The Internet Association of Ukraine has proposed to the National Bank a transparent and legal mechanism for blocking phishing domains. This is stated in a letter from the IAU to the NBU.
Currently, in accordance with the regulations of the NCU, which was implemented by the Order of January 30, 2023 No. 67/850, the mechanism for blocking domains is as follows:
– The NBU creates and provides the National Coordination Center for Cybersecurity under the National Security and Defense Council (hereinafter referred to as the NCCC) with a list of phishing domains;
– The NCCC places this list on its “transit” server, from which providers are obliged to receive it;
– Internet service providers are obliged to configure their DNS servers in such a way that Internet users are redirected to the NCCC landing page without their knowledge and consent in case of requests for domains from the list;
Thus, if an Internet user intends to visit a domain included in the list, he or she will be redirected to the NCCC server.
Section 9 of the Regulation provides that the NCCC server collects and stores detailed information about Internet users who have been redirected to this server, namely:
When a user navigates to a landing page, the System stores technical information, including the date and time, IP address (subnet) from which the transition is made, domain name or URL of the phishing page to which the transition is made, user-agent, etc., and unspecified government agencies are granted access to the above information.
Thus, the NCCC unlawfully collects, stores, uses and disseminates confidential information about a person, such as information that discloses details of the person’s actions on the network (which domain was intended to be visited, the date and time of the visit attempt, the IP address from which the domain was visited).
What the EBA suggests
In a letter to the National Bank regarding the phishing domain filtering system, the EBA proposes that the NBU introduce a legal and transparent mechanism for blocking phishing domains.
It is as follows:
– The NBU compiles and constantly updates the list of phishing domains (as it is currently doing);
– The NBU provides Internet providers with access to this list from its server (without using a third-party “transit” server);
– Internet service providers voluntarily download this list, having the opportunity to send to the NBU a reasoned refusal to block a particular domain, which will reduce the likelihood of erroneous blocking of domains that are not phishing;
– if an Internet user tries to visit one of the domains on the list, he or she is redirected to a landing page hosted by his or her provider, which solves the problem of unlawful violation of the confidentiality of user information.