Secure Domain Foundation Fights Cyber-CrimeBy Samuel Greengard | Posted 2014-04-23 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
The Secure Domain Foundation, which has buy-in from prominent Internet firms, takes a multipronged approach to fighting criminal abuse in the domain industry.
It's no secret that organizations face a growing array of challenges related to cyber-security. What's more, the breadth and depth of threats continue to grow, particularly as more than 1,000 new domains, along with new domain providers, will enter the business world during the coming months.
To deal with this ever-growing threat, industry is looking for new and innovative ways to address these risks. The latest entry? The Secure Domain Foundation (SDF), a not-for-profit organization devoted to the identification and prevention of Internet cyber-crime that utilizes the domain name system (DNS). The project is supported by the Internet Corporation for Assigned Names and Numbers (ICANN), the body that oversees Internet addresses.
Launched in late March, the Canadian-incorporated organization already has buy-in from a number of prominent Internet companies, including Facebook, Verizon, VeriSign, Enom, Name.com, ESET Anti-Virus, DomainTools, Internet Identity, CoCCA, Mailshell, Blacknight Solutions, Foreground Security, and the SecDev Group. More firms are expected to sign on in the months ahead.
The challenge? Cyber-criminals currently rely on weaknesses and gaps in the Internet domain structure to wreak havoc. The use of domain names to control and unleash botnets, distribute malware and takeover computers is on the rise—and is contributing to a growing array of problems, including data and identity theft.
"More than 90 percent of modern malware uses domain names in their command-and-control structure," says Christopher Davis, a co-founder of SDF and director of Intel partnerships at CrowdStrike.
The SDF aims to thwart criminal abuse in the domain industry by adopting a multi-pronged approach. In addition to working with domain registrars to validate postal addresses, email addresses and phone numbers that are provided as contact information during the domain registration process, the organization has spent the last two years assembling a database of malicious domains and entities.
"The SDF facilitates the sharing of data on the bad actors themselves—not just data on the type of malware they are using or phishing scam they are perpetrating," Davis says. "It is our hope that if a domain registrar or hosting provider can easily share data on a criminal they have recently shut down with others in their industry, the bad guys will find it harder to set up shop."
The organization has already developed an API that allows users to obtain an instant score based on the security reputation and contact data validation. The tool is particularly valuable during domain name transactions, such as new account creation, domain registration and record updates. It focuses on four key areas: malware domains, highly suspect domains, bad-faith domains and phishing domains.
The service is available at no charge. At the time of registration, it detects whether the registration data has previously been used in association with any type of cyber-crime.
Davis says that the firms involved in the partnership will analyze hundreds of thousands of malware samples daily, and will work with registries, registrars and hosting providers to shut down the criminal command-and-control infrastructure. The organization will also collaborate with law enforcement agencies in various countries.
Although the initiative won't completely halt domain-related crimes and fraud, it's likely to have a significant impact, he explains. In fact, the organization plans to introduce free security services, tools and initiatives in the coming months.
"This project is the culmination of years of planning and hard work," Davis says. "The more companies know about the adversaries they face, the better they can secure themselves and their customers."