IETF approves customised version of e-crime reporting format
The format will allow organisations to report cybercrime in a uniform format for analysis
By Jeremy Kirk | Published: 12:24, 21 September 2010
An Internet standards group has approved an electronic crimes reporting format, which may eventually give security researchers a cohesive, broad set of data to gauge online crime.
The Internet Engineering Task Force (IETF) approved a customised version of the XML-based Instant Object Description Exchange Format (IODEF). Extensions have been added to it that are appropriate for creating standard e-crime reports.
The format allows for unambiguous time stamps, support for different languages and a feature to attach samples of malicious code. It solves the problem facing the security industry now of inconsistent reports, which make it harder to spot trends and react faster.
Related Articles on Techworld
It is hoped that organizations hit by Internet crime such as banks will be able to mine a centralized database that holds the reports. If a bank is experiencing an attack, it could query the database to find out ranges of IP (Internet Protocol) addresses that have been used for offenses such as phishing attacks.
Further queries could determine if other banks have been hit by attacks and analyze spam messages to see if there are common patterns in the grammar or if the attacks originate from a certain area. All of the information could then be used to contact ISPs to take steps to stop the abuse.
The Anti-Phishing Working Group, which has been instrumental in developing the reporting format, plans to run a trial to see how organizations can share the data in the format. One of the goals is to see if one organization can use reports from another without further communication, according to a paper on APWG's website. Two parties have typically had to communicate several times to sort out issues such as the actual time of an event, because of time zone differences.
"Actually, data exchanges will help to refine the operational, policy and procedural issues that appear whenever a data exchange question arises," according to the APWG document.
The data would be transferred between two parties via e-mail. Another goal is to see if the reporting format can support different languages. Many e-crime reports have been written by non-native speakers of English, which has been difficult given the highly technical nature of e-crime, the APWG said.
