E-crime reporting format draws closer to a standard

The data format would allow entities to exchange information on cybercrimes faster

The Internet Engineering Task Force is close to approving a specification for a common format for reporting e-crime, a step taken to allow security experts to react faster to cybercrime.

The Anti-Phishing Working Group is already collecting reports from organizations using the XML-based Instant Object Description Exchange Format (IODEF), which has been customized with extensions appropriate for e-crime reports, said Peter Cassidy, secretary general of APWG.

The format will allow for unambiguous time stamps, support for different languages and a feature to attach samples of malicious code.

The specification is now with the IETF, which has been looking at it for more than a year. If it is approved as a standard, the format will likely be taken up by banks, security organizations and other entities, Cassidy said. The format can be used to report crimes such as phishing and fraud incidents.

What the specification intends to solve is the inconsistent manner in which e-crime reports are now collected. Different organizations assemble data in a variety of ways, and frequently it is not widely shared, Cassidy said.

"Electronic crime is a smattering of data from places you haven't seen," said Cassidy, who is scheduled to give a presentation on Wednesday at the Council of Europe's conference on cybercrime, which runs through Thursday.

That's problematic since spotting e-crime trends requires broad visibility on incidents around the world. With a standard data format inputted into a database, investigators and experts will be able to mine the data and analyze it much faster using automated tools. The data is so voluminous that manual human analysis is impossible.

"Automated analysis is not an option, it's inevitable, which then allows for deterrence," Cassidy said. "You don't win with episodic data."

With a common reporting format, a bank could query the database to find out what range of IP (Internet Protocol) addresses have been used for fraud attacks, Cassidy said. Other parameters could be used, such as conducting searches by geography or even by grammar mistakes in phishing messages.

Criminals know how difficult it is for law enforcement to chase them electronically and use that to their advantage, Cassidy said. "Everything is against the good guys," he said.

The technical part is easy. The challenge is how the information can be legally shared, as data protection regulations differ by countries and regions. IP addresses, for example, can be considered personally identifiable information, but it's a crucial piece of information in cybercrime investigations, he said.

Once the IETF gives the specification a number, organizations are likely to begin using it, Cassidy said.

"I think the banks will embrace it," Cassidy said. "They're already exchanging data."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags securityIETFcybercrime

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?