Targeted Takedowns: Minimizing Collateral Damage Using Passive DNS

by Paul Vixie
Sept. 19, 2017 0 comments Black Hat belen_caty

When civil investigators and law enforcement officers aggressively pursue and takedown cyber criminal enterprises, that undertaking should be subject to an important limitation: their online operations must be narrowly and precisely targeted so as to avoid harming innocent third parties. For example, when evaluating an abused domain name for seizure, investigators need to ensure that innocent third parties are not also using that domain. In his presentation, I will provide an overview of Passive DNS and how it can help investigators to reduce or eliminate collateral damage during takedowns, thereby avoiding negative publicity and potentially costly settlements.