Spam mass mailing Funding of organized crime and terrorism Large scale or targeted attacks
Behind spam : a shadow economy
From Click Trajectories : End-To-End Analysis of The Spam Value Chain
The Need of a National Response
1. Training Centres
2. Information Sharing Centres
Research on Cybercrime Training of security professionals, researchers, judges and magistrates For both Public Authorities and Private Companies ‘s need of a long term and continued training 2CENTRE in Troyes
A one click button solution that enable End Users to report everything they consider to be a spam Dispatch in real time relevant information to all stakeholders fighting spam Provide intelligence threat landscape Worldwide data sharing in real time with national spam reporting centres
2. Signal Spam : a single click to report any spam and related cybercrime threat
What is this spam? Don’t ask the question : Report It! It is essential to present the end user with a simple and only tool to report anything he dislikes in his e—mail box.
Personal e-maill
Legitimate Newsletter
Illegitimate newsletter but altogether interesting / legitimate newsletter no longer wanted
Unwanted advertisements
Suspicious sollicitations
Scam / Fraud / Phishing / Botnet
Signal Spam in a few keywords
A non for profit association & a public / private partnership Terms of use in compliance with the French Data Protection Agency (CNIL) allowing Signal Spam to collect a high quality information (with original full header) from end users A database containing digital complaints from citizens allowing inquiries and legal procedures A tool to dispatch useful information to various stakeholders A testing ground and an observatory of spam in France
How to report spam ? 1
Go to https://www.signal-spam.fr/
2 Create an account and agree the Terms of Use
3
Install a plugin for a one click reporting or use the online webform
4 Check and edit your reports
How is the database used? Signal Spam is a data feed provider Report to strengthen our knowledge of spam
Report an e-mail as troublesome and unwelcomed
Work with R&D
Filtrar S
Report a suspicious e-mail: fraud, scam, phishing, botnet
Feedback Loop « ESP »
Protecting a brand
Cybercrime mitigation and fight against botnets
E-Mail Senders (ESP)
Marketers and e-sellers
ISP/MSP Security industries Software editors
Unsubscribe users from marketing lists
Reports and analysis on complaints containing defined keywords
Prevention for ISP/MSP’s clients. Blocking of infected computers and domains directed at in reported messages.
Digital evidence repository CNIL Police Gendarmerie ANSSI Signal Spam gathers digital evidences for Law Enforcement and State Agencies.
Clients (marketers) Develop efficient antispam tools| Create an workplace and a testing ground on spam issues
Right of opposition / Counsel to clients
Assessing the success of a mailing campaign for marketers / Detecting frauds and phishing
Give quality data to stakeholders
Inquiries and penalties
3. Members & Organisation
A Trustworthy Network to Fight Spam and related cybercrime threats Law Enforcement & Public Authorities
11 seats (each gets a vote) : - 3 for public authorities - 3 for associations - 3 for industries - President : Jean-Christophe Le Toquin - Vice-president : Eric France Freyssinet
4. Expanding Signal Spam to better address spam related cybercrime threats and botnet issues A. Information Sharing on botnets and phishing B. New version of our database system
Information Sharing on Botnets and Phishing Key observations : • Botnet detection by ISPs is prohibited without legal right A report sent to Signal Spam provides lawful evidence of a compromised computer, which can be used in the cleaning process
• Data sharing and cross-checking is a necessity: Compromised computers (botnet) do not usually attack the national infrastructure. Data Sharing is mandatory to identify botnet attacks on domestic ground
End Users 3rd Party Submission
Internet/Messaging Service Providers Law Enforcement & Cert-A
National Cybercrime/Spam Information Gathering Centres
Intelligence on Botnets
Processing & cross-checking information with reports (digital evidences)
Detection, Mitigation & Takedowns
Next steps
- A neutral and trustworthy platform for botnet reporting, providing ISPs with intelligence on compromised computers on their network. -
Provide to the public cleaning tools (Scan & Repair) developed by security companies Provide to ISPs data on compromised computers that help them engage with their customers Provide customers guidance on how to reach and get support from their ISP
- Standard format X-ARF to receive data feeds on botnets coming from intelligence available abroad
- Research of a relevant algorithm to qualify reports and improve intelligence dispatch in feeds (Phishing Feed for instance…)
Expected benefits Signal Spam • •
• • •
New capability of the database to process multiple data feeds Expansion from Spam Reporting Centre to a National Information Sharing Centre Intelligence made available to partners abroad as well Reports are qualified and categorised by threats Signal Spam adapts its support and communication to new threats
ISP/MSP • •
•
Signal Spam to provide relevant phishing feed to ISP/MSP Reports from citizens are combined with intelligence on botnet with feeds from trusted sources Signal Spam is a neutral and trustworthy third party informing ISP of corrupted computers among their clients.
4. Expanding Signal Spam to better address spam related cybercrime threats and botnet issues A. Information Sharing on botnets and phishing B. New version of our database system
New version of our database system A standardized and replicable solution for sharing intelligence on spam and related cybercrime threats in Europe
Requirements - Report e-mail spam from mobile phones (IMAP) - Receive and dispatch spam multiple feeds from multiple sources :
Webmails Online forms Plugins Spam reporting centres Third parties submissions on botnet data…
- Feedback provided to citizens on their reports
List of spam reported – nature of the threat reported Which authority or company processed the report Was the report useful ? Any action taken based on the reports?
- Database directly searchable by Law Enforcement and Public Authorities - A standardized system, replicable at lower cost by interested countries