Market operators offered the National Bank a transparent and legal mechanism for blocking phishing domains.
Oleksandr Savchuk, Chairman of the Board of the Internet Association of Ukraine (InAU), announced this in a letter to the NBU.
InAU unites more than 220 enterprises in the field of information and communication technologies. They are concerned about repeated attempts at non-transparent interference in their activities, often reminiscent of the actions of the Russian regulator Roskomnadzor.
Currently, according to the regulations of the NCU, implemented by Order No. 67/850 dated January 30, 2023, the domain blocking mechanism is as follows:
-
The NBU creates and submits to the National Cybersecurity Coordination Center under the National Security and Defense Council of Ukraine (hereinafter referred to as the NCCC) a list of phishing domains;
-
The NCCC hosts this list on its server;
-
Internet providers configure their DNS servers in such a way that, without the knowledge and consent of Internet users, they redirect their requests to domains from the List to a landing page hosted on the NCCC server;
Thus, if an Internet user intended to enter a domain included in the List, he will be taken to the NCCC server.
Section 9 of the regulation stipulates that the NCCC server collects and stores detailed information regarding Internet users redirected to this server, namely:
When going to the landing page, the System stores technical information, including the date and time, IP address (subnet) from which the transition is made, domain name or URL of the phishing page to which the transition is made, user-agent, etc. The system has an interface for accessing information about transitions to the landing page. For the purpose of analysis and response, authorized state bodies are provided with access to information about transitions to the landing page.
Thus, the NCCC employees collect, store, use and distribute confidential information about the individual – revealing the details of the person’s actions on the network (what domain he intended to visit, the date and time of the visit attempt, the IP address from which the attempt was made to visit the domain).
What the Association offers
In a letter to the National Bank regarding the system for filtering phishing domains, the association suggests that the NBU introduce a simpler, faster, cheaper, and most importantly, legal and civilized mechanism for blocking phishing domains.
These are the steps involved:
The NBU forms and constantly updates the list of phishing domains (as is happening now);
The NBU provides Internet service providers with access to this list;
Internet providers voluntarily upload this list, while being able to send a reasoned refusal to block a particular domain to the NBU, which will reduce the likelihood of erroneous blocking of domains that are not phishing;
if an Internet user tries to visit one of the domains from the list, he is redirected to a landing page hosted on the servers of his provider, which solves the problem of information confidentiality.
Earlier, Rakurs reported that bill No. 9250, which is under consideration in the Rada, actually legalizes the already created and partially launched system for filtering phishing domains.
The Law on Amendments to the Law of Ukraine “On Electronic Communications” (to combat phishing)” introduces a legislative definition of the concept of “phishing”. We are talking about “illegal actions on the Internet, the consequence of which is or may be the extortion of personal data and other data of subscribers, including details of payment cards and passwords, identification numbers, bank account numbers, etc.”
That is, a new type of misconduct is introduced. At the same time, the draft law does not provide for supplementing the legislation regulating civil relations, the Code of Ukraine on Administrative Offenses (or introducing administrative liability by the law itself, the CUAO allows this) or the Criminal Code of Ukraine with norms that determine the scope of responsibility for this type of misconduct.
Source: Racurs
I am David Wyatt, a professional writer and journalist for Buna Times. I specialize in the world section of news coverage, where I bring to light stories and issues that affect us globally. As a graduate of Journalism, I have always had the passion to spread knowledge through writing.