological or jurisdictional reasons.
Response Options[edit | edit source]
Reactionary Removal[edit | edit source]
Cotemporal Mitigation[edit | edit source]
Future Prevention[edit | edit source]
Intentional Inaction[edit | edit source]
Points of View[edit | edit source]
Every type of Internet user has worries over DNS Abuse and the responses to it. For instance, there is an ongoing multistakeholder debate over where to draw the line between technical abuse and content abuse.
Social Scientists[edit | edit source]
Governments/Intergovernmental Organizations[edit | edit source]
IGO responses generally see DNS Abuse as a facet of Cybercrime. Government responses tend to focus on what can be adjudicated; include content abuse, such as child pornography; and outline how and when electronic evidence can be collected.
Objectives[edit | edit source]
Pro-Mitigation[edit | edit source]
Pro-Privacy[edit | edit source]
- Pro-privacy legislation, such as the GDPR, limits access to natural persons' data.
Government Responses[edit | edit source]
Domestic Legislation[edit | edit source]
Case Type[edit | edit source]
Civil[edit | edit source]
Criminal[edit | edit source]
Responding to State-Sponsored Cyberattacks[edit | edit source]
- SolarWinds Hacking Attack
- Microsoft Email Systems Hacking Attack On July 19, 2021, the Biden administration formally condemned but did not inflict sanctions against the Chinese government for working with hackers to breaching Microsoft email systems.[1]
Technical Community[edit | edit source]
Internet Governance Organizations[edit | edit source]
ICANN[edit | edit source]
So far, ICANN has been steadfast in its focus on technical DNS abuse and avoidance of policymaking around content abuse. As recently as ICANN 71, the organization was criticized by [[____]] and [[ ___]] for not doing enough to steward contracted parties and non-contracted parties toward involvement in reducing abuse. However, ICANN and SSAC, in particular, can point to SAC115.
IGF[edit | edit source]
DNS Abuse Institute[edit | edit source]
Currently, this newcomer is entirely focused on creating an interoperable framework.
Private Sector[edit | edit source]
Registars[edit | edit source]
Registries[edit | edit source]
BC[edit | edit source]
The business community wants
IP[edit | edit source]
Intellectual property lawyers
ISPCP[edit | edit source]
Internet Service and Connectivity providers
Reputation Industry[edit | edit source]
End Users[edit | edit source]
End users, even those who work in the DNS industry, need help managing DNS Abuse mainly because of the timeless effectiveness of Social Engineering Attacks. For instance, at the end of 2020, GoDaddy notoriously tested its workers to see if they would share sensitive information after clicking on dubious links from a spoofed email.[2]