Anti-Abuse Working Group Minutes RIPE 85

Thursday 27 October 09:00 - 10:30 (UTC+2)
Chairs: Brian Nisbet, Tobias Knecht, Markus de Brün
Scribe: Alvaro Vives
Status: Draft

Brian Nisbet, Co-Chair of the Working Group, introduced the session and went through the opening administrative matters. He mentioned that Markus couldn’t be present this time. He noted that minutes from the last meeting had been sent to the list and, with no further comments, he declared the minutes approved.

B. Update

B.1. Recent List Discussion

Brian mentioned that there hadn’t been much discussion on the list recently and it would be good to have more, although he said it was also understandable that there weren’t many topics to discuss sometimes.

B.2. RIPE NCC Training Webinar

The presentation is available at:
https://ripe85.ripe.net/wp-content/uploads/presentations/4-Anti-Abuse-Training-update-RIPE-85.pdf

Gerardo Viviers, RIPE NCC, gave an update on the RIPE NCC training webinar status, presenting on what had been done since RIPE 84. The first version of the Anti-Abuse webinar is in production. The first session will be delivered to RIPE NCC members in January 2023. Gerardo thanked all those who had contributed to the webinar since it was a collaborative effort between the RIPE NCC, the community and the Working Group. Going forward, the webinar will be delivered and feedback gathered to see if there is room for improvement, and if so the RIPE NCC will update the material.

Brian asked Gerardo to bring feedback from the webinar to the Working Group. Gerardo said that he will after delivering it a number of times.

B.3. RIPE DB Taskforce Outputs

Brian showed the RIPE Database Task Force recommendation for people to join the Anti-Abuse Working Group. He spoke on the RIPE Database Taskforce outputs and recommendations including “Publishing the legal address of the resource holders” and the recommendation from the Task Force to not do so.

Niall O’Reilly, RIPE Vice Chair, said that there had been contributions made on the Database mailing list about what type of address was needed. Peter Koch, DENIC eG, added that the recommendation was to multiple working groups, in plural, so it may be needed to address things in other WGs not just in Anti-Abuse.

Farzaneh Badii, Digital Medusa, said that before focusing on LEAs and legal addresses, they needed clear definitions of an LEA, addresses and criminal activities. She said that the recommendations were very ambiguous and that a discussion was needed.

Brian briefly clarified, on his behalf and not the community, that they were talking about LEAs in countries within the RIPE region. He added that the RIPE NCC is an organisation based in The Netherlands and that sets its legal framework.

Farzaneh continued to add that some LEAs in several countries are the violators.

Maria Stafyla, RIPE NCC, clarified that the Task Force recommendation comes from a policy proposal from Europol asking for more information about members in the Database to make their investigations easier and that there was publicly available and non-publicly available information.

Peter Koch noted the dichotomy between what a Dutch court asks for and what is shared with the rest of the world.

Mick Begley, .IE said that the NIS2 Directive is coming hard and fast for Europe and it has two pillars around data accuracy and data access requests which should also be considered.

D. Interactions

D.1. Update from German Anti-Abuse Group "KG Abuse"

The presentation is available at:
https://ripe85.ripe.net/archives/video/939/

Patrick Koetter, sys4 AG, gave an update about the Anti-Abuse Group "KG Abuse" in Germany. He spoke on how it was founded and how they had gone from amateur to professional as they soon realised that there were other types of abuse.

He spoke on their activities to reduce anti-abuse costs to 0% thanks to their efforts at the time and how they used this to be able to help others to justify the cost of anti-abuse activities. Patrick also spoke on their endeavors to define abuse, the different groups and stakeholders and how it can mean something different to each one. KG Abuse had recently come up with a table which names different types of abuse and who would be responsible and who may need to be contacted. He finished his presentation speaking on the fact that it is beneficial to think of anti-abuse internationally and that it is better to avoid abuse through better training.

Brian asked if Patrick could share the links mentioned and other materials.

Farzaneh Badii, Digital Medusa, asked whether the groups tackling abuse needed to gain trust by means of transparency and if Patrick’s group offered this transparency.

Patrick said that there were two levels of transparency; internal and external. He added that it was an invite group only and what happens there is not shared outside.

E. Presentations

E.1. urlscan.io

Johannes Gilger, urlscan GmbH, presented on the urlscan.io service.

urlscan.io is a URL scanning platform which allows analysis of suspicious URLs.  The goal of the platform was to automate the collection of the information and have snapshots and a database of pages. In addition to URLS he said that the platform can also search for domains, IPs, subnets, ASNs (name or number), filenames and hashes.

x A.O.B.

Brian asked if there was any other business attendees wanted to speak on.

Farzaneh Badii, Digital Medusa said that commercial presentations were not allowed and that the last presentation was commercial.

Brian said that there wasn’t a rule of not allowing commercial presentations for Working Group sessions. He said that it was also not something that is looked for or encouraged. He added that for anti-abuse products that are especially sensitive, presenters should explain (commercial or not) how they manage information and balance the rights of the users of those tools.

Niall O’Reilly, RIPE Vice Chair added that as previous Working Group Co-Chair, they had always tried to let people know if there were useful products or services available.

Z. Agenda for RIPE 86

Brian called for people to send topics for the agenda for the WG at RIPE 86. He said that people could contact the WG chairs and also use the mailing list.

Brian closed the session.