This October, the APWG is pleased to present eCrime 2012, a combined event that includes the 2012 APWG General Meeting, APWG eCrime Researchers Summit, and the ICANN DNS Security, Stability and Resiliency Symposium. This convocation of authorities in cybercrime management and research, presented in cooperation with the Organization of American States, the world's oldest regional multilateral treaty organization, represents an unprecedented alignment of global actors in the confrontation with cybercrime.

eCrime 2012, running from Oct. 22-25, will include a one-day, members-only meeting on October 22nd and two full days of open sessions thereafter of programming that will be open to both members and non-members, to be followed by ICANN's SSRS on the 25th. Delegates will examine crimeware's evolution, phishing against wireless devices, behavioral vulnerabilities and human factors that contribute to eCrime's success, cybercrime forensic tools and techniques, the roles of Registrars, Registries in managing cybercrime, as well as breaking news on counter-eCrime data resources developed by the APWG and its global correspondents.

The working agenda can be found here.

eCrime 2012 is a milestone event for cybercrime management professionals, technologists, law enforcement officials and government ministers, unlike any other yet imagined by the cybercrime responder community to date, consolidating the thought-leadership and authority of the world's preeminent counter-ecrime association, its correspondent researchers and the SSRS produced by ICANN, the curator and guardian of the DNS.

APWG Members and Non-Members Please Note: The sessions at the Fall General Meeting on October 22nd are open to APWG Members Only. APWG organizers will vet all registrants that sign up for the conference. (Hint: consider joining the APWG.) The subsequent eCrime Researchers Summit sessions on October 23 and 24 is a public event open to all. If you haven't already, check membership rules and benefits at: http://www.apwg.org/membership.html

Please visit the eCrime 2012 event page for information regarding participation and registration fees for members and non-members of APWG. ( Note: before registering for eCrime 2012, check to see if your company is a member by inspecting the sponsors page at: http://tinyurl.com/9w25hpv)

There is no registration fee for the DNS SSRS event.

eCrime 2012 attendees are invited to participate in the DNS SSRS.

Registration link for eCrime 2012 is here. Logistics note: Those registering for APWG's eCrime 2012 program, can sign up for DNS SSRS on the same registration page.)

Direct registration link for DNS SSRS is here.

The event venue is:

El Conquistador Resort and Conference Center

Las Croabas, Puerto Rico - USA

T 407-704-2377

C 407.267.5310

Please visit the conference web site for logistical and useful information about the venue, hotels, travel.

The discount code for conference hotel accommodation is: APWG10

The conference accommodation page is here.

Reporter Anthony Savarese talked with Jart Armin, Director of HostExploit, about Internet safety following the May publication of the inaugural' Global Security Report' and launch of the 'Global Security Map' an interactive tool displaying global hot spots for cybercrime according to geographic location. The HostExploit 'Global Security Map' project is in collaboration with Russian group Group-IB and CSIS in Denmark, known collectively as the European Cyber Security Federation, ECYFED.

The following is a transcript of the interview called 'Global Security Report'. The original is published in Italian on the DataManager.it website:

Everyone knows that cybercrime is hosted on servers around the world, but where? A new interactive web-based tool is designed to provide a greater understanding in this domain in search of solutions to a global problem. How much cybercrime is served by registered hosting providers of a single country?

An interesting question, which can now begin to be answered thanks to a collaborative initiative between HostExploit (Cyberdefcon Group Ltd.), the Russian group Group-IB and CSIS in Denmark. The Global Security Map displays global hot spots for cybercriminal activities according to geographic location.

The global security map is in a rapid stage of development and at the beginning of a long-term research cycle. Work is currently underway and there will be further improvements to the tool, which will allow users to drill down seamlessly from the world level, region, country, to trade on the internet, for AS (Autonoous System) and ISPs, and finally, IP, domains and URLs.

We spoke with Jart Armin, Director of HostExploit .

We believe this is a unique tool for its combination of detail and the high level of visualization, which also caters to a wide cross section of users. In calculating the level of 'badness' at the national level, the accuracy in identifying the countries that carry out this specific activity is of course critical. One of the reasons why up to now there has been a lack of studies on the geographic distribution of crime is that it is difficult to determine exactly where anything is physically hosted on the Internet, let alone where everything is. This should not be a deterrent to research. Rather, it should encourage further research, as inconsistent data, when publicly released, will put pressure on the relevant internet authorities to enable better methods of quantification. If you do not try to quantify nothing will ever change. Note also that the global security map, resources and related data are not intended as a statement that any government or country is actively involved in (or is a supporter of) criminal activity.

What is the health status of information security in the world?

Overall we have a bad health condition, the market for computer crime is growing rapidly, in 2012 earnings estimate for about USD15 billion versus USD11 billion in 2011, and this provides a quantitative basis of the threat. Depending on the mode of determination of costs for every USD1 in the market of cybercrime, there is a comparative spending of about $50 to $100 on cybercrime defenses. Added to this, the dramatic rise in Internet use worldwide puts a major stress on the existing physical infrastructure, as well as the DNS (Domain Name System).

What is the methodology used for the report?

The report uses as a tool called the HE Index, which represents levels of concentrations of malicious activity detected. It ranges from 0 to 1000, where 0 is zero harmful activities and 1,000 is the maximum level of illegal activity. An important aspect of the HE Index is that it measures concentrations of bad activity: in short, the size of the country is taken into account, so that larger countries will not come out on top simply because they contain more content.

Which are the states where there is the greatest danger and why?

In general, countries which suffer the highest levels of malicious activity can be divided into two categories. First are countries with a highly competitive field of web hosting. A well developed market implies the lowest prices possible. Examples include the Netherlands (# 6) and the United States (# 11). Second are countries with a low level of regulation. Often these are small countries, where the web hosting is not common, resulting in a lower level of regulation in progress. Examples include the British Virgin Islands (# 4) and the Republic of Moldova (# 9).

Could you provide some numbers and some examples?

The global security map is the result of extensive research into autonomous systems (ASN) - server, and ISP networks with IP routing. At the time of the report (May 05 2012), Lithuania is ranked # 1 with the highest levels of malicious activity around the world while Finland at No. 219 has the cleanest servers and networks. Armed with this information, the next step is to consider ways or realistic plans that can help reduce levels of malicious activity. For example, what is it that makes the difference between the country identified as the "worst", # 1 in Lithuania, and the "best", # 219 Finland!

What are the types of emerging risks?

Mobile security is still the largest area in which there is an 'emerging risk', but the theft of data (data breach) is still rising in many countries and there is still a need for effective legislation. The phenomenon of 'spear phishing' through social networks is becoming more sophisticated. These are now associated with polymorphic malware, which are designed not only to target a specific country, but to specific bank users based on demographic and social groups.

Will the rise of mobile computing security bring changes?

Mobile Security is our biggest challenge, with an estimated 450 million smartphones shipped in the last 12 months, it is estimated that access to the Internet will be greater from  mobiles than from PCs by 2015. Device safety is still weak, and Android is the main objective of the cybercrimials. Many attacks in the mobile industry and the emergence of the first botnet dedicated to this sector ( Pocket botnets ) were found in China and Asia, due to high levels of use of mobile devices in these countries. More than one million Pocket botnets emerged in China, causing the first national warning to the Chinese public on Chinese television.

There are greater risks for companies or individual?

Both: companies and individuals are at risk.

To view the Global Security Map click here

To download the Global Security Report in English click here

To download the Global Security Report in Russian click here

A new #1 tops the ranking table in HostExploit's 'World Hosts Report Q3 2012' for high levels of malicious activity. AS40034 Confluence Networks, is registered in the Virgin Islands but hosted in the United States.

The HostExploit (HE) World Hosts Report Q3 2012, in collaboration with Group-IB and CSIS, presents a new #1 Host this quarter, AS40034 Confluence Networks, (real-time update) for high levels of malicious activity.

New names in new places is sadly not a consistent theme for this quarter as, despite the new #1, the ‘Top 50 Hosts’ table for Q3 2012 has more than a fair share of familiar names holding the top positions. Unlike the new #1 (AS40034 Confluence Networks), AS16138 Interia.pl, the holder of the #2 spot, is a regular at the top of the chart for consistently serving some of the worst types of malicious activity on the web. Offences include large amounts of ‘Current Events’, a mix of the most up-to-date and fast changing attack exploits and vectors.

In previous reports AS16138 Interia.pl has been:

• #1 in Q1 2012
• In the 'Top 10' since Q2 20120

HostExploit's Editor Jart Armin makes a direct appeal to Interia.pl in the report:

“Changes to your systems and abuse procedures are long overdue. Please prevent further damage from occurring to the unfortunate and long suffering victims of the individuals or gangs who use your services to carry out all manner of Internet malpractices.”

Other highlights from HostExploit's Q3 2012 World Hosts Report:

• United States and Russian Federation display disappointing results for Q3.
• US hosting providers in the Q3 'Top 50' – up to 14 from 12 in Q2
• Russian Federation still at #1 for most malicious activity
• AS50465 IQ Hosts (RU) remains at #1 for Botnets
• AS53665 Bodis (US) at #1 in the Phishing category

A featured article on the rise of DDoS amplification as an attack method, ‘DDoS the World - The Problem with DNS Open & Misconfigured Resolvers’, details how an attacker can exploit a mis-configured DNS open resolver and use its powerful resources to launch an overwhelming assault against a targeted website. For the first time, HE includes data on Autonomous Systems (ASes) and open resolvers, as part of on-going research into this issue.

As far as country rankings are concerned, there have been no large movements since Q2. Most disappointing is seeing that since Q2 both the United States and Russia have deteriorated in their hosts’ overall standings. Follow more on this in the report or on the accompanying Global Security Map website, an interactive web tool with live country data.

The full HE ‘World Hosts Report’ for Q3 2012 - available here - provides more detailed information on all of the topics above, including data on individual categories such as Botnet C&C servers, phishing servers, exploit servers, Zeus botnet hosting, infected websites, spam, current events and badware.

About

HostExploit

HostExploit provides open source intelligence on cyber security issues and cybercriminal operations. In providing analysis of all the public Internet servers worldwide the quarterly World Hosts reports and daily SiteVet updates aim to maximize the awareness for hosts, registrars, governmental and cyber security researchers.

Group-IB

Group-IB is Russia and the CIS’s (Commonwealth of Independent States) leading computer security company, specializing in the investigation of computer crime, information security breaches, and computer forensics.

CSIS

CSIS provides IT services and technical analysis. The CSIS vision is to “…be among the best and most recognized companies in the world fighting the IT criminals.”

A new European Cybercrime Centre (EC3) based at Europol in The Hague will be the focal point in the EU's fight against cybercrime and serve as the European information hub in this area, the European law enforcement agency announced today.

An alliance formed from business, government, law enforcement, security agencies and professionals has been endorsed by the Council of the EU and will be operational by 1 January 2013. As part of the existing Europol structure the Centre will pool expertise and information, support criminal investigations and promote EU-wide solutions, the European law enforcement agency announced today.

The launch of EC3 is in response to the increasing threat from cybercrime and the rapid growth of prime targets within the EU as Internet-based economies and payment systems continue to evolve. As well as becoming an information hub the centre aims to develop tools in support of investigations in the EU and to raise awareness while, at the same time, building a community of experts from all sectors of society. The borderless nature of cybercrime presents considerable challenges to law enforcement worldwide requiring better collaboration and cooperation across all industry sectors.

In a press statement on the Europol website Director of Europol, Rob Wainwright, said:

"The establishment of the European Cybercrime Centre will be a landmark development in the EU's fight against cybercrime. I am delighted that the Commission has proposed its establishment at Europol. Organised crime groups, terrorist groups and other criminals are quick to exploit the opportunities afforded by developments in technology, and the time is ripe for the authorities to get one step ahead. The European Cybercrime Centre will provide governments, businesses and citizens throughout the Union with the tools to tackle cybercrime. Building on Europol's proven track record and unique expertise in this area, and with the support of the Member States, other EU bodies, international partners, and the private sector, the European Cybercrime Centre will make the EU smarter, faster and stronger in its fight against cybercrime."

At the same time Europol announced its lead in a consultation into the future of cybercrime by ICSPA (International Cyber Security Protection Alliance) called Project 2020. The project will bring together organisations and professional communities for a combined international study into the development of cybercrime in the future.

The Project Director for Project 2020, Europol’s Dr. Baines said,

“Cybercrime evolves as quickly as technology, and technology develops so quickly that the unthinkable becomes mainstream before we can imagine.  Furthermore, criminals today can still surprise us as they move from region to region around the world.  We have the groups around the table who can make sure this will no longer be the case.”

For more information on Project 2020 visit The International Cyber Security Protection Alliance (ICSPA) website.

The arrest of two men in the UK and another in Macedonia is the result of an international operation in which 36 web domains, used to trade compromised banking data, were taken offline, the UK's Serious Organised Crime Unit announced today.

The Head of Cyber Operations at the UK Serious Organised Crime Unit (SOCA), Lee Miles, spoke of the recent collaborative operation as "an excellent example of the level of international cooperation being focused on tackling online fraud."

Over the past two years SOCA cooperated closely with an number of law enforcement agencies including the FBI, the BKA in Germany, the KLPD in the Netherlands, the Ukraine Ministry of Internal Affairs, the Australian Federal Police, and the Romanian National Police, to track the rise of websites used as e-commerce type platforms, known as Automated Vending Carts (AVC’s). During this time SOCA successfully recovered more than 2.5 million items of compromised personal and financial information which is estimated to have prevented more than £500 million ($809 m) in further fraudulent losses.

SOCA gathered evidence on cyber criminals operators of AVCs, a trend that had been increasing over the last 18 months, as fraudsters frequently began to use e-commerce platforms to ply their trade. The information gathered by SOCA led to the arrest of two UK men on suspicion of making large scale purchases of compromised payment card and online banking data. At the same time the UK’s Dedicated Cheque & Plastic Crime Unit (DCPCU) seized a number of computers in connection with Fraud Act offences while, in Macedonia, a man was arrested by the Macedonian Ministry of Interior Cyber Crime Unit on suspicion of operating a fraudulent AVC web platform.

As well as being a model example of international cooperation in the fight against online fraudsters the operation will protect businesses, online retailers and financial institutions from becoming the next victim and potentially save more than half a billion pounds in further losses, Lee Miles estimated in a press statement.

No figure, however, can be attributed to saving thousands of individual from the distress of becoming a victim of fraud or identity crime.

Knujon presents a detailed study of the way ICANN handles and tracks complaints of inaccurate WHOIS records for registered Generic Top Level Domains (gTLDs).

The Internet Corporation of Assigned Names and Numbers (ICANN) is required to track complaints about non-compliance with the Registrar Accreditation Agreement (RAA), a signed document between a Registrar and ICANN that sets out the terms and conditions of accreditation to ICANN. In 'Evaluation of ICANN Compliance Process', Knujon details major failings in this process finding that ICANN staff were unclear on many aspects of the non-compliance policy.

All domain owners and operators are required to supply accurate contact information for each domain they register under the terms of the registrar-registrant agreement signed between both parties. Failure to supply truthful and accurate data in domain WHOIS records is a material breach of this contract and of the sponsoring registrar's agreement (RAA) with ICANN.

When a complaint about non-compliance with the RAA is made, ICANN is required to track those complaints to ensure that proper handling and processes have been adhered to. Knujon's study shows that this process is not always followed. Knujon detail this in a number of cases and highlight failures and inconsistencies in the compliance process. Further, the study points to instances where ICANN staff displayed confusion and appeared to be unsure on several aspects of the policy.

In brief, the Knujon found five main failings by ICANN staff as follows:

• Confusion over actual policy.
• Contradictory answers to questions at different times.
• Specific non-compliant events were not followed by enforcement for unexplained reasons.
• Unable to account for their decision-making process.
• Investigations apparently abandoned with further questions refused.

During the course of the study, Knujon noted that thousands of complaints were submitted and hundreds were flagged for apparent non-action by ICANN Compliance. In selecting nine complaints to follow from different Registrars, of various sizes and in multiple countries, the aim was to show that potential problems exist across the board and that processing issues are not restricted to a single company, region, culture or market share.

According to Knujon, while there have been multiple studies concerning the accuracy of the gTLD WHOIS record set and problems presented by this issue, there are no known studies of the effectiveness of ICANN’s process for dealing with WHOIS inaccuracy. This study sets out to provide that information but, as Knujon reluctantly admit, the study is not as technically complete they would have liked; the Compliance process under investigation ceased in June 2012, before the study was concluded.

ICANN is currently meeting in Toronto where Knujon's, Garth Bruen, intends to engage in an "aggressive agenda", as part of the WHOIS Working Group, among other things. The nine cases of non-compliance followed in this study may provide ample evidence of ICANN's failings in this area to stimulate a healthy discussion on the relevant issues.

In preparation for European Cyber Security Month (October 2012) ENISA, the European Network and Information Security Agency, is making a series of free material available on its website.

The freebies are aimed at EU entities involved in raising awareness on cyber security issues. As online services increasingly become part of everyday lives it is important for internet users to be educated on how to stay safe. The aim of the material is to support EU Member States as they prepare cyber security education and awareness campaigns, the agency says. It should be useful in reaching people and getting them to change their behaviour, or to reinforce good behaviour.

Not all the planned material is available on the ENISA website yet. Currently you can access:

• Tips and advice to provide in-depth information on how to stay safe in a variety of online settings, such as for example on social networking sites, on gaming sites, and on your mobile device
• ECSM web banners
• ECSM certificate of appreciation template (white background and coloured background)
• ECSM letterhead (.doc and .dot)
• ECSM powerpoint template (.ppt and .pot)

Available soon will be:

• ECSM posters
• ECSM name tag

Visit the ENISA website to download the available material.

The Federal Criminal Police Office for Computer and Network Crime in Austria recently announced the arrest of the country's youngest hacker. At just 15 years old the teenage hacker has admitted to being prolific too, claiming 259 hacks over the space of three months.

Between January and March 2012, a 15-year-old from Lower Austria, breached public systems, institutions and authorities in Austria, and many other countries too according an official statement. Interior Minister, Mag.a Johanna Mikl-Leitner, said that the hacks demonstrate just how vulnerable computer systems are, while at the same time, they show just how technologically advanced today's young people are. The Austrian suspect reportedly told officers that his hacking skills were self-taught.

While incidents like this may start out as a prank, Interior Minister Mikl-Leitner stressed that they cannot be considered as petty offenses.

The teenager admitted that he had used hacking tools to search for vulnerabilities and bugs on web pages and databases. Mag Löschl Leopold, Director of the Federal Office of Computer and Network Crime, emphasized that the next step that the youngster took, in accessing user data, which he published on the Internet and on Twitter, was an illegal act. No figure was available yet for losses or damages incurred as a result of the breaches as investigations were continuing.

The hacker claimed that boredom and the need for attention from the media was the motivation for his actions. The Ministry of the Interior emphasized that Internet crime was not exclusive to the young and that, for example, as quoted by Director Leopold, in 2011 eleven percent of computer offenses were committed by 10 to 21-year-olds, 17 percent of 21 - to 25-year-olds and 46 percent of 25 - to 40-year-olds.

Austrian police recently announced a program due to begin later in 2012 where 300 specially trained police will visit schools and colleges to hold workshops and stage events aimed at educating youngsters on a range of computer related subjects which, the Ministry hopes, will help prevent problems in the future.

Efforts have been made to improve cooperation between the Austrian Economic Chamber (WKO) and the Ministry of Interior (MoI), the statement continues, in an effort to raise awareness about computer security for businesses and to improve crime prevention through a regular exchange of information, publication of manuals and a series of events on the subject of IT security.

AFNIC is holding two Registrar Days with a focus on changes during 2012 and propects for 2013. The first day will be held in Lyon on 4 October, for French speakers only, followed by a bilingual French-English session on 9 October in Paris.

AFNIC, the non-profit government-appointed registry for .fr (France), .re (Reunion Island), .yt (Mayotte), .wf (Wallis and Futuna), .tf (French Southern Territories), and .pm (Saint-Pierre and Miquelon), is organising one-day Registrar events in October. The aim is to strengthen the relationship and cooperation with its registrars through a day-long program that will include a presentation on AFNIC activities and services, a session on new gTLDs (challenges and opportunities) and technical workshops covering subjects such as DNSSEC policy and practice, and a prospective Road Map for 2013.

Registrars can choose either a day-long session in French only to be held in Lyon on 4 October or the same event, in a bilingual French-English format, on 9 October in Paris. Both sessions are preceded by an optional evening social event (3 October for Lyon and 8 October for Paris), details of which are still to be released.

For more information on these events visit the AFNIC website.

At the EU-U.S. Justice and Home Affairs Ministerial meeting held 20-21 June in Copenhagen, a framework of agreement outlined the launch of a Global Alliance to fight child sexual abuse online.

The EU and the U.S., at the EU-U.S. Justice and Home Affairs Ministerial Meeting attended by Attorney General Eric Holder, Department of Homeland Security Secretary Janet Napolitano, Denmark Minister of Justice Morten Bodskov, European Commission Vice-President Viviane Reding , EU Commissioner of Home Affairs Cecilia Malmstrom and Cyprus Minister of Justice and Public Order Loucas Louca on Thursday agreed to enhance efforts against child sexual abuse online. The initiative seeks to unite decision-makers around the world to better identify and assist victims and to prosecute the perpetrators. Further, governments are called upon to participate in building a Global Alliance against Child Sexual Abuse Online.

In a joint statement both parties emphasized that child abuse online is a crime that is ubiquitous and without borders. The statement continues: 'Child pornography images circulate easily across jurisdictions, and efforts to reduce such circulation have failed to produce satisfactory results to date.   Child pornography offenders are increasingly operating in international online groups that use sophisticated technologies and security protocols to frustrate the efforts of law enforcement to investigate their crimes.   Different laws and policies across jurisdictions also have created law enforcement vulnerabilities that these international offenders are exploiting.   Therefore, we need to act together to successfully confront the problem.'

"I feel very strongly about the need to fight these outrageous crimes. We must go beyond mere declarations of principle and achieve concrete improvements at national level. The recent adoption of the Directive on child sexual abuse was an important first step forward. There is, however, a need for more action worldwide. You will hardly find a case of child sexual abuse online that does not involve criminals, victims or infrastructure in third countries. Therefore, together with US Attorney General Mr Eric Holder, I have proposed a Global Alliance of national Ministers of the Interior and Justice. The EU and the U.S. have taken the lead in designing the Alliance, and plan to invite States around the world to join", said Cecilia Malmström, EU commissioner for Home Affairs, after her meeting with Eric Holder, US Attorney General, in Copenhagen.

The Global Alliance will seek to unite countries around the world behind a set of shared goals:

• Enhancing efforts to identify victims, whose sexual abuse is depicted in child pornography, and ensuring their assistance, support and protection;
• Reducing the availability of child pornography online and the re-victimization of children;
• Enhancing efforts to investigate cases of child sexual abuse online and to identify and prosecute offenders;
• Increasing public awareness of the risks posed by children’s activities online, including the self-production of images, in order to reduce the production of new child pornography.

The Global Alliance builds upon the successful work of the EU-US Working Group on cyber-security and cyber-crime, where the fight against child online abuse has been identified as one of key priorities. The Global Alliance will set out policy targets and operational goals, giving participants the freedom to choose the means how to achieve them. Specific actions, their extent and content, will be decided by participant countries, in accordance with their national situation.

Partners from around the world are invited to join the Global Alliance against Child Sexual Abuse Online with a formal launch of the Global Alliance planned for December 2012.

Read the full EU press statement here.

Read the full US Department of Justice press release here.

The latest figures for European ATM fraud attacks reflect the ability of cybercriminals to adapt as some types of ATM related fraud incidents fall and others increase.

Figures published by EAST, the European ATM Security Team, an international network working in the Single Euro Payments Area (SEPA) to improve public/private sector cross-border cooperation in the fight against organized cross-border crime, reveal the impact of changing ATM attack methods employed by cybercriminals as they attempt to stay ahead of improving security measures against some types of ATM fraud.

While ATM fraud losses fell from EUR268 million (USD352 million) in 2010 to EUR234 million (USD307 million) in 2011, a decrease of 13 percent, total ATM related fraud incidents increased from 12,383 in 2010 to 20,244 in 2011. According to EAST, the fall in losses, down from EUR267 million (USD351 million) in 2010 to EUR232 million (USD304 million), can be explained by a continued reduction in card skimming attacks. The majority of ATM related card skimming attacks, 79 percent, continue to be perpetrated from outside national borders using stolen card details and account, as well, for most of the losses incurred.

A decrease in ATM card skimming incidents and losses is good news but, at the same, other types of ATM fraud have increased. Cash trapping incidents at ATMs increased significantly in 2011, up from just 240 reported incidents in 2010 to 10,808 incidents, and account for the net increase in ATM related fraud incidents over the last year. Cash trapping is used by criminals to defraud customers carrying out a legitimate cash withdrawal request at an ATM that delays the dispensing of money until after the customer has walked away empty-handed from the cash machine.

Organized gangs of cybercriminals demonstrate the ability to be flexible as the need arises to take full advantage of the slow deployment of counter measures against some types of ATM fraud by banks and financial institutions. Where the uptake on EMV is still low, ATM fraud losses remains high: the USA, the Dominican Republic and Colombia. Newer methods of fraud prevention such as geo-blocking and fraud monitoring capabilities continue to improve fraud detection rates but slow deployment offers cybercriminals the opportunity to re-group and adapt.

An overview of the 'HostExploit' Q2 2012 "Top 50 Bad Hosts and Networks" report by 'BadWhois' expounds on the improving situation of US-based networks and urges a pro-active stance against abuses.

'BadWhois', 'Just an average dude, but apparently with a bit of savvy', interprets data and observations from the recent 'HostExploit' (HE) Q2 2012 "Top 50 Bad Hosts and Networks" report. BadWhois voices a widely held opinion that it is the responsibility of the hosting provider to keep 'the innocents' protected from the bad guys. In so doing, BadWhois, identifies one of the major motivational influences behind the HE quarterly publication.

'BadWhois' recognizes the positive efforts of US-based hosts in dropping out of the top 10 rankings and the contribution made by individual providers. For example, AS33626 'Oversee.net' is congratulated on its improved ranking while, at the same time, encouraged to go a bit further, in order to disappear out of the rankings all together. Oversee's recent deal with security firm 'Team Cymru', should ensure that progress towards that end continues.

As well, 'BadWhois', applauds the promising looking stats of both AS33182 'HostDime' and AS32475 'SingleHop', while urging, 'a bit more work is required to keep the trending downward'. Other hosts, too, appear to be making progress although the going is not always easy. AS21844 'The Planet' provides an example of how spikes of badness can negate a previously encouraging trend. A similar scenario is attributed to AS46475 'Limestone Networks' and AS21788 'Network Operations'.

In this overview of the "HE Q2 2012" report, the 'average dude' displays more than just a 'bit of savvy'. The message from 'BadWhois' to all the hosts appearing in the "Top 50 Bad Hosts" table captures the essence of the rationale behind the reports and throws out the gauntlet to all abuse ops:

"...being listed here means that right now your infrastructure is being used to target the innocent. That innocent may be your brother, sister, mother, father, wife , yourself or other loved one. Being an abuse op is a big responsibility and many times a thankless task. Take up the challenge or leave, opening your spot for someone else willing and able to take up the responsibility of being a custodian of the trust and promise of the net."

'HostExploit' heartly agrees with this sentiment and of this final remark from 'BadWhois': 'To all the American abuse ops, remember you portray the American image to the rest of the world! For those of you silently doing your part, a sincere thank you!'

Quite simply, this last sentence could apply to any country, anywhere in the world.

Countries around the world, from Algeria to Zambia (Republic of), celebrate Safer Internet Day 2012 today Tuesday February 7. The focus this year is on connecting generations as organizer Insafe invites people of all ages from very young children to parents and grandparents to “discover the digital world together… safely”.

Since its beginnings in 2004, as an initiative of the EU SafeBorders and taken up by the Insafe network in 2005, Safer Internet Day has grown into a global enterprise with more than 70 countries worldwide celebrating a common aim, to make the Internet safer for all users. One of the initiatives of Safer Internet Day is to promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world.

At the forefront of emerging online issues, Insafe has chosen a topic this year that reflects current concerns about a digital divide between the generations. Keeping safe online is a message for all as this landmark event in the online safety calendar aims to promote. Whether you use the Internet once a month or several times a day our offline and online worlds of today are strongly connected and we all have a role to play in ensuring the safe use of the technology that enables us to connect to each other. From cyberbullying to social networking, Safer Internet Day raises awareness that the digital world can be safer if we all learn from each other.

To find out more about events globally visit the Safer Internet Day website.

Cybercriminal banking fraud in the Netherlands increased in 2011 according to the latest figures from the Dutch Banking Association (Nederlandse Vereniging van Banken, NVB). Both online banking fraud and ATM skimming went up significantly last year.

The Dutch Banking Association, NVB, reports that Internet fraud rose from ten million in 2010 to 35 million euros last year while losses from ATM skimming doubled to 38.9 million euros by the end of 2011. Boele Staal, chairman of NVB says that the increases can be explained by criminals carrying out final and massive attacks in the run up to the Netherlands becoming fully EMV chip compliant at the beginning of 2012.

Further, the NVB states that when compared to the increased usage of both online banking and debit cards the fraud figures are insignificant representing only 0.001 percent and 0.03 percent respectively of the total.

Dutch banks are working hard to bring in new measures, including TV spots warning bank customers to keep their login credentials safe, in order to counter the constantly changing tactics of the criminals which differ from the classic bank robbery.

Boele Staal says that the NVB is confident that Internet banking in the Netherlands is safe and that the banks are investing millions of euros to bring in new products to keep payment systems secure.

Nominet, the world’s second largest country code registry, announced on Friday that the .uk registry has hit a key milestone in reaching over 10 million domains registrations. In the 12 years since the first 1 million milestone was passed, registrations have multiplied ten-fold the .uk registry reports.

Nominet CEO Lesley Cowley hails the registration of the 10 millionth domain as a "fantastic achievement" which shows that ".uk is a great place to be." Since the first registrations in 1985, to the 1 millionth mark in 2000, and now to the 10th million in 2012, the .uk registry reflects the impact that the domain name system has had on the digital economy and e-commerce activity in the UK.

To mark the passing of this important event, Nominet has dedicated its quarterly report on the domain name industry to an insightful reflection on the content of the registry database. The report contains accounts that demonstrate the diversity and variety of the UK internet community as a whole and pinpoint fascinating facts and figures on, for example, the most frequently used words in .uk domain names, the words used in a variety of business and social categories, how the length of domain names has changed in the .uk compared to other TLDs, along with many other interesting details.

Looking at the section on the most frequently used word in a domain name, Nominet found that service, home, shop, london, house, solution, group, photo, property, business are the Top 10 choices.

An analysis of .uk domain names by Industry category provides an overview of some interesting trends as certain words become more fashionable and others fall in popularity. For example, since 2001 the word 'app' has grown from appearing in just 3,700 domains to over 50,000 in 2012.

The Nominet domain business report provides a fascinating analysis of technological changes reflected in the domain name system and demonstrates the web as a vibrant interactive tool for communicating with each other as well as a conveyor of e-commerce activity.

"The Domain Business" is available on the Nominet website.

To help girls and young women access training, job opportunities and career information in information and communication (ICT) the ITU has today launched a new one-stop shop.

Despite ICT being a fast-growth industry the number of young women pursuing a career in technology has been falling in the US since the 1980's, the ITU reports. Back in the 1980's young women, the report continues, were gaining 37 percent of computer science degrees; today, that number has fallen to below 20 percent. The situation is even worse in OECD countries where less than 20 percent of ICT specialists are women. In launching the portal the ITU aims to help girls to find information on training, scholarships, internships ICT contests and awards, tech camps, online girls’ networks along, with many other programmes, in a bid to encourage more girls into the industry.

Evidence shows that girls and young women tend to lose interest in careers in technology early on and for a number of reasons. Sometimes it can simply be down to the image portrayed of the industry with labels such as unfeminine, too challenging, or just plain boring attached to the subject.

On the launch of the new portal ITU Secretary-General Dr Hamadoun Touré said that such entrenched ideas were no longer relevant as the rise of apps and the explosion in telemedicine, remote learning systems and research and development were making the ICT industry the most exciting choice any young person can make. "The industry is entering unchartered waters of creativity, innovation and entirely new ways of working, interacting and learning," Dr Touré added.

Professionals in computer and information systems are ranked among the top 20 best-paying jobs – on a par with surgeons, orthodontists, airline pilots and lawyers, at a time when, the European Union calculates, in 10 years time there will be 700,000 more ICT jobs than there are professionals to fill them. Globally the estimated shortfall is even greater.

'Women and Girls in ICT’ is the theme of ITU’s upcoming World Telecommunication and Information Society Day, to be celebrated on 16 May 2012 while an annual global 'Girls in ICT Day' will be held on 26 April 2012.

To find out more about this exciting initiative aimed at encouraging girls into a rewarding and worthwhile career visit the ITU 'Girls in ICT' web portal.

Microsoft reports that in a coordinated action with industry partners, Zeus botnet command and control servers were seized in two hosting locations (Scranton, Pennsylvania, and Lombard, Illinois) together with valuable data and virtual evidence in a bid to disrupt cybercriminal operations and their supporting infrastructures.

In an announcement on 25 March, Microsoft hailed the operation as a first of its type for the corporation where a single coordinated action is said to be responsible for disrupting multiple operating botnets as well as being the first time that the U.S. Racketeer Influenced and Corrupt Organizations (RICO) Act has been used as the legal basis to bring a civil case against those responsible for a botnet. The Zeus malware, at the center of the operation, has the ability to monitor a victim’s online activity, record keystrokes, automatically start keylogging to obtain illegal access to a victim's bank account and withdraw money from unsuspecting banking customers.

Microsoft named the Financial Services partners in this operation as the Information Sharing and Analysis Center (FS-ISAC) and NACHA (The Electronic Payments Association) and the security industry partners as research company Kyrus Tech Inc., and F-Secure.

Michael Tanji, chief security officer of Kyrus Tech Inc., said he was proud to have helped analyze the Zeus malware and botnets as part of this groundbreaking effort and hoped it will encourage others to start working together in an effort to combat malicious activity at the same scale as it is being perpetrated.

ICANN proposes a multipronged approach for the adoption of a replacement for the WHOIS protocol as set out in a Roadmap of preliminary recommendations for further input and feedback from the community.

The Internet Corporation for Assigned Names and Numbers (ICANN) Roadmap is a follow on from report SAC 051 published in September 2011 by ICANN's Advisory Committee for Security and Stability (SSAC) in which concerns were raised about the ability of the current WHOIS protocol to handle growth in the “internationalization” of data or non-American Standard Code for Information Interchange (non-ASCII) data. The SAC 051 report recommends the adoption of several actions to ease the transition to a replacement for the current WHOIS service. The roadmap sets out ICANN's proposals for implementing these recommendations and calls for further community input and feedback.

The need for a new WHOIS protocol has been discussed in the past with experts from many organizations with the service's many deficiencies highlighted by others on frequent occasions. Previous attempts have been made to develop a working alternative service but, as yet, no comprehensive solution has been found. ICANN hopes that the Roadmap will encourage further debate on the issue and that the set of recommendations will move the process forward.

In report SAC 051 three major recommendations were made as detailed in the Roadmap. In summary these are as follows:

• To clarify the terminology surrounding the WHOIS service with the adoption of new terminology that better distinguishes the different components.
• Improve the query and display of internationalized data.
• Develop a process of standardization across a range of mechanisms including verification methods, credential services, and access control capabilities.

The Roadmap recognizes that the transition to new terminology, such as referring to the Whois service as Domain Name Registration Data Directory Service (DNRD-DS), will take some time and proposes that documents and summaries of the preferred terminology should be widely distributed among ICANN stakeholders. Old terms should be used in parenthesis along side new terminology during the initial phase.

The complexities of moving to a replacement service that supports Internationalized Domain Name Registration Data (DNRD) and provides a uniform and standard framework for accessing DNRD are recognized in the documentation. The Roadmap proposes ways in which the technical side can be coordinated along side the policies to make them workable for all relevant parties. This will be applicable to the ICANN community as well as to the various needs of the top level domain (TLD) registry operators, generic top-level domain registries (gTLD) and country code top-level domain registries (ccTLD). The Roadmap emphasizes that a one-size approach is not appropriate but that different incentives will be required to encourage the full adoption of the new policies for both gTLD and ccTLD registries.

In relation to the WHOIS protocol the Roadmap proposes that technical standards bodies, for example the Internet Engineering Task Force (IETF), should be actively involved. A mailing list already exists on the issue via the IETF WHOIS-based Extensible Internet Registration Data Service where a group of interested parties are trying to create a working group on the standardization of a replacement for the WHOIS protocol.

As previous attempts to develop a working alternative to the protocol seem to have been unsuccessful, ICANN is hopeful that the Roadmap for the recommendations as set out in SAC 051 will provide a realistic multipronged approach that will be relevant to all parties as the way to move forward to a new and workable service.

The draft Roadmap is posted on the ICANN website for community consultation, where community input on the scope, timing, utility, challenges, and suggestion as to how these challenges may be overcome is requested. ICANN proposes to hold a public workshop on the draft roadmap at  ICANN 43, San José, Costa Rica (11-16 March 2012) as a further means of consulting with the community. Two public comment periods will follow with the report finalized for Board and community action by the Prague meeting in June 2012.

Full details of the Roadmap and proposals can be found on the ICANN website.