Open Console — Example: phishing sites

Open Console is about sharing data: not point-to-point but broadcasting publications to consumer feeds. For instance, a Cyber Security Agency could publish newly discovered phishing sites.

When the Cyber Security Agency detects a new website which contains fraudulent content, it can upload this judgment into the "Open Console" infrastructure. Probably, the upload will also explain what has been found and how serious it is.

Consumers

Automated services, like search engine index maintaining tasks, may be listening in: they have registered themselves to the feed of information from that Agency. When a website is flagged as fraudulent, they remove those pages from their index.

At the same time,

  • the ISP who hosts the site which is flagged, can decide to take it down immediately. But also
  • the owner of the website will immediately see that it has been taken down, and who had reported it: maybe his site suffers from a hostile take-over.
  • Crime researchers may use the feed as a positive filter: they only want to see those sites.

"Open Console" detaches the publishers and the consumers (by default): it is an open publication network. Publications about websites are passed-on "as-is", without interpretation. Consumers have to decide whether they trust the source, and how they interpret the delivered content.

Aggregation

When multiple agencies are reporting phishing sites into the system, then consuming parties may need to listen to multiple feeds with different (probably partially incompatible) data formats. This is inconvenient, to say the least. So, whenever possible, data sources SHOULD work on setting open standards. Also: the reporting Agencies can produce aggregator feeds to combine reports from different sources into a new stream of publications.