Domain Trust

Building trust in the domain name ecosystem

Domain Trust is an intelligence platform that provides registries, registrars, and cyber protection agencies with high quality, large-scale sets of data on suspected malicious and criminal domains being used in phishing attempts, malware distribution, and command and control (C2) activities. This data provides intelligence upon which they can take further action: investigation, suspension, or disablement.

Domain Trust comprises
several components:

  • Provides intelligence sharing
    and data replication
  • Maintains providence and asserted certainty
    of the data and data submitter
  • Scales multiple data sources to multiple users
    who are able to take action on this intelligence
  • Identifies common data sets, which allows
    for wider scale effectiveness
  • Ranks data according to provider and confidence
  • Facilitates data to other security platforms,
    such as Quad9, which will block criminal sites

Background

Internet domains are a major vector for cyber attacks. Everyday thousands of domains are registered with the sole intent of conducting criminal activity such as phishing or distributing malware. They are used by criminals and state-sponsored actors to conduct attacks that deliver malware, defraud people, and conduct other illicit activity. Domains can be registered quickly, cheaply, and in bulk allowing cyber criminals to move quickly to keep ahead of detection.

Large corporations (such as ISPs), security companies, and law enforcement agencies regularly log these malicious attacks but are faced with the challenge of who to turn to for action to be taken against these domains. In order to be in a position to act against these domains, registrars need corroborated and quantifiable data from law enforcement and the business community to verify the malicious activity.

The Global Cyber Alliance (GCA) Domain Trust platform was created specifically to meet this need. Domain Trust brings together members of the law enforcement, registry/registrar, and business communities to address malicious and criminal domains at scale in a coordinated fashion.

Why Now?

Over the course of the past year there has been a groundswell of desire by the registry and registrar community to clean up the Internet – identify and deal with malicious domains.

In recent years, the data set in the “whois” database has been reduced due to GDPR. This has intensified the need to find a mechanism for reporting a domain owner’s evidence of criminal activity within their domain space. With Domain Trust, GCA aims to give registries, registrars, and cyber protection agencies a high quality, large-scale set of data upon which they can take action.

Although attempts at similar efforts have been made in the past by other groups, we believe the time is right for Domain Trust. The political will and desire to improve the security of the Internet at the infrastructure level exists by entities who can take action against malicious domains. GCA has partnered with a number of these organizations to act as the trusted third party to provide the data upon which they can act.

Participation and Collaboration

Enterprise cyber defense today, by its very nature, is a siloed activity. Domain Trust allows for collaboration in a defense ecosystem providing industry a force multiplier in the battle against cybercrime.  If you are interested in participating in Domain Trust please contact us.

Why Domain Trust?

GCA identified this project as a globally scalable effort to make a measurable impact in the reduction of cyber risk. As a nonprofit organization, GCA acts as a neutral third party, providing a platform that the registry community, enterprise, and law enforcement are able to participate in while making the Internet a more secure environment.