[At-Large] Impressions from the Whois-Review
neil at cauce.org
Mon Jan 31 10:54:41 UTC 2011
2011/1/31 Lutz Donnerhacke <lutz at iks-jena.de>:
> As an AtLarge delegate to the whois review team, I'd like to keep you
> informed. Of course I'll not talk about interna, but give you background
> about my activities.
> or http://wwwneu.iks-jena.de/Blog/Das-war-schon-immer-so
Lutz, you make three assertions:
1. "Coming from AtLarge I do not have to follow economic interests or
law enforcement needs, I'd even could ignore the laws itself by
expressing end user concerns. I'll not deal with the discussions here
or tell stories from the desk, that would only cause trouble."
but then go on to comment about LEA use of WHOIS data:
"Whois information are rubbishy for law enforcement. Serious crime
will not give their real name to start their activities, they use
stolen credit cards and forged identities. All those internet service
providers and resellers out there can easily be fooled by serious
criminals. And real criminals do run their own provider services
itself. Nobody would even consider such a worldwide identification
scheme for normal internet access today."
"Whois information is unusable for law enforcement. Current Whois
services are often used to solve low level internet crime."
Every time we have heard from law enforcement, there is ongoing and
legitimate use of WHOIS, and it does manage to be very useful.
At present time, I am involved with two cases, one a spamming case,
and the other a phishing incident. In both instances, WHOIS has proven
to be very helpful. Despite your dismissing WHOIS as not being useful,
I can state unequivocally that this is incorrect. The spammer has left
dozens of clues that have allowed us to identify the individual behind
the incident, and with the phishers, WHOIS allowed us to protectively
block tens of millions of very malicious (malware payload) phishing
emails from hitting their intended targets.
WHOIS is also used by researchers who assist law enforcement in their
preparation of cases. This happens daily, constantly.
Obviously, I am unable to speak with specifics in either case at
present time, but it is with 100% assuredness that I can say that
without WHOIS, we would find it impossible to file charges. As it is,
we are much more further along in that regard.
More information about the At-Large