E-CoAT

European Cooperation of Abuse fighting Teams

(formerly: European Abuse Forum)

E-CoAT membership is open for ISP teams handling "abuse" and for those with a legitimate and significant interest in this field.

[Mission Statement] [Introduction] [Organisation] [Founding Members] [Workshops] [Contact]

*** NEWS *** discussion on European whitelisting and blacklisting at Joint TF-CSIRT and E-CoAT Technical Seminar in Prague ***

Mission Statement of E-CoAT

E-coat aims to further the cooperation of Internet abuse fighting teams of network/information service providers in Europe, and jointly produce tangible results that will benefit its constituency and beyond and help them more effectively combat Internet based network/computer abuse. To further these goals, e-coat will co-operate with existing anti-abuse and CERT fora in and outside Europe. E-coat is a non-profit non-commercial collaborative organisation with minimum overhead – the latter to enable also emerging and small providers to join e-coat and thus increase the effectiveness of the cooperation.

[TOP]

Introduction to E-CoAT

E-CoAT is intended for all those who professionally handle (or have a legitimate and significant interest in) "Internet-abuse" reports or complaints, with a team of people, on a relatively large scale. By that we really mean what is usually referred to as "abuse-teams" or CERT-teams of ISPs that also deal with "Internet abuse" on a large scale. We concentrate our efforts on Europe, for pragmatical reasons.

With "Internet abuse" we mean all use of the Internet which is experienced by end-users (individuals or companies) as abuse, that is something they do not want to be confronted with, in general. Typical examples are spam, hate-mail, sexually harrassing or "stalker" mails, the currently growing spambot problem and continuing nachi infections. Abuse is not necessarily restricted to e-mail.

We, being responsible for abuse-teams in major commercial ISPs, and having to deal with abuse reports in masses, have experienced that there is no coordinated cooperation between abuse teams. Despite the fact that the issues we are all faced with are very comparable, and we all struggle with the same problems.

There is an ongoing succesful cooperation between CERT-teams, that deal with IT security incidents in general. This cooperation exists both on a global level (FIRST) and on a European level (TF-CSIRT and Trusted Introducer). Many of these CERT-teams also handle abuse, but most of them do not on the large scale that e.g. the telco-company ISPs have to do. The latter also usually have both abuse-teams *and* CERT-teams, who operate independently.

Therefore we took the initiative to bundle our efforts and organised a one-day workshop in Madrid on 14 January 2004. The conclusion of the Madrid workshop was quite clearly that in a few areas it would be beneficial for all involved to work on best current practices together. This applied specifically to the areas of spam, copyright violations, viruses/worms and handling tools and procedures.

Following up on this the group met once to twice per year, with up to 50 participants from all over Europe. Mailing lists and an IRC channel were established and work started on topics like white/blacklisting, common procedures and tooling.

Instead of setting up yet another organisation, E-CoAT has decided at its meeting in Helsinki in September 2006, to work more closely together with TF-CSIRT. The first fruits of that closer collaboration are visible at the Joint TF-CSIRT and E-CoAT Technical Seminar in Prague, where most notably Andrew Cormack and Phons Bloemen will introduce and lead a discussion on European white- and blacklisting. This is an item which deserves being carried forward. Come to this seminar if you want to contribute.

The E-CoAT support group,

Martijn van der Heide, KPN-CERT, The Netherlands
Francisco Jesus Monserrat Coll, IRIS-CERT, Spain
Maria Jansson RŒdstršm, TeliaSonera Abuse Team, Sweden
Don Stikvoort, The Trusted Introducer, Europe

[TOP]

Organisation of E-CoAT

E-CoAT is since the meeting of its members in Helsinki, September 2006, pursued as a meeting place and focal point for abuse teams in Europe - in close cooperation with TF-CSIRT.

The E-CoAT SC support group has been active since E-CoAT's beginning in 2004, and currently consists of:

The workshops have thus far been chaired by Don Stikvoort, S-CURE, The Netherlands. In the new set-up the activities will be integrated with TF-CSIRT, chaired by Gorazd Bozic.

[TOP]

Founding Members of E-CoAT

The following teams are recognised and acknowledged as founding members of E-CoAT:

DFN-CERT
DK-CERT
IRIS-CERT
KPN-CERT
Telia Abuse
T-Com Abuse Team
T-Online Abuse Team

[TOP]

E-CoAT Workshops

The next E-CoAT workshop is:

Joint TF-CSIRT and E-CoAT Technical Seminar in Prague, 3 May 2007, part of the TF-CSIRT meetings

Past E-CoAT workshops:

1st E-CoAT workshop: Madrid, January 2004
2nd E-CoAT workshop: Hamburg, May 2004
3rd E-CoAT workshop: Amsterdam, November 2004
4th E-CoAT workshop: Zürich, May 2005
5th E-CoAT workshop: Amsterdam, January 2006
6th E-CoAT workshop: Helsinki, September 2006

Results of workshops are available to participants end E-CoAT members only.

[TOP]

Contacting E-CoAT

Contact E-CoAT by sending mail to the support group: sc#e-coat.org (substitute # by @)

[TOP]

Last modified: 24-April-2007.
Contact: sc#e-coat.org (substitute # by @)