Cyber investigators and anti-abuse service providers report that implementation of EU GDPR by ICANN to the distributed WHOIS service is affecting their ability to access information about domain name registrations. This is causing delays in responding to cyberthreats.
Changes were made to the way organizations access WHOIS data, following ICANN’s application for General Data Protection Regulation (GDPR).
According to a joint survey of 300 respondents by the Anti-Phishing Working Group (APWG) and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), these changes are significantly impeding cyber applications and forensic investigations and allowing more harm to victims.
The main reason of delays is that investigators are unable to access complete domain name registration data through public WHOIS service in near real-time, the way they used to before the GDPR implementation. The partial data that is available through public WHOIS services are not sufficient for investigation or to respond to incidents.
“Delays favor the attacker and criminal, who can claim victims or profit over longer windows of opportunity while investigators struggle to identify perpetrators or strip them of their assets (i.e., domain names) with limited or no access to the data that had previously been obtained or derived from WHOIS data,” mentioned APWG and M3AAWG, in the report.
Access to non-public data elements requires a minimum time of days, which was earlier possible in hours or a day.
Since the cybersecurity organizations can’t access complete WHOIS data on time, it is delaying investigations of all types. This includes cyber incidents like phishing, ransomware, as well as distribution of fake news and subversive political influence campaigns.
The report highlights that such delays allow attacks to remain active longer. It can put more internet users in harm.
Also read: ICANN will change DNS root key to strengthen security of domain name system
APWG and M3AAWG suggested that ICANN should establish a mechanism for WHOIS data access by accredited and vetted qualified security actors. Redacted WHOIS data of legal entities should be restored. Along with these, the companies concluded their analysis with more recommendations for ICANN.
Read the full report here.
There’s certainly a lot to know about this issue.
I really like all of the points you’ve made.
Great article, just what I wanted to find.