Below follows my article published in Virus Bulletin of January 2012. The copyright to the article is shared with Virus Bulletin.

In October 2011 the London Action Plan (LAP) held its annual workshop in Paris. Collaboration with the Messaging Anti-Abuse Working Group (MAAWG) meant that attendees were able to engage in more in-depth sessions with industry members and law enforcement representatives. However, with spam figures dropping while fraud and other forms of cybercrime continue to rise, the perceived significance of spam is in decline. LAP faces several challenges in 2012 that it must address in order to remain relevant. But before I present the challenges, an introduction is in order.

The implementation of the 2002 EU ePrivacy and Electronic Communications directive[1], along with similar laws in other parts of the world, effectively dealt with the extreme nuisance of unsolicited electronic advertising, or spam. Anti-spam and malware enforcement agencies were established around the world and the need for cooperation became apparent. In 2004, the US Federal Trade Commission and the UK’s Office of Fair Trading organized a workshop in London in which 27 organizations from around the world participated. They established an informal cooperation network: the London Action Plan.

A mission statement was published: ‘The purpose of this Action Plan is to promote international spam enforcement cooperation and address spam-related problems, such as online fraud and deception, phishing, and dissemination of viruses. The participants also open the Action Plan for participation by other interested government and public agencies, and by appropriate private sector representatives, as a way to expand the network of entities engaged in spam enforcement cooperation.’[2]

The Plan promoted cooperation and the sharing of data between different agencies, but it also promoted public-private cooperation at a time when it wasn’t trending. Several early partners came from industry.

One of the group’s early successes was information sharing. In the first set of cases involving cross-border enforcement, New Zealand, Australian and US agencies [3] each took action against the prolific spammer Herbal King [4] and its mastermind, Lance Atkinson. Toni Demetriou, a senior investigator with the Anti-Spam Compliance Unit of New Zealand’s Department of Internal Affairs, says:

‘International cooperation was essential in getting a result in Operation Herbal King. The FTC was able to provide technical information, making it possible for us to identify the defendants and obtain evidence.’

The various cases resulted in fines and strong injunctions. Dollarrevenue[5] was another example of a LAP success. The case was brought by the Dutch OPTA [6]. By building its case based on data obtained from the FTC through the data-sharing provisions of the SAFE WEB law[7], OPTA was able to stop this source of malware, and levied a 600,000 euro fine. The mere fact that there was a LAP membership list made contact much easier for enforcement officers.

Other LAP initiatives also helped members achieve the shared goal of fighting spam. For example, LAP’s data-sharing template helped standardize information requests and case referrals between agencies. Extensive training also led to the sharing of best practices and techniques for the participating agencies, e.g. on the lessons learned from cross-border cases or on potential cooperation with industry partners. LAP also promoted interaction with industry by co-organizing its annual workshop with the MAAWG meeting in 2007 and with Germany’s annual eco anti-spam event – which included a Microsoft anti-fraud day – in Wiesbaden in 2008.

Hugh Stevenson, the FTC’s Deputy Director for International Consumer Protection, sees a direct relationship between the LAP network and his agency’s ability to prosecute spammers:

‘Spam doesn’t respect national borders, so law enforcers must find ways to work across them. LAP brings together the enforcers on the spam beat, as well as important private partners with a common interest in tackling the problem. Through training, information sharing, and ongoing contacts, we can all do far more together than we ever could on our own.’

However, the scene has changed over the past three years. The relationship between agencies has not intensified and several challenges for LAP have come to light.

With the rise of criminal activity on the Internet the focus has shifted away from spam, making spam enforcement a less essential topic and potentially leading to budget restraints as governments and agencies set different priorities. Is this the correct way forward? To my mind it is not. LAP members can make a huge difference in fighting cybercrime, but they need to overcome several challenges. This can be done by capitalizing on what makes the LAP model of cooperation and knowledge and data sharing so unique.

– Collecting high-quality data
Several spam and malware enforcement agencies have spam reporting centres. Inviting major ISPs and anti-virus companies to share their data with these centres leads to higher quality meta data. Evert Jan Hummelen, OPTA’s Deputy Head Consumers, Numbers and Chair’s Office, who is responsible for the anti-spam and malware team, states:

‘OPTA is constantly seeking information to improve its data position with respect to spam and malware. The first results from international cooperation and data sharing are now becoming visible.’

By making the analysed data transparent, anonymity and hiding on the Internet becomes harder for spammers and attackers alike. For example, data on senders, infected computers, abused IP resources and hosting becomes available. By inviting selected industry partners and banks to share their data, and showing them the added value, more data will become available in 2012.

– Cooperation with different enforcers and industry
As spam, fraud and malware have become virtually indistinguishable, different forms of enforcement have come into view. Toni Demetriou explains:

‘Part of the challenge is realizing and understanding that each law enforcement agency works within a specific area. Police work within criminal law, and spam regulators/enforcers and consumer protection organizations work within civil or administrative law. Each has their own set of investigative tools and levels of proof that have to be provided to the legal system. Industry works with contracts and abuse clauses in those contracts. So the challenge is to overcome any legislative and jurisdictional barriers to legally and effectively share information and evidence in a timely and effective manner.’

So who is best equipped to take on a specific case? All three entities have proven to be successful, for example, in taking down botnets. Coordination between them and the use of each one’s unique powers will make a major difference where tackling cybercrime is concerned.

Coordination is not commonplace, so where do we start? My suggestion would be to look at sharing and analysing data first. Then distribute the results, and from there work towards coordination. Also LAP could demonstrate the full potential of its members to other enforcement agencies through presentations at relevant events, e.g. at an eCrime meeting or at Europol and Interpol high-tech crime meetings.

-The need for more countries to become actively involved
In order to be successful in fighting spam, fraud, malware and cybercrime, more countries need to become actively involved. In other words, more resources need to be put into enforcement agencies and the training of officers in this line of work. Within the EU this could be achieved by giving a form of coordinating power to ENISA, as OPTA suggested in 2009[9], or by opening up the coordinative powers of the EU Cyber Crime Center (to be) to all agencies involved in enforcement on the Internet. On a worldwide scale this could be achieved through active involvement in the Council of Europe’s Octopus programme and conference. Whatever the challenge, it will be LAP’s members that need to push for results at the aforementioned organizations. It will not be the other way around.

There are options available for LAP to prove its worth and make a difference, but it will take ambition, effort and resources. At the end of 2011 LAP faces a choice between obscurity and new successes. The comprehensiveness of the Plan puts LAP in a unique position to make a difference in the fight against spam, including all the harm that comes from the crime associated with it. The near future will show whether it is able to live up to this potential. If LAP is able to forge the necessary cooperation with old and new partners, I have no doubt that it will.

P.S. All quotes come from interviews by e-mail with the quotes persons. I extend my gratitude for both their time and insight on the topic.

[3] The Department of Internal Affairs, Australian Communication and Media Authority, and the Federal Trade Commission
[5] (in Dutch).
[6] Onafhankelijke Post en Telecommunicatie Autoriteit (Independent
Post and Telecommunications Authority)

Wout de Natris, De Natris Consult

About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Cyber crime, International cooperation: cross border aspects, Malware enforcement, spam, Spam enforcement and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s