How APNIC can support law enforcement agencies in cybercrime investigtaion

How APNIC can support LEAs in Cybercrime Investigations

~ Beyond Collaboration, Towards Active Engagement with the Internet Community ~

INTERPOL 3rd Eurasian Working Group Meeting on Cybercrime for Heads of Units Xiamen, People’s Republic of China

Craig Ng General Counsel – APNIC

黄维新总法律顾问 � 亚太互联网络信息中心

Outline

•  About APNIC •  How APNIC works with the law

enforcement community –  Capacity building –  Tools available to you –  Training and capacity building –  Transparency

•  Internet Governance –  Make you voice and issues heard –  How you can participate

•  How you can help us!

About APNIC

APNIC is the Regional Internet Registry (RIR) for the Asia Pacific region

•  Delegates and manages Internet resources –  IPv4 and IPv6 addresses –  AS Numbers

•  Maintains the APNIC Whois Database

•  Facilitates IP address policy development

4

Regional Internet Registries

5

“A global, open, stable, and secure Internet that serves

the entire Asia Pacific Internet community”

APNIC Vision

Law enforcement agencies are important members of the APNIC community

How APNIC works with the LEAs

How APNIC works with LEAs

•  APNIC provides LEAs with publicly available registry information to help them respond to malicious activity on the Internet

•  APNIC coordinates with the global technical community to share information and develop trusted relationships to ensure coordinated responses to major network security incidents

•  APNIC has dedicated legal and network security experts to support LEA requests

Tools available to you

•  Public Whois Database –  Source of information to identify IRT contacts and tracking sources of

abuse

•  Education and information sharing –  Training courses, Workshops and Seminars

<training.apnic.net> –  Technical talks & tutorials (including APNIC Conferences)

<conference.apnic.net> –  Publications

<blog.apnic.net/tag/security/> –  Research

<labs.apnic.net>

Distributed Whois

11

4 servers now operating: Brisbane, Tokyo, London, Fremont

Deployed distributed Whois service to improve responsiveness and resilience

Response times have improved up to 10x for majority of users

Multiple sites to sink attack traffic without bringing the service down

Training and capacity building

APNIC Training

Network operators; engineers

Law enforcement investigators

LEA: Justice sector

<training.apnic.net>

APNIC Training in 2015

14

38 face-to-face courses held in

17 locations

1,158 professionals

trained face-to-face

Video archives 79 videos

71,180 views

407 professionals

trained via 87eLearning

sessions

Security Outreach

Adli Wahid

Craig Ng

Participation in NOGs, CSIRTS and

LEA events to educate and learn

Promoting new initiatives & security

best practices among Members

Training for Pacific LEAs held in

Singapore, Pakistan and Indonesia

15

Law enforcement agencies engagement plan •  Transparency of APNIC

procedures <http://www.apnic.net/transparency>

•  APNIC’s policies on handling of personal information

•  Training and capacity building activities for LEAs in APNIC service region

Transparency

Internet Governance

How you can participate – Make your voice and issues heard!

LEAs and Internet Governance

Internet Governance

•  Multi-stakeholder governance model

•  Full involvement of all stakeholders –  dialogue –  decision-making –  implementation of solutions

•  Process is – –  fully open –  transparent –  accountable

ICANN 2013 Registrar Accreditation Agreement

•  Governs the relationship between ICANN and its accredited registrars, required from 1 January 2014

•  Clarifies the responsibilities of the registrars and the rights of the registrants

•  Developed in consultation with LEAs to reflect their requirements

•  Requires validation and verification of registrant and account holder data, resulting in required deletion or suspension of registrations in cases of: –  Wilful provision of inaccurate/unreliable data –  Wilful failure to update data promptly –  Failure to respond to registrar data accuracy inquiry within 15 days

How to participate ICANN APNIC RIPE Others

•  ICANN 54 Dublin (18-22 Oct 2015)

•  ICANN 55 Marrakech (5-10 Mar 2016)

•  APRICOT 2016 Auckland, NZ (16-26 Feb 2016)

•  APNIC 42 Dhaka (29Sep-6Oct 2016)

•  RIPE 71 Bucharest (16-20 Nov 2015)

•  RIPE 72 Copenhagen (23-27 May 2016)

•  LACNIC 24 Bogota (28Sep-2Oct 2015)

•  ARIN 35 Montreal (8-9 Oct 2015)

•  AFRINIC 23 Pointe Noire, Congo (28Nov-4Dec 2015)

<meetings.icann.org> <conference.apnic.net> <ripe.net/participate/meetings>

IANA Stewardship Transition

Domain Names Numbers Protocols and Parameters

airchine.com.cn interpol.int

59.60.8.2 2001:0000:4136:e378:8000:

63bf:3fff:fdd2

AFRINIC APNIC ARIN LACNIC RIPE NCC

Multistakeholder community



How you can help us!

How you can help us

•  Host a regional training event for 25+ participants –  provide meeting room and facilities –  provide Internet connectivity –  help us invite regional law

enforcement colleagues

•  APNIC will provide –  trainers (at no cost) –  independent and trusted technical

training including: •  Internet fundamentals •  Internet routing •  Network security •  Looking for clues from WHOIS registry