Published on 26th October 2020, 13:45:09 UTC
13 years ago, I started to look at malware samples in my spare time that occasionally hit my personal mailbox. I've decided to document my findings in a blog, and abuse.ch was born. In the same year, ZeuS (aka Zbot) appeared. Sold on the dark web, it quickly became one of the most popular crimeware kits for cyber criminals to commit ebanking fraud and identity theft. Due to the rise of ZeuS in 2008/2009, I decided to create my first project: ZeuS Tracker.
Since the launch of ZeuS Tracker in 2009, many years have passed, and new cyber threats have appeared. During this time, I came up with more projects aimed at helping the internet community that is fighting the endless battle against cyber crime. Since the start of abuse.ch, all data made available by the project has always been free of charge for both commercial and non-commercial purposes. More and more people started to use the threat intelligence offered by abuse.ch, and at the same time the amount of data handled by the project greatly increased. Operating the infrastructure needed to collect, process, and publish data to the public became increasingly challenging. Fortunately, I was able to partner with a handful of organizations to support the project with infrastructure. Operating abuse.ch in the past years without their support would not have been possible!
The two most recent projects are URLhaus & MalwareBazaar, which are both crowdsourced: most of the threat intelligence provided by these projects is produced by the infosec community, which includes IT security researchers from SOCs, CSIRTs or CERTs and also vendors of security solutions. It's great to see the community working together to make the internet safer!
Nevertheless, I'm confronted with some problems that I need to solve. As of today, abuse.ch is (still) a one man show; a project, which I mainly maintain in my spare time, and not for profit. This includes maintaining infrastructure that:
Handling all of this has became pretty challenging in recent years, not necessarily from a technical perspective, but rather that of infrastructure costs, and need for specific knowledge of big data analysis. At the same time, I am having many ideas for new projects that not only require additional infrastructure, but also the necessary skills to handle and analyze data at scale.
Therefore, I have thought a lot about the future of abuse.ch. I've talked not only with friends, but also other IT security folks, and lawyers, to figure out the options I have. My main goal has always been clear: I want to continue to provide data for the good of the internet - free for everyone.
After lots of back and forth, I came to the conclusion that the best option I have at the moment is to turn abuse.ch into a research project. By going this route I could:
But as always, things are not that easy as they seem. In order to turn abuse.ch into a research project, a handful of requirements must be fulfilled:
About two months ago, I therefore reached out to big organizations who are using data from abuse.ch to protect either their network or their customers, to ask them for help. Unfortunately, I didn't got any fundamental commitments which honestly surprised and disappointed me; this is the reason why I have to reach out now.
At the same time, organisations that became a victim of ransomware pay millions of dollars to cyber criminals to get their data back. Strange world, isn't it?
My goal is to collect enough funds by end of 2020 to turn abuse.ch into a research project. If your organization is using data from abuse.ch and you wish to fund the project, please reach out to me coSntacPtAmeM@abuse.ch (remove all capital letters).
What would happen after the end of 2020 if my plan fails? Well, I honestly don't know. I will definitely not just quit by 2021-01-01. On the other hand, I've been running abuse.ch for more than 10 years, and I can't make any promises that I will continue doing it for another 10. After all these years, getting funding for a research project and spreading the workload out onto more than just my shoulders would be fair.