Global Anti-Scam Summit (GASS)’s Post

Transcript

As you know, The funny thing is a criminal needs to go through the same process as any legit business. You need to set up a company, you need to register a website, then you need to promote your services, you need to get in contact with the customer and handle his or her request. And then, in the end, you need to get his or her money. And we strongly believe by better Know Your Customer processes and by better monitoring, we can raise the bar for cyber criminals a little bit. And if everybody just raises the bar a little bit, then you actually create as a complete chain, you create quite a wall. And then of course, we also need to share more intelligence across the sectors. And that's going to be a difficult challenge, but I think it's a very powerful one if we want to reduce scams or take scammers down faster than we're currently doing. I always compare it a little bit to those annoying caps we now have locked to the bottles. It's the same thing. I know it's annoying to ask a customer and let him go through a Know Your Customer process or monitor him. But I think in the end it helps us to create a better world and in this case, a safer Internet. But we have to do it in such a way that it's also fair to all the Internet service players. We have to create a level playing field, making sure that everybody is is raising the bar and not having some freeloaders. The first thing we need to do is make a cybercrime more visible. We work together with a lot of partners like APWG for phishing, SpamHaus for spam. There are many companies which focus on a specific kind of crime. And what's interesting is nobody has a full picture. I mean the data of scam advisor which we we run over only overlaps with 3% with that of a APWG for phishing and even open fish and a APWG only have a minimal overlap. So we need to share actually data on a on a meta level level because a APWG already gets data from twenty, 30-40 different companies, as do we. So that's the idea behind the cybercrime exchange, to actually build a kind of exchange of a a exchange of exchanges by combining the data of Spamhaus, APWG, ScamAdviser and many, many other sources into one big database, allowing us to create a better vision of wire cyber crime is occurring and which Internet service providers are doing a great job to fight abuse and which ones can improve We want to start with. URLs and IP addresses. Why? Because it's the least privacy sensitive. But our goals in the end to expand to other items as well, like cryptocurrency addresses, phone numbers, and maybe even bank accounts. And we don't want to start from scratch. So that's the reason why we formed a corporation with the DNS Research Federation who has a system called DAP.Live, and in DAP.Live there are already 90 data, data sources from ScamAdviser, but also a APWG for phishing, SpamHaus for spam, etcetera. So there are massive amount of data already in there. So that we don't start from scratch would really have a good kick off. The goal of the cybercrime exchange will be threefold. As I said, it's the exchange so people can put data. But also can pull data out, if it's commercial data like from ScamAdviser, Spamhaus being put in, then it doesn't mean you can also take out the commercial data. Therefore, you have to then get a commercial agreement with the, the provider. But the data which is put in free is also accessible for everybody. We also will allow analysis. So if you're a service provider, you can see, OK, where are my problems? Where do I need to fix things? And finally, of course, the leaderboards and the leaderboards. Will show which service providers are doing an excellent job to find abuse and which ones have room for improvement. So the way we're going to set it up is, is as a separate organization. Why? Because the Global Anti-Scam Alliance focuses on scams. It's not, we're not into total cyber crime, but we're good at sales and marketing and DNS Research Federation has a fantastic system and is very good at research. And we're looking for more partners to support us operationally to get this new entity going. And we will have an Advisory Council which will hopefully consist out of all the different stakeholders. Advising us how to make the Cybercrime.Exchange a fair and transparent and independent platform. And I'm very happy to announce that we have our first Advisory Council member, the UNODC, which will support us in further helping and build this platform. But you can also help in other ways. You can help. I mean, yes, we need funding. Yes, we need money and you know where to find me. But we also need data. And data can be 10 bad websites per week from a law enforcement entity or a consumer protection agency. Because also that kind of data helps. Because manually vetted websites or manually vetted vet service help the big search engines, the big social media, the big antivirus companies you create better algorithms to recognize the next scam. So our planning is that we're now working on the the first prototype. The system is already live, you can see it in the main hall. And but we want to build more and more data sources so that we really create a better overview of what's happening with cybercrime. And of course we need to work on our funding. So our goal is to officially launch in January of next year (2025). If you have questions regarding depth or the Research Federation, you will be able to find them in the main room. They have a booth there. And if you have questions around the Global Anti-Scam Alliance and how to become a member or join or support us in other ways, you can also contact Sheyla (Saadat) or Marko (Stojicevic).