MichaelOuma: DotConnectAfrica Trust responds to #ICANN #GAC’s objection on its “.africa” #DotAfrica application...

gTLDStrategy: @fairwinds submits comment to #ICANN on Registry Agreement draft - need better trademark protections for brand owners http://t.co/h10Akc1Zpg

On Webwereld an article was published (in Dutch) following a new Kaspersky malware report Q1-2013. Nothing new was mentioned here. The Netherlands remains the number 3 as far as sending malware from Dutch servers is concerned. At the same time Kaspersky writes that The Netherlands is one of the most safe countries as far as infections go. So what is going on here?

Inbound, outbound and on site

From my anti-spam background I have the experience that as long as a spammer remains under the radar of national authorities, e.g. by making sure that he never targets end users in his own country, he is pretty safe. The international cooperation between national authorities is so low, that seldom that something happens in cross border cases. Priorities are mainly given to national cases as cooperation is near existent. (If priority is given to spam fighting at all.)

The same will be the case for the spreading of malware. National authorities focus on things national. Cross border issues are just too much of a hassle and no one was murdered, right?

Of course it is true that if the allegation is right and we are talking about 157 command and control servers for botnets on thousands and thousands if not millions of servers in The Netherlands, the 157 servers is a very low figure. This does not mean that we can ignore this figure if our country is the number 3 spewing malware country in the world. Something needs to happen. Preferably through self-regulation and if not that way, then through regulation.

If it is also true that it is the same few hosting providers that never respond to complaints, it is time to either make them listen or shut them down. There is no excuse for (regulatory) enforcement bodies not to do so. Harm is being done, the economic effects are huge and the name of The Netherlands is mentioned negatively again and again.

In January 2005 at OPTA we were very proud that we had dropped from the number 3 position worldwide for spamming to a position out of the top 20. In six months time! I do not think it is much harder to do so for sending malware.

A suggestion for an action plan

Here's an action plan:

1. Give it priority
2. Start a national awareness campaign
3. Provide a final date to the hosting community
4. Preferably coordinate on 1 to 3 with DHPA (Dutch Hosting Providers Association)
5. Start acting against those that do not mend their ways.

And if anti-botnet infection centre ABUSE-IX starts doing its part on disinfecting end users' devices, The Netherlands may have a winning combination this way.

Of course this can be duplicated in your respective countries also for spam, malware, phishing, cyber crime, etc.

International cooperation

Of course the topics surrounding cyber security calls for international cooperation and coordination. In 2013 it is still virtually impossible to cooperate on cross border cyber crime, spam, the spreading of malware. This needs addressing on EU and world level. National institutions can not afford not to do so. Even if it is hard to give up a little national jurisdiction. There are in between forms, like coordination.

Conclusion

Let's push the boundaries for cyber threats back. It all starts with ambition. Experience shows that (the threat of) enforcement works. This isn't rocket science, it is about political will and insight.

Written by Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement

Follow CircleID on Twitter

More under: Cybercrime, Internet Governance, Law, Malware, Security, Spam

Ecomlawpolicy: Our latest issue is out - covering #CyberSec #copyright #Meltwater #orphanworks #trademark #ICANN & more http://t.co/Le5woiGxdP

ndonnang: The Commonwealth #Cybersecurity Forum 2013 Presentations are now available.. #CTO #CTOSecure #ICANN #ISOC #CM #MTN http://t.co/hoMRWBaMn8

ICANNWiki: @africandomain And yes, very very excited for the conference! #ICANN

mikeseaton: .TEL - The Idea 10/10 - The Implementation 1/10 - Do you agree ? http://t.co/4ArS8awCVk #dottel #telnic #telnames #icann #dns #domainers

vlevinski: RT @CR_NIC: #ICANN expects 646 new #TLD applications to be withdrawn http://t.co/qjlZeDFcDo

DomaineFr: Où en est le .alsace ? http://t.co/YRgwr7BBJ7 #alsace #nomdedomaine #icann

DomainGang: The single most important question fresh domainers need to ask http://t.co/gl9RkbyjUn #domains #domainers #domaining #sales #icann

CR_NIC: #ICANN expects 646 new #TLD applications to be withdrawn http://t.co/qjlZeDFcDo

ausregistryint: Webinar alert: ICANN's #NewgTLDs Contracting Webinar – 13 June http://t.co/VoOCNM9w30 #ICANN

apinhellgod: RT @NewgTLDsICANN: Want to learn more about #ICANN? Try this >> from http://t.co/P4jN7EkjM9 click “About Us” → “Welcome”

NPOC_ICANN: RT @africandomain #ICANN's director of global affairs shares his thoughts on #Africa's internet market & hub offices http://t.co/qPgD0VQVPG

bassesq: Do #domainnames give rise 2 "property" or "contract" rights? Why not both? They're not incompatible http://t.co/Fb7Q7NPhdg #ICANN #UDRP

ausregistryint: ICANN Response to ICA: URS Providers will become Contracted Parties http://t.co/5H7PTVlATr #ICANN #NewgTLDs

socialfreebie: http://t.co/mDW4v6nosY is for sale! http://t.co/hHdg6ijHYa #domains #domainname #domainers #icann #domaining #iphone #cases #dotcom #ipad

socialfreebie: http://t.co/ZdreTTfS7l for sale http://t.co/8jQv7VFcTu #domains #domainname #domainers #icann #domaining #iphone #cases #dotcom #schiphol

ausregistryint: A great summary by @DomainNameWire of the comments #ICANN has received on GAC safeguard advice http://t.co/EASYX2Gp9c #newgTLDs

LogicBoxes: #ICANN expects 646 new TLD applications to be withdrawn. #newgtlds http://t.co/L7eXjvGiLM