APNIC 42 : Whois errors creating major issues

05 Oct 2016
00:00

Inaccurate Whois database records are creating serious problems for law enforcement agencies and network engineers alike, attendees of APNIC 42 heard.

George Kuo, services director at APNIC, pointed out how the Whois database is used not just for law enforcement agencies, but also for technical network operators and researchers. The ones who have a contractual responsibility to update the information with APNIC are the RIRs.

It is not just about hunting down cyber criminals. For network engineers, inaccurate information immensely increases the cost of network troubleshooting. For companies, having inaccurate information in the Whois database says a lot about the company itself.

Then there is the issue of custodianship especially of IPv4 addresses.

Currently APNIC is receiving about 100 reports of inaccurate information a month and is growing. The mailing list of the SIG has gone quiet in this area. The challenge is to find a way to increase the accuracy of the database and doing nothing is an option.

After a long Q&A with many people expressing their frustration, Kuo asked the floor if any delegate or any LEA have proposals on how to fix this issue. No answer was forthcoming.

Dhammika Priyantha of the Sri Lanka National Police said that LEA needs accurate Whois information to solve not just cybercrimes, but increasingly financial crimes.

The risk is that inaccurate information will cause a case to be thrown out of court as it has to be proven beyond reasonable doubt. Without real-time information, without a relationship with the ISPs, the benefit goes to the criminals.

Priyantha spoke of the wasted time and resources in misdirected legal requests because of inaccurate information.

One LEA from the floor shared his experience that it now takes on average three subpoenas to get to the right ISP and that was one metric that should be closely monitored by APNIC going forth.

Another issue that the Sri Lankan Police was finding more and more common was the hijacking of names and numbers for use in cybercrimes.

One LEA from Indonesia asked about how Srilanka deals with ever changing IP addresses of mobile data users. The answer was to keep an open dialogue and understand the mobile ISP’s point of view too.

Bobby Flaim from the FBI, speaking from Washington, spoke of an ongoing case of IP hijacking. Criminals had got hold of an inaccurate Whois record, changed it to look like they owned an IPv4 block and used it to send a lot of spam that amounted to millions of dollars in damages.

He said it was no longer about LEA to attribute criminals when a certain IP address is used, but the fact that criminals are now using inaccurate Whois data to commit crime through IP address hijacking, a problem that is getting worse now with IPv4 depletion.

APNIC CEO Director-General Paul Wilson however did point out that APNIC receives a lot of confidential information that is not in the Whois database, but information that cannot be given out without a court order. He also pointed out one flaw in the chorus of calls for more accurate Whois data in that people who commit nefarious crimes usually do not register their real residential address to begin with.

Wilson concurred with Flaim and many others that the immediate goal was to get Whois registration at least correct to the point of the service provider which has the contract with the end user. He noted that while APNIC has accurate information to begin with, sometimes that information is lost when addresses are delegated.

Related content

Follow Telecom Asia Sport!
Comments
No Comments Yet! Be the first to share what you think!
This website uses cookies
This provides customers with a personalized experience and increases the efficiency of visiting the site, allowing us to provide the most efficient service. By using the website and accepting the terms of the policy, you consent to the use of cookies in accordance with the terms of this policy.