E-crime reporting format draws closer to a standard

The data format would allow entities to exchange information on cybercrimes faster

The Internet Engineering Task Force is close to approving a specification for a common format for reporting e-crime, a step taken to allow security experts to react faster to cybercrime.

The Anti-Phishing Working Group is already collecting reports from organizations using the XML-based Instant Object Description Exchange Format (IODEF), which has been customized with extensions appropriate for e-crime reports, said Peter Cassidy, secretary general of APWG.

The format will allow for unambiguous time stamps, support for different languages and a feature to attach samples of malicious code.

The specification is now with the IETF, which has been looking at it for more than a year. If it is approved as a standard, the format will likely be taken up by banks, security organizations and other entities, Cassidy said. The format can be used to report crimes such as phishing and fraud incidents.

What the specification intends to solve is the inconsistent manner in which e-crime reports are now collected. Different organizations assemble data in a variety of ways, and frequently it is not widely shared, Cassidy said.

"Electronic crime is a smattering of data from places you haven't seen," said Cassidy, who is scheduled to give a presentation on Wednesday at the Council of Europe's conference on cybercrime, which runs through Thursday.

That's problematic since spotting e-crime trends requires broad visibility on incidents around the world. With a standard data format inputted into a database, investigators and experts will be able to mine the data and analyze it much faster using automated tools. The data is so voluminous that manual human analysis is impossible.

"Automated analysis is not an option, it's inevitable, which then allows for deterrence," Cassidy said. "You don't win with episodic data."

With a common reporting format, a bank could query the database to find out what range of IP (Internet Protocol) addresses have been used for fraud attacks, Cassidy said. Other parameters could be used, such as conducting searches by geography or even by grammar mistakes in phishing messages.

Criminals know how difficult it is for law enforcement to chase them electronically and use that to their advantage, Cassidy said. "Everything is against the good guys," he said.

The technical part is easy. The challenge is how the information can be legally shared, as data protection regulations differ by countries and regions. IP addresses, for example, can be considered personally identifiable information, but it's a crucial piece of information in cybercrime investigations, he said.

Once the IETF gives the specification a number, organizations are likely to begin using it, Cassidy said.

"I think the banks will embrace it," Cassidy said. "They're already exchanging data."

Join the CSO newsletter!

Error: Please check your email address.

Tags securityIETFcybercrime

More about IETFInternet Engineering Task Force

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts