Presentation given by Craig Ng at INTERPOL’s 3rd Eurasian Working Group on Cybercrime for Heads of Units, held in Xiamen, China, 23-25 September 2015.

1. How APNIC can support LEAs
in Cybercrime Investigations
~ Beyond Collaboration, Towards Active Engagement
with the Internet Community ~
INTERPOL 3rd Eurasian Working Group Meeting
on Cybercrime for Heads of Units
Xiamen, People’s Republic of China
Craig Ng
General Counsel – APNIC
黄维新
总法律顾问 Ÿ 亚太互联网络信息中心

2. Outline
• About APNIC
• How APNIC works with the law
enforcement community
– Capacity building
– Tools available to you
– Training and capacity building
– Transparency
• Internet Governance
– Make you voice and issues heard
– How you can participate
• How you can help us!

3. About APNIC

4. APNIC is the Regional Internet Registry
(RIR) for the Asia Pacific region
• Delegates and manages
Internet resources
– IPv4 and IPv6 addresses
– AS Numbers
• Maintains the APNIC Whois
Database
• Facilitates IP address policy
development
4

5. Regional Internet Registries
5

6. “A global, open, stable, and
secure Internet that serves
the entire Asia Pacific
Internet community”
APNIC
Vision

7. Law enforcement agencies are important
members of the APNIC community

8. How APNIC works with the LEAs

9. How APNIC works with LEAs
• APNIC provides LEAs with publicly available registry
information to help them respond to malicious activity on
the Internet
• APNIC coordinates with the global technical community to
share information and develop trusted relationships to
ensure coordinated responses to major network security
incidents
• APNIC has dedicated legal and network security experts to
support LEA requests

10. Tools available to you
• Public Whois Database
– Source of information to identify IRT contacts and tracking sources of
abuse
• Education and information sharing
– Training courses, Workshops and Seminars
<training.apnic.net>
– Technical talks & tutorials (including APNIC Conferences)
<conference.apnic.net>
– Publications
<blog.apnic.net/tag/security/>
– Research
<labs.apnic.net>

11. Distributed Whois
11
4 servers now operating:
Brisbane, Tokyo, London, Fremont
Deployed distributed Whois service to
improve responsiveness and resilience
Response times have improved up to
10x for majority of users
Multiple sites to sink attack traffic without
bringing the service down

12. Training and capacity building
APNIC Training
Network operators;
engineers
Law enforcement
investigators
LEA:
Justice sector
<training.apnic.net>

14. APNIC Training in 2015
14
38 face-to-face
courses held in
17 locations
1,158
professionals
trained face-to-
face
Video archives
79 videos
71,180 views
407
professionals
trained via
87eLearning
sessions

15. Security Outreach
Adli
Wahid
Craig Ng
Participation in
NOGs, CSIRTS and
LEA events to
educate and learn
Promoting new
initiatives & security
best practices
among Members
Training for Pacific
LEAs held in
Singapore, Pakistan
and Indonesia
15

16. Law enforcement agencies
engagement plan
• Transparency of APNIC
procedures
<http://www.apnic.net/
transparency>
• APNIC’s policies on handling
of personal information
• Training and capacity building
activities for LEAs in APNIC
service region
Transparency

18. Internet Governance
How you can participate –
Make your voice and issues heard!

19. LEAs and Internet Governance

20. Internet Governance
• Multi-stakeholder governance
model
• Full involvement of all
stakeholders
– dialogue
– decision-making
– implementation of solutions
• Process is –
– fully open
– transparent
– accountable

22. ICANN 2013 Registrar Accreditation Agreement
• Governs the relationship between ICANN and its accredited registrars,
required from 1 January 2014
• Clarifies the responsibilities of the registrars and the rights of the
registrants
• Developed in consultation with LEAs to reflect their requirements
• Requires validation and verification of registrant and account holder
data, resulting in required deletion or suspension of registrations in
cases of:
– Wilful provision of inaccurate/unreliable data
– Wilful failure to update data promptly
– Failure to respond to registrar data accuracy inquiry within 15 days

23. How to participate
ICANN APNIC RIPE Others
• ICANN 54 Dublin
(18-22 Oct 2015)
• ICANN 55
Marrakech
(5-10 Mar 2016)
• APRICOT 2016
Auckland, NZ
(16-26 Feb 2016)
• APNIC 42 Dhaka
(29Sep-6Oct 2016)
• RIPE 71 Bucharest
(16-20 Nov 2015)
• RIPE 72
Copenhagen
(23-27 May 2016)
• LACNIC 24 Bogota
(28Sep-2Oct 2015)
• ARIN 35 Montreal
(8-9 Oct 2015)
• AFRINIC 23 Pointe
Noire, Congo
(28Nov-4Dec 2015)
<meetings.icann.org> <conference.apnic.net>
<ripe.net/participate/
meetings>

24. IANA Stewardship Transition
Domain Names Numbers
Protocols and
Parameters
airchine.com.cn
interpol.int
59.60.8.2
2001:0000:4136:e378:8000:
63bf:3fff:fdd2
AFRINIC APNIC ARIN LACNIC
RIPE
NCC
Multistakeholder community

25. IANA Stewardship Transition

26. IANA Stewardship Transition

28. How you can help us!

29. How you can help us
• Host a regional training event
for 25+ participants
– provide meeting room and facilities
– provide Internet connectivity
– help us invite regional law
enforcement colleagues
• APNIC will provide
– trainers (at no cost)
– independent and trusted technical
training including:
• Internet fundamentals
• Internet routing
• Network security
• Looking for clues from WHOIS registry