membership

Report Phishing

Report Phishing

-- Home
-- Report Phishing
-- APWG Events
-- Resources
-- Membership
-- APWG Member Site
-- APWG eCrime Newswire
-- Crimeware Map
-- Phishing Archive
-- Contact Us
-- JOIN THE APWG
 
APWG Global
Research Partners
:

 click here for a full listing

 



 
APWG eCrime Newswire
Powered by Exfacto!


 


More on APWG's Phishing and
eCrime Newswire Page
 
owl 2007 APWG General Members Meeting
Pittsburgh, PA
October 2 - 3, 2007
Program Sponsor
CERT Network Situational Awareness Group
Program Partner
CERT
 
Meeting Logistics

The APWG is pleased to present the 2007 Fall General Meeting. Please join us at this opportunity to bring yourself up-to-date on phishing's evolution across the globe. Count on two full days of presentations, panel discussions and in-depth round-tables.

At this two-day members-only meeting, the APWG will examine crimeware's evolution, the roles of Registrars, Registries and DNS in managing phishing attacks, public health approaches to managing the Botnet scourge, behavioral vulnerabilities and human factors that contribute to phishing's success as well as breaking news on Counter-eCrime tools and resources.

Participants in the eCrime Researchers Summit and the General Members Meeting are invited to the APWG eCrime reception at Carnegie Mellon University on the evening of Wednesday, October 3. Join us for a dinner buffet, drinks, and an eCrime cabaret performance.

APWG Members and Non-Members Please Note: The sessions at the Fall General Meeting are open to APWG Members Only. APWG organizers will vet all registrants that sign up for the conference. Interlopers will not be accomodated. If you haven't already, check membership rules and benefits at: http://www.antiphishing.org/membership.html Membership is open to qualified financial institutions, online retailers, ISPs, the law enforcement community, security solutions providers and research institutions. Members at the individual level and above are eligible to attend conferences.

REGISTRATION NOTICE : Registration for this General Members meeting is for the ONE event on October 2 and 3 and does NOT entitle the registree to attend the eCrime Researchers Summit on October 4 and 5. To also attend that event will require a separate registration, see this page for details.
 

 
 
Working Agenda
  Tuesday, October 02
7:30 AM

Breakfast & Registration

 

8:30 AM

Opening Remarks and Conference Overview
 


Dave Jevans
Chairman
APWG

Peter Cassidy
Secretary-General
APWG
 


 
  Global Statistical Overview of Phishing and Crimeware
 

Bassam Khan
Cloudmark
 

 
  International Field Reports
 

Steve Martin
Australian High Tech Crime Centre
Economic & Special Operations
Australian Federal Police

flag 
 
Futoshi Nakada
Chair, Council of Anti-Phishing Japan
Marketing Director, SecureBrain Corporation
   
Cristine Hoepers
CERT.br
Brazil
   

Dave Woutersen
Security Specialist
GOVCERT.NL

   
   
  Morning Break and Kaffee Klatsch
 
   
  Potent & Emergent Technical Vulnerabilities Report
Siege at the Desktop; Insurgency in Web Space
 
   
  Web Applications Vulnerabilities Survey and Review
 
Robert Hansen, CISSP
CEO
SecTheory LLC
 
 
  Web Applications Vulnerabilities Survey and Review
Weakest Link on the Desktop: Still the User
  

Jason Milletary
Internet Security Analyst
CERT

Nick Ianelli
Internet Security Analyst
CERT

Jeff Gennari
Internet Security Analyst
CERT
 

 
  Lunch
 
   
  Technical, Tactical and Operations Report
 


 
  eCrime Network For Hire Yinon Glasner
RSA Security, Inc.
 
 
  Of BIND and Cache: Potent Technical Vulnerabilities Within BIND 9 Transaction IDs

Amit Klein
Trusteer, Inc.
 

 
  The ROCK Targets Domain Name Management Systems:
Implications for eCommerce Security

 

Rod Rasmussen
Internet Identity, Inc.
APWG DNSPWG Co-chair
 
 
  Phriendly Phishing Landing Page Strategies
Leveraging the Phishimg Victim Experience for Consumer Education
 
Todd Inskeep, CISSP
Bank of America
 
 
  Building the Global Crimeware Radar Array
 

Jacomo Piccolini
Brazilian Academic Research Network CSIRT
CAIS/RNP
 

 
 

Afternoon Break and Kaffee Klatsch
 



 
 

APWG Operational Resources Session
 


 
  The APWG Contacts Counter-Phishing Signaling and Communication System and Related Federation Issues
 
Foy Shiver
Deputy Secretary-General
APWG
 
  The eCrime IODEF Extensions for eCrime Event Reporting and Its Implications for Automating eCrime Response Routines
 
Pat Cain
Cooper Cain, Inc.
APWG Resident Research Fellow
 
 
  APWG eCrime Event Repository 2.0
 
Dave Jevans
Chairman
APWG
 
 
 

Working with Law Enforcement Session
 

 
  Enterprise Forensics and the Private Sector/Law Enforcement Interface

Joel Yusim
IT Project Manager

CISCO
 
 
 

The Cyberpol Proposal
An eScotland Yard for Cybercrime?
 

Cst. Kathy Macdonald, CPP
Crime Prevention Unit
Calgary Police Service
 

 
 

Industry Collaborations at the Speed of eCrime:
A Colloquy and Call to Action by the National Cyber-Forensics & Training Alliance


 

Ron Plesco
CEO NCFTA

SSA Tom Grasso
FBI CIRFU at NCFTA
 

 
 

A Special NCFTA Presentation

Stalking the ROCK:
The NCFTA Shares Its Insights Into the Enigmatic ROCK Phishing Group
 

SSA Mike Eubanks
FBI CIRFU at NCFTA

David Bonasso
Program Director, NCFTA
 

 
6:00 PM Closing Day One and Announcements
 
   
       
7:30 PM APWG Steering Committee Meeting
 

Moderator:
Dave Jevans
APWG Chairman
 

 
 

 

 
  Wednesday, October 03

07:30 AM


Breakfast

 

 
08:30 AM Behavioral Vulnerabilities Session Presentations and Panel
 




 

  Research Review:
Supporting Trust Decisions Research at Carnegie Mellon

 
 
Lorrie Cranor
CyLab
Carnegie Mellon University
 
 
  You've Been Warned:
An Empirical Study of the Effectiveness of Web Browser Phishing Warnings
 
Serge Egelman
 
 
  Anti-Phishing Phil:
The Design and Evaluation of a Game That Teaches People Not to Fall for Phish

 
Steve Sheng
 
 
  Morning Break and Kaffee Klatsch
 
   
 

Domain Name System Policy Working Group
Presentations and Panel

This session will give an update on the activities of the Domain Name System Policy Working Group (DNSPWG).  The four teams on the DNSPWG will give reports on their respective areas.  These updates will include the status of the changes proposed to WHOIS by ICANN, progress in working with registries to suspend domain names used for phishing, best practices being prescribed for registrars and registries, statistics on the use of domain tasting in the phishing industry, an overview of DNSPWG's participation in the June 2007 ICANN meeting, and plans for the October ICANN meeting.  In addition, there will be an update on the various documents recently published by this sub-committee.
 

 
Moderator:
Laura Mather, Ph.D.
MarkMonitor & DNSPWG Co-chair

Panelists:
Rod Rasmussen
InternetIdentity & APWG DNSPWG Co-chair

Mario Maawad
LaCaixa CSIRT

Pat Cain
Cooper Cain, Inc.
APWG Resident Research Fellow

Greg Aaron
Afilias

John L. Crain
Chief Technical Officer
I.C.A.N.N.

Dave Piscitello
SSAC Fellow
ICANN

David Maher
Senior Vice President
Law & Policy
Public Interest Registry

Mike Rodenbaugh
ICANN
Councilor
Generic Names Supporting Organization
 

 
  Lunch
   
 

APWG Roundtable
Botnets, Network Forensics and the Diplomatic Aspects of the Private Sector/Law Enforcement Interface in eCrime Suppression


 



 
 

Following Botnet Controllers Home:
Infiltrating and Monitoring eCrime Communications
  

Lawrence Baldwin
My | NetWatchman
  
 
  The Black Art of Mapping Criminal Actors to Correlative eCrime Events
 
Andre DiMino
ShadowServer
 
  Fraud 2.0 – How Botnet proxies defeat current credit-card and banking fraud protection
 
Alisdair Faulkner
Director of Development
ThreatMETRIX
 
 
 

Geopolitical and Diplomatic Aspects of eCrime Networks
 

Sidney Faber
CERT/NetSA
 
 
  Panel Discussion:
Ethical, Legal and Techo-diplomatic Challenges to Botnet Mapping and Remediation
 

Moderator
Randy Vaughn
Baylor University

Panelists:
Gary Warner
University of Alabama at Birmingham

Andre DiMino
ShadowServer

Mike Collins
CERT/NetSA

Don Blumenthal
Infragard - Michigan Chapter
 

 
  Afternoon Break and Kaffee Klatsch
 
   
  APWG Roundtable
Plotting Priorities: 2008 and Beyond

APWG members, research partners and thought leaders consider the challenges facing the counter-ecrime community in a number of discrete technical, industrial and political dimensions including Desktop Protection/Hygiene, Security Usability/Consumer Education, Network Protection/Hygiene, DNS Protection/Hygiene, Law Enforcement and Response Strategies. Panelists posit priorities in engaging each of these aspects of the ecrime crisis at hand and consider their costs and consequences with the APWG plenary .
 

Moderator:
Dave Jevans
Chairman, APWG

Panelists:
Dan Schutzer
Executive Chairman
Financial Services Technology Consortium
Financial Institutions & Transaction Space Strategies and Priorities

Dr Randy Vaughn
Graduate Faculty
Baylor University
Networtk Protection: Hygiene Strategies and Priorities

Craig Spiezle
Director
Microsoft
Desktop Protection:
Hygiene Strategies and Priorities

John L. Crain
Chief Technical Officer
I.C.A.N.N.

Dr. Lorrie Cranor
Cylab
Carnegie Mellon University
Security Usability and User Behavior Strategies and Priorities

Gary Warner
University of Alabama at Birmingham
Private Sector Response Strategies and Priorities

SSA Tom Grasso
FBI CIRFU at NCFTA
 

 
  Closing Remarks
Dave Jevans
Chairman
APWG
 

 
5:00 PM

APWG Field Trip to the NCFTA Labs

APWG Program National Cyber Forensics and Training Alliance has arranged for APWG conferees to tour their Pittsburg laboratories

Registered APWG conference attendees will receive information on sign-up for this trip at the meeting.
 
 
5:15 PM

Birds of a Feather Sessions at the NCFTA

 

Crimeware and Crimeware-Spreading URL Reporting and Data Sharing

Botnet Data Reporting and Data Sharing
 

 
       
7:30 PM

APWG eCrime Fighters Night Out

APWG Conference Week Partner CMU CyLab hosts the evening's dinner, drinks and revelries for all attendees of the General Members Meeting and the eCrime Researchers Summit.

 

 
       



 
Location, Transport and Accommodation Logistics
Holiday Inn Select
100 Lytton Avenue
Pittsburgh, PA 15213
US
Tel: +1.412.682.6200
Fax: +1.412.681.4749
Hotel Map

This year's General Meeting and all event meetings are being held at the Holiday Inn Select University Center Pittsburgh. Nestled in the center of Pittsburgh's academic, medical and cultural community, the hotel is adjacent to the University of Pittsburgh and walking distance from Carnegie Mellon.

Local Attractions
* Heinz Field & PNC Park
* Andy Warhol Museum
* Phipps Conservatory
* Kennywood Amusement Park
* Sandcastle Water Park
* Mellon Arena
* The Waterfront Shops & Restaraunts
* Station Square Freight House Shops
* Mt. Washington & Duquense Incline
* Shadyside Shopping District
* Soldier's & Sailors Hall
* Southside Nightlife District

 

Hotel Room Reservations
For reservastions please use 3-letter code "APW" and contact the hotel at 1.800.864.8287 or visit their website. The negotiated APWG discount rate is availalbe for the nights of September 30 through October 6, based on availability. To qualify for the APWG rate registrations must be received before September 14 at 5:00 PM EST. Please mention "APW" when registering for this special rate. After September 14, please contact the hotel directly to determine availability and rate.

Standard Rooms $112 single/double *
(Rate subject to local taxes)

Check In Info / Cancellation Policy
Check-In time is 3:00 p.m. or later. Anyone arriving prior to 3:00pm will be accommodated as soon as possible, but should be advised that there may be a wait. Check-out time is 12 noon. Arrangements can be made for baggage storage with our front desk staff. An advance deposit will be taken at time of booking. Deposit is refundable only if reservation is cancelled 72 hours prior to arrival date. No-shows and reservations cancelled less than 72 hours in advance will be charged in full plus taxes.

* This room rate is not commissionable to travel agents.
 

 
Call for Presentations  
For this meeting, the APWG is still developing, reviewing and receiving, proposals for research presentations from the membership and from visiting scholars. Financial institutions, technology, vendors, ISPs, law enforcement representatives and inter-disciplinary study groups working within the APWG research committees are all invited to send their proposals to Secretary-General Peter Cassidy at pcassidy@antiphishing.org.
 
 
Vendor Sponsorship Opportunities  

APWG is offering an opportunity to build relationships while marketing your company to a targeted audience of communications service, technology companies, security companies, regulatory and law enforcement officials and financial institutions during its Fall 2007 General Meeting in October.

Sponsorships are a personal, non-intrusive way of conveying your message. Additionally, your participation can help support activities vital to the overall success of the APWG and its research partners, which ultimately contributes to the success of the entire counter-phishing stakeholders' community.

The following benefits are available to Meeting Sponsors, once your sponsorship is confirmed:

Recognition in on-site signage displayed during the meal or break
Distribution of one giveaway such as a literature pack

There are a number of meal or break sponsorship opportunities available for APWG members who want to use the meetings as an opportunity to communicate their brand and message to members of the APWG and presenters, each either a critical decision maker or a thought leader in his or her own right.

For more information on sponsoring oportunities please contact APWG Deputy Secretary-General Foy Shiver at fshiver@antiphishing.org.
 

 
About the Anti-Phishing Working Group  

The Anti-Phishing Working Group (APWG) is focused on giving industry stakeholders a confidential forum to discuss phishing issues, define the scope of the phishing problem in terms of hard and soft costs, and share information and best practices for eliminating the problem. Where appropriate, the APWG will also look to share this information with law enforcement. Membership is open to qualified financial institutions, e-commerce companies, the law enforcement community, and industry. Because phishing attacks and email fraud are sensitive subjects for many organizations that do business online, the APWG has a policy of maintaining the confidentiality of member organizations.

The Web site of the Anti-Phishing Working Group is www.antiphishing.org. It serves as a public and industry resource for information about the problem of phishing and email fraud, including identification and promotion of pragmatic technical solutions that can provide immediate protection and benefits against phishing attacks.

The APWG was founded by Tumbleweed Communications and a number of member banks, financial services institutions, and e-commerce providers. It held its first meeting in November 2003 in San Francisco. The APWG, an organization of more than 2500 members and more than 1600 member companies, police and government agencies worldwide was officially established as an independent organization in June 2004, controlled by its executives and board of directors and an advisory steering committee.