This is the first in a small series of articles published in collaboration with the Youth IGF and CyberVictim.help. In this article Joanna Kulesza, a former RACI fellow, talks about DNS abuse victims, shows us a definition of DNS Abuse and explains why this type of online threat cannot be solved solely by nation states.
The aim of this series of academic publications is to try to identify the different types of cyber victims and what kind of mechanisms are available to assist victims of illegal cyber activity in an appropriate and effective manner. The idea was a response to the visible increase in online threats (phishing, malware, ransomware attacks, online fraud, the use of cash mules, etc.) since the beginning of the COVID-19 pandemic. These cyber-criminal threats, as Europol described them on 27 March, have made cyberspace a more dangerous environment for the vulnerable.
The pandemic has us working from home. It has us shopping from home more frequently than we used to. It has us learning and teaching online. It had us meeting friends and relatives online alone. While most of us have done that before, it was rarely with such intensity and frequency. From one day to another we lost 90% of human interaction, resorting to what the local Internet would allow. Despite the times being highly challenging, our options for exchange information and seeking emotional comfort and support drastically shrank. We relied on the Internet for work, learning, teaching, shopping, socialising, playing and, last but by far not least, getting informed.
This was also a time where bad guys tried to find their way in the new reality as eagerly as we did. Mysterious cures for COVID-19, including vaccines that did not yet exist, popped up as sponsored ads on our screens, ones that we spent too much time staring at. Complex conspiracy theories linked global business, political networks and new technologies, all out to get us. How do we tell the truth? Who will protect us from online fraud, hate speech and disinformation?
Saving the Internet from bad guys with… contracts
In Europe and beyond we struggle with effective policing of online communications. As generations before, we want to be both: free and safe when we interact with others, go shopping or get our news. While this balance is difficult, it is possible to achieve: the rapid development of online communications, often proclaimed the wild west of modern society, is clear evidence that an increasing number of users feel safe enough to move new aspects of their daily lives online. Whether privacy or freedom of speech, we’ve struggled with setting national and regional standard for both long before the global networks came along. Yet while thus far keeping us safe from harm was largely done by states: lawmakers, police officers and judges, these roles have significantly shifted online. Seeking effective protection against someone who offends us online or abuses our personal rights, like privacy or image, from local law enforcement often proves challenging and lengthy.
We have far better chances if we address directly those who manage online resources, which allegedly cause harm to our legally protected interests. It is Facebook, Instagram or TikTok who have become the judge and jury for online interactions in early 21st century. While governments and international organisations talk of cybercrime and cyberterrorism, service providers look at their terms or service or privacy policies and instantly decide whether access to particular content should be allowed or blocked. While this process has always raised serious concerns with regard to due process and a right to fair trial, it seems as if it's here to stay. Rather than getting upset with the way things are, we might want to see how we can best manage them. This is where the discussion on DNS Abuse comes in.
DNS Abuse, cybercrime and cyberterrorism
The Internet Corporation of Names and Numbers (ICANN) oversees companies managing the DNS through a network of private law contracts. Those contracts foresee for termination of services for those who violate their terms. The term usually used for these violations is DNS Abuse. While eagerly disputed and ambiguous, DNS Abuse has recently found a definition (as specified in the DNS Abuse Framework).
DNS Abuse is composed of five broad categories of harmful activity insofar as they intersect with the DNS: malware, botnets, phishing, pharming, and spam (when it serves as a delivery mechanism for the other forms of DNS Abuse).
It is worth noting that this framework is a standard based norm that sets processes in cyberspace with a specific emphasis on a technical community term that spans from DNS hijacking and DNS poisoning, though spam and botnets, all the way to controversial intellectual property infringements with no direct references to existing international law and law enforcement via bilateral or multilateral treaties. While the technical community declares to stick solely to the non-content related management of daily operations online, issues such as spam and copyright clearly cross the technical “picket fence” they have set.
This brief note is to point the attention of the readers to this specific, relevant and highly significant gap in existing cybersecurity landscape that needs bridging. The ambiguous notion of “DNS Abuse” has been of interest to governments as indicated in a statement by ICANN's Government Advisory Council (GAC). In that statement, governmental representatives have noted that the term covers various “public policy interests” such as “consumer protection, crime prevention and attribution as well as stability, security and resiliency of the DNS”, or what has been referred to elsewhere as the “Internet’s public core”. Security of this “core” lies outside the direct impact of national authorities whereas the existing technical frameworks have a comprehensive, standards based, fully functional regime spanning across jurisdictions. The readers are encouraged to look into the current work of the Public Safety Working Group (PSWG) within ICANN’s Governmental Advisory Committee and the broader landscape of contractual obligations shaping the cybersecurity landscape. Particular reference should be made to the “Framework to Address Abuse” (October 2019) by some of the largest domain name registries and registrars addressing “phishing, pharming, malware, and botnets,” with recommendations for registrars and registries to voluntarily address child abuse material, illegal distribution of opioids, human trafficking and “incitements to violence.”
Despite enhanced multilateral efforts, Internet governance, with all its perks, is alive and well. The pandemic brought to the foreground issues of online safety and protection of individual Internet users from disinformation, fraud and spam. It is worth noting that it is not the UN, despite the enhanced efforts of the UN GGE and the OEWG that is managing these threats in the day-to-day operation of the network. That is done by service providers. Despite operating in various jurisdictions, they rely on technical standards that usually abstract from existing international legal frameworks to protect end users from abuse. Therefore, efforts aimed at enhancing the DNS Abuse discussion need to be well structured, as opposed to a lengthy national or multilateral process that will likely take decades to implement and harmonise.