Categories
Improving Technical Security Privacy Reports

Join forces to eliminate spam – read the new report from the CRTC

What are the best ways to reduce spam? How can we work together to reduce this threat and create a more trusted Internet?

Last October, in the vibrant city of Bangkok, the Internet Society joined regulators for an in-depth conversation about how to eliminate spam and its harmful effects. Our kind hosts were the Canadian Radio-television and Telecommunications Commission (CRTC) and the International Institute of Communications (ICC).

The CRTC has published a comprehensive and insightful report on the workshop, capturing the key issues, observations, and ways forward. We encourage you to read it carefully. First and foremost, take note of the answer to “why act now?” – it’s a shared responsibility.

This principle lies at the heart of the Internet Society’s Collaborative Security approach. We have a collective responsibility to care for the Internet for everyone.

Spam is not just a nuisance: it’s a vector for malware, fraud and attack. Gone are the days when spam was just an unwanted email. Today, spam is big business.

Spammers are continually adapting their activities to find new ways to: exploit users; maximize their profits; and avoid law enforcement. Two areas of increasing concern are botnets and ransomware, both of which are propagated by spam. Europol’s Serious and Organised Crime Threat Assesssment for 2017 states that ransomware has become “… the leading malware in terms of threat and impact”. And, one only has to look about to the 2016 Mirai botnet DDoS attacks to understand the risk they pose to the stability of the Internet.

Eliminating spam requires efforts on all fronts: legal, technical, economic and social. It’s a problem that will need a collection of solutions, carried out through collaboration across borders and across disciplines.

What can governments do? Governments can contribute to combatting spam and its harmful effects by:

  • deterring bad actors through law and enforcement
  • empowering citizens to avoid the dangers of spam
  • fostering cross-discipline anti-spam efforts
  • encouraging anti-spam best practices
  • supporting anti-spam research.

What can you do? Join the fight against spam. Go to our anti-spam toolkit to find out what you can do to protect yourself and others.

 

Categories
Events Improving Technical Security Privacy

No haven for spam: collaborating at WSIS Forum 2016 to address spam in emerging economies

Spam is not a new issue. Its origins precede the arrival of the Internet. Remember all the unwanted mail, faxes, sms and telephone calls you have received? Spammers will use any communications means that is available to achieve their objectives.

Some countries that faced the effect of email spam early on have discovered ways to combat spam in their economies. However, many emerging economies are only beginning today to see the full impact that spam can have on their network resources and citizens because increased Internet access has also opened the door to spam.

This Friday, at the World Summit on the Information Society (WSIS) Forum 2016 in Geneva, the Internet Society and the International Telecommunication Union (ITU) will be hosting a workshop to explore the specific challenges faced by emerging economies and to discuss what we can do together to mitigate the presence and effect of spam in those economies.

Please join us in person:

Friday 6 May 2016 11:00 – 12:45 (local time)
Room C2. ITU Tower
Geneva

or remotely:

To start the discussion on Friday, I will be sharing some thoughts on why the spam challenges faced by emerging economies today are different than those that more mature Internet economies faced when email spam first emerged.

  • The threat landscape is very different today from 15 years ago, from 10 years ago, etc. The spam problem is now much broader than unwanted emails. It is also a question of scale. The potential scale of attacks is much greater than it was for mature Internet economies countries when they were first exposed to spam. Vastly more commerce now occurs on the Internet and this introduces new avenues for phishing and data theft.
  • Emerging economies may be facing more sophisticated spammers without having had the advantage of building their skills when the threat was simpler. Some economies may have more limited access to human and financial resources.
  • Trust is vital for successful collaboration, especially across borders and communities. New network operators may not know how to get help from anti-spam communities or how to show that they can be a trusted partner.
  • Their citizens may also have less access to secure systems and devices.
  • Many emerging economies are rapidly becoming predominantly mobile commerce economies, a development that will not be overlooked by spammers.

We have invited speakers from emerging economies to share their experiences and the spam problems they are trying to solve.  We have also invited experts from:

  • the London Action Plan,
  • the ITU-D Telecommunication Development Bureau (BDT),
  • the ITU-D Study Group 2 Question 3,
  • the Spamhaus Project

Together we will explore collaborative solutions to effectively combat spam.

Please join the conversation on Friday and bring your ideas!

To learn more about what you can do to stop spam, please go to our new anti-spam toolkit.

Categories
Building Trust Growing the Internet Human Rights Improving Technical Security Internet Governance Privacy Public Policy

French Versions Of Internet Society Policy Briefs Now Available

We are pleased to inform you that through the efforts and collaboration of our community, we are launching our first group of Internet Policy Briefs in French. This is the result of identifying the need of our community to understand issues related to Internet governance through a common and simple approach. The ultimate purpose of these policy briefs is to provide a concise view of Internet Society positions on critical Internet issues and serve as a reference for information and / or guide to governments, policy makers and other stakeholders in the process.

The ten policy briefs can be accessed through the following links:

French: http://dev.internetsociety.org/fr/policybriefs

English: http://dev.internetsociety.org/policybriefs

Spanish: http://dev.internetsociety.org/es/policybriefs

The ten policy briefs now available in French are:

We thank the members of our community who helped in the translation of these policy briefs into French.

We look forward to continuing to grow these and other resources on important Internet topics for our community and other stakeholders.

Categories
Human Rights Improving Technical Security Internet Governance Privacy Public Policy

Spanish Versions of Internet Society Policy Briefs Now Available

We are pleased to inform you that through the efforts and collaboration of our community, today we are launching our first compendium of Internet Policy Briefs in Spanish. This compendium is the result of identifying the need of our community to understand issues related to Internet governance through a common and simple approach. The ultimate purpose of this compendium is to provide a concise view of Internet Society positions on critical Internet issues and serve as a reference for information and / or guide to governments, policy makers and other stakeholders in the process.

The compendium consists of ten policy briefs that you can access through the following links:

Spanish: http://dev.internetsociety.org/es/policybriefs

English: http://dev.internetsociety.org/policybriefs

Below are the different topics developed in the compendium:

Taking advantage of this message, we want to give a formal thank to the volunteers that supported and collaborated in the review of the Spanish versions of these documents: Alejandro Pisanty, Carlos Raul Gutierrez, Cuauhtémoc Gonzalez Vazquez, Edmundo Cazares Lopez, Javier Salazar, Julio Cesar Zerecero Marin, Manuel Beams Aviña, Mariel García M, Olga Cavalli, Oswaldo Larancuent, Roberto Dragonne, Salvador Camacho Hernandez.

We look forward to continuing to grow these and other resources on important Internet topics for our community and other stakeholders.

Categories
Growing the Internet Internet Governance

We Need Your Vote!

The WSIS Forum 2015 is coming up this May in Geneva and we’re excited to announce two projects the Internet Society is involved with are nominated for a WSIS prize.

The winners will be decided by you – so we need your vote! 

Voting closes May 1st so don’t miss out!

Here’s what’s been nominated:

Under Category 2 African Internet Exchange System project

African Union Commission, ETHIOPIA

The African Internet Exchange System project or AXIS project aims at keeping Africa’s Internet traffic local to the continent. Currently, much of Africa’s Internet traffic is routed through Internet exchange points external to the African continent. As countries establish their own IXPs, Internet traffic will be routed locally, creating a downward pressure on costs and stimulating growth in and distribution of local Internet content. Through the AXIS project, the AU and the Internet Society, working with other African Internet organizations such as AfriNIC, AfNOG and AftLD, is providing capacity building and technical assistance to facilitate the establishment of National Internet Exchange Points and Regional Internet Exchange Points in Africa. Through this collaborative effort the organizations involved are assisting in the development of a more locally operated and, hence, more robust and economically accessible pan-African Internet.

 

Vote for AXIS Now!

 

Under Category 5 Combating Spam for Developing Countries

Internet Society, SWITZERLAND

The Internet Society’s Combating Spam for Developing Countries is designed to address the need for linkages between policy makers, network operators and the technical communities who have the knowledge and expertise to policy makers, network operators and technical communities who are in need of the information so they can address the issue of spam within their counties and join the global effort to stop spam. The Internet depends on the reliable functioning of its infrastructure and applications such as email, social media and texting. Addressing the many concerns that have been raised about what to do and how to approach spam mitigation is an on-going activity due to the ever changing nature of the threats that come from unsolicited forms of electronic communications, or spam. With its partners, M3AAWG, LAP, GSMA and the ITU; the Internet Society is keeping the dialogue on how to combat spam going so that expertise, experiences and lessons learned can be shared with people around the world.

 

Vote in support of fighting spam now!

 

Photo: "Vote" © 2008 Mykl Roventine CC BY-NC-SA 2.0 
Categories
Deploy360 Improving Technical Security Securing Border Gateway Protocol (BGP)

BGPmon: Using BGP Data To Fight Spam

BGPmon logoCan we use BGP data to find email spammers? And could securing BGP provide a mechanism to help reduce spam?

In a fascinating article on BGPmon’s site, Andree Toonk explores how they found that “IP squatting” is used by spammers.  Essentially the attack seems to work like this:

  1. The spammers identify a block of IP addresses (IPv4) that are not currently being used on the actual Internet.
  2. The spammers send out BGP announcements routing that block of IP addresses to their servers.
  3. The spammers send out their spam email messages.
  4. When done (or when the IP address block is blocked by anti-spam tools), the spammers stop announcing the BGP routes for those IP address blocks.

They then can move on to announcing other IP address blocks to send more spam.

The article provides a very compelling and very readable description of two case studies where they found this to happen. In one case the spammers also used an Internet Route Registry (IRR) to attempt to give their BGP route announcement more legitimacy.

The BGPmon article doesn’t get into solutions… but preventing these kind of attacks is precisely why we set up the Securing BGP topic area of this site.

A general area of “source address validation” is critical here – the idea being to have some way to know that the router announcing the BGP routes has the actual authority to do so. New tools such as RPKI are emerging that let us securely validate the origin of route announcements to prevent spammers from performing the attacks like this.  With such tools a router would reject BGP announcements that came from the spammers’ systems because the spammers would not be able to securely assert that they had the right to announce those IP address blocks.  The challenge, of course, is to get more routers start signing route announcements – and more routers start validating route announcements.  (Read about how Jan set up RPKI for his lab.)  There are other tools and methods being explored, too.  The point is to not allow “spoofed” IP address blocks to get into the global routing tables.

This idea of securing BGP route announcements is also part of the “Routing Resilience Manifesto” that continues to be developed as (voluntary) guidelines for network operators.

If we are collectively able to implement some of these mechanisms for securing BGP we can potentially make a significant reduction in the ability of spammers to send their email – and make the Internet more secure and working better in the process.  Please do check out our Securing BPG section and consider what you can do in your network today!

Categories
Building Trust Internet Governance Privacy

Unsolicited Email – So what is the problem with Spam?

A trusted Internet and openly connected world can only happen if we work together.

Spam is often the vehicle for malicious code and online fraud; it is a perilous threat that creates a burden for networks, operators, governments and end users.

High volumes of unsolicited email can cause significant impacts to regions with limited Internet access as well as raise concerns everywhere with the increasing malware infections that come from unsolicited email.

There are significant:

  • Economic impacts where there is limited and costly bandwidth
  • Productivity losses when real email can’t be delivered
  • Financial blows to users, businesses and governments who must deal with the harm and drain to their resources

What can you DO to join the fight against Spam?

  • You can talk about the ways and the tools to use stop spam
  • You can join the technical community in discussing best practices and other solutions to better mange networks
  • You can talk to policy makers to get their support for anti-spam initiatives
  • You can share your research with the Internet Society and help us grow the knowledge base on spam.   Spam toolkit is built on information and research from the community, located on the Internet Society web site for the spam project, so submit your paper to the Spam toolkit for consideration and inclusion in this capacity building repository
  • If you have an anti-spam project that could help your community, apply for an Internet Society Community Grant and help make it a reality.
Categories
Improving Technical Security Internet Governance Privacy

Partners in Fighting Spam

There’s no doubt about it, Spam is a global problem.  No matter if it’s an unwanted email, a virus, or a rather bizarre update about the latest pharmaceutical product – our junk mail folders are growing and our patience is shrinking.

Enough is enough. It’s time to work together to do something about spam.

But we can’t do it alone.

To fight spam on a large scale we are partnering with technical experts and extraordinary organizations around the world.

By working in partnership we can support local technical experts and policy and decision makers around the world to get the information they need to join in the global effort in the fight against spam.

Spam has become a challenge for developing counties; it infects networks, slows down traffic, and creates unwanted access costs.  It has prohibited some people from fully realizing the potential of the Internet.  The Internet Society is determined not to let Spam continue to be a barrier to free trade, educational opportunities, and access to information for developing countries.

What are we doing about Spam?

We are working with partners around the globe to attack the challenge together.

The Internet Society is pursuing opportunities to partner with organizations and experts on offering programs that focus on addressing the concerns of developing country policy-makers who are in need of solutions to help them address the growing problems they face with spam.

While the telecommunication industry and Internet communities have made great strides in creating best practices and developing technical tools to combat spam, there is a need to develop greater partnerships between industry and policy makers to address spam so that spam does not continue to be a barrier to free trade, limit opportunities, and restrict access to information, in particular for developing countries.

So how can you learn more or find training?

That is where partnerships come in and where we intend to work in an effort to collaborate on addressing the global spam problem by using innovative approaches contributed by experts to address the burden for developing countries, network operators, and end users that can minimize the harm.

It’s about leveraging each other’s strengths to achieve great success.

Lasting solutions that come from the ground up.

We believe the solutions to spam can be found in countries, neighborhoods, villages, and communities around the world.

It’s about the deep knowledge brought by local experts and then amplifying it with a global voice.

It’s this unique way of working – one that combines global reach, a foundation in technology, partnerships, multistakeholderism and involves action at every level from local to global – that helps us realize our ambition of a world where everyone can access and develop a connected, borderless, permission-less, limitless Internet that creates opportunity and progress for all.

Join Us In The Fight Against Spam!

We need you to partner with us in the fight against the proliferation of spam.

Here are ways you can get involved:

A truly open and connected world can only happen by working together.

Join our growing network and be part of the dialogue that is becoming the powerful force working to put an end to the problem of spam.