Mission Statement Introduction Organisation Founding Members Workshops Contact

E-CoAT membership is open for ISP teams handling "abuse" and for those with a legitimate and significant interest in this field.

Latest Entry

About this year's CeBIT

The digital media, information and communication industry is eagerly awaiting the start of this year's CeBIT tradeshow, which will begin on March 6th in Hannover, Germany. At this unique and ever more international event, industry leaders come together for five days to share information and make deals. CeBIT offers talks, conferences, corporate events as well as regular exhibition spaces. The focus is on IT and communication products for both the business and private sector. read »


Read more about the CeBIT

Mission Statement of E-CoAT

E-CoAT aims to further the cooperation of Internet abuse fighting teams of network/information service providers in Europe, and jointly produce tangible results that will benefit its constituency and beyond and help them more effectively combat Internet based network/computer abuse. To further these goals, E-CoAT will co-operate with existing anti-abuse and CERT fora in and outside Europe. E-CoAT is a non-profit non-commercial collaborative organisation with minimum overhead – the latter to enable also emerging and small providers to join E-CoAT and thus increase the effectiveness of the cooperation.

Introduction to E-CoAT

E-CoAT is intended for all those who professionally handle (or have a legitimate and significant interest in) "Internet-abuse" reports or complaints, with a team of people, on a relatively large scale. By that we really mean what is usually referred to as "abuse-teams" or CERT-teams of ISPs that also deal with "Internet abuse" on a large scale. We concentrate our efforts on Europe, for pragmatical reasons.

With "Internet abuse" we mean all use of the Internet which is experienced by end-users (individuals or companies) as abuse, that is something they do not want to be confronted with, in general. Typical examples are spam, hate-mail, sexually harrassing or "stalker" mails, the currently growing spambot problem and continuing nachi infections. Abuse is not necessarily restricted to e-mail.

We, being responsible for abuse-teams in major commercial ISPs, and having to deal with abuse reports in masses, have experienced that there is no coordinated cooperation between abuse teams. Despite the fact that the issues we are all faced with are very comparable, and we all struggle with the same problems.

There is an ongoing succesful cooperation between CERT-teams, that deal with IT security incidents in general. This cooperation exists both on a global level (FIRST) and on a European level (TF-CSIRT and Trusted Introducer). Many of these CERT-teams also handle abuse, but most of them do not on the large scale that e.g. the telco-company ISPs have to do. The latter also usually have both abuse-teams *and* CERT-teams, who operate independently.

Therefore we took the initiative to bundle our efforts and organised a one-day workshop in Madrid on 14 January 2004. The conclusion of the Madrid workshop was quite clearly that in a few areas it would be beneficial for all involved to work on best current practices together. This applied specifically to the areas of spam, copyright violations, viruses/worms and handling tools and procedures.

Following up on this the group travels once to twice per year for meeting up to 50 participants from all over Europe. Mailing lists and an IRC channel were established and work started on topics like white/blacklisting, common procedures and tooling.

Instead of setting up yet another organisation, E-CoAT has decided at its meeting in Helsinki in September 2006, to work more closely together with TF-CSIRT. The first fruits of that closer collaboration are visible at the Joint TF-CSIRT and E-CoAT Technical Seminar in Prague, where most notably Andrew Cormack and Phons Bloemen will introduce and lead a discussion on European white- and blacklisting. This is an item which deserves being carried forward. Come to this seminar if you want to contribute.

The E-CoAT support group,

  • Martijn van der Heide, KPN-CERT, The Netherlands
  • Francisco Jesus Monserrat Coll, IRIS-CERT, Spain
  • Maria Jansson RŒdstršm, TeliaSonera Abuse Team, Sweden
  • Don Stikvoort, The Trusted Introducer, Europe

Organisation of E-CoAT

E-CoAT is since the meeting of its members in Helsinki, September 2006, pursued as a meeting place and focal point for abuse teams in Europe - in close cooperation with TF-CSIRT.

The E-CoAT SC support group has been active since E-CoAT's beginning in 2004, and currently consists of:

  • Martijn van der Heide, KPN-CERT, The Netherlands
  • Francisco Jesus Monserrat Coll, IRIS-CERT, Spain
  • Maria Jansson RŒdstršm, TeliaSonera Abuse Team, Sweden
  • Don Stikvoort, The Trusted Introducer, Europe

The workshops have thus far been chaired by Don Stikvoort, S-CURE, The Netherlands. In the new set-up the activities will be integrated with TF-CSIRT, chaired by Gorazd Bozic.

Founding Members of E-CoAT

The following teams are recognised and acknowledged as founding members of E-CoAT:

  • DFN-CERT
  • DK-CERT
  • IRIS-CERT
  • KPN-CERT
  • Telia Abuse
  • T-Com Abuse Team
  • T-Online Abuse Team

E-CoAT Workshops

The next E-CoAT workshop is:

Past E-CoAT workshops:

  • 1st E-CoAT workshop: Madrid, January 2004
  • 2nd E-CoAT workshop: Hamburg, May 2004
  • 3rd E-CoAT workshop: Amsterdam, November 2004
  • 4th E-CoAT workshop: Zürich, May 2005
  • 5th E-CoAT workshop: Amsterdam, January 2006
  • 6th E-CoAT workshop: Helsinki, September 2006

Results of workshops are available to participants end E-CoAT members only.

Contact

Contact E-CoAT by sending an e-mail to the support group