Illumintel provides advising and security consulting to Internet companies and brand owners with an Internet presence. Illumintel is a licensed private detective agency in Pennsylvania, license number MC-234.
Greg Aaron is President of Illumintel Inc. Greg is an internationally recognized authority on cybercrime. He is an expert on domain name system (DNS) policy, anti-cybercrime operations, data privacy, and domain name intellectual property issues, and is a regular speaker on these topics. Greg has advised governments, online commerce providers, registry operators, and ICANN among others. He has performed investigations and due diligence projects with industry, law enforcement, and security researchers to address phishing, malware, spam, intellectual property violations, and botnet cases.
Greg is Senior Research Fellow for the Anti-Phishing Working Group (APWG), where he is the editor of the APWG’s quarterly phishing reports, and manages the APWG’s eCrime Exchange, the oldest and most trusted repository of threat data about cybercrime events such as phishing and criminal cryptocurrency wallets. He has authored numerous research papers about phishing, malware, and industry compliance topics. As a member of ICANN’s Security and Stability Advisory Committee (SSAC), Greg advises the international community regarding the domain name and numbering system that makes the Internet function. He has participated in numerous ICANN working groups, including several devoted to anti-abuse and privacy topics such as the EU’s General Data Protection Regulation (GDPR).
As Vice-President of Product Management at iThreat Cyber Group he created products and services used by government agencies and private companies to discover and track Internet-based threats. He was the senior industry expert on the Ernst & Young team that evaluated over one thousand new TLD applications to ICANN in 2012-2013. While Director of Key Account Management and Domain Security at Afilias, he oversaw the launches of the .MOBI, .IN, and .ME TLDs, and managed the .INFO TLD. Greg received an OTA Excellence in Online Trust Award for Afilias’ anti-abuse programs.
Greg is a magna cum laude graduate of the University of Pennsylvania.
Greg’s selected papers and speaking engagements:
- Malware Landscape 2021: A Study of the Scope and Distribution of Malware. November 2021.
- Phishing Landscape 2021: An Annual Study of the Scope and Distribution of Phishing. September 2021.
- WHOIS Contact Data Availability and Registrant Classification Study. January 2021.
- Phishing Landscape 2020: A Study of the Scope and Distribution of Phishing. October 2020.
- Domain Name Registration Data at the Crossroads: The State of Data Protection, Compliance, and Contactability at ICANN. March 31, 2020.
- Potential for Phishing in Sensitive-String Top-Level Domains: A Study for the ICANN Board of Directors. May 2015.
Presentations, panels, and press include:
- November 30, 2021: interview with SIDN about phishing and DNS security
- November 3, 2021: “Phishing Landscape 2021: The Who, Where, and How Much of Phishing.” Global Online Scam Summit II.
- October 21, 2020: “WHOIS Changes Under GDPR: Impact to End-Users and Public Safety.” Presentation and panel at ICANN 69.
- April 29 2020: “Brand Protection: A Crucial Layer in a Multi-Layered Defense.” Presentation to the Cybersecurity Tech Accord.
- December 9, 2019: “Criminal Domain Name Abuse,” presented at the Workshop on Internet Economics: Knowledge of Internet Structure (KISMET), University of San Diego, CA USA
- June 5, 2019: e-crime case study, presented at The National Cyber-Forensics and Training Alliance (NCFTA) Cyber Crime Forum / Slam Spam 2019; Pittsburgh, PA USA
- October 25, 2018: “Lose Fat Fast!” E-crime case study, presented at ICANN64, Barcelona, Spain
- October 24, 2018: “The General Data Protection Regulation (GDPR)” Cross-community panel session, ICANN64, Barcelona, Spain
- May 16, 2018: “GDPR and WHOIS,” presentation at APWG eCrime 2018, San Diego CA, USA
- February 21, 2018: “GDPR Compliance Models,” presentation at M3AAWG 42, San Francisco CA, USA
- June 28, 2017: “DNS Abuse,” presentation to ICANN ALAC, ICANN59, Johannesburg, South Africa
- March 13, 2017: “Effective DNS Abuse Mitigation: Why and How,” presentation and panel at ICANN 58, Copenhagen DK
- June 14, 2016: “Carders: Best Practices in the Financial Space to Combat Fraud,” presentation and panel at M3AAWG 37, Philadelphia USA
- June 1, 2015: “Domain Abuse in ccTLDs,” presentation at CENTR Jamboree 2015, Stockholm, Sweden
- February 8, 2015: “Technical Analysis of Abuse Monitoring Performed by Registry Operators”, presentation at Public Safety Workshop, ICANN conference, Singapore
- October 23, 2014: Domain Names: New gTLD Abuse and WHOIS Changes,” presentation at M3AAWG 10th annual meeting, Boston USA
- March 24, 2014: “Abuse in the New gTLDs: Landscape and Rules of Engagement”, presentation for closed law enforcement session, ICANN conference, Singapore
- October 19 2013: “Internet Governance”, International Association of Chiefs of Police annual meeting, Philadelphia, Pennsylvania USA
- February 26, 2013: “Malicious Use of Domain Names: An Overview”, APRICOT conference, Singapore (remote webcast)
- October 15, 2012: “Detecting Abuse in TLDs”, ccNSO Tech Day, ICANN conference, Toronto CA
- October 12, 2012: “Diagnosing the DNS: How Many Abusive Domain Names Are There?”, Council of European National Top-Level Domains (CENTR) annual meeting, Brussels
- October 4-5, 2012: moderator, Global Annual Symposium on DNS Security, Stability and Resiliency (DNS-EASY), Puerto Rico
ICANN Security and Stability Advisory Committee (SSAC) papers; main co-author:
- SAC115: author, alternate/dissenting View. “SSAC Report on an Interoperable Approach to Addressing Abuse Handling in the DNS.”
- SAC112: Minority Statement on the Final Report of the Temporary Specification for gTLD Registration Data Phase 2 Expedited Policy Development Process (EPDP)
- SAC111: SSAC Comment on the Initial Report of the Temporary Specification for gTLD Registration Data Phase 2 Expedited Policy Development Process (4 May 2020)
- SSAC2019-02: Registration Data Services Query Reporting (3 May 2019)
- SAC104: SSAC Comment on Initial Report of the Temporary Specification for gTLD Registration Data Expedited Policy Development Process (21 December 2018)
- SAC101: SSAC Advisory Regarding Access to Domain Name Registration Data (14 June 2018)
- SAC097: SSAC Advisory Regarding the Centralized Zone Data Service (CZDS) and Registry Operator Monthly Activity Reports (12 June 2017)
- SAC091: SSAC Comment on Identifier Technology Health Indicators (20 January 2017)
- SAC077: SSAC Comment on gTLD Marketplace Health Index Proposal (22 January 2016)
- SAC074: SSAC Advisory on Registrant Protection: Best Practices for Preserving Security and Stability in the Credential Management Lifecycle (3 November 2015)
- SAC069: SSAC Advisory on Maintaining the Security and Stability of the IANA Functions Through the Stewardship Transition (10 December 2014)
- SAC068: SSAC Report on the IANA Functions Contract (10 October 2014)
- SAC061: SSAC Comment on ICANN’s Initial Report from the Expert Working Group on gTLD Directory Services (6 September 2013)
- SAC058: SSAC Report on Domain Name Registration Data Validation (27 March 2013)
- SAC055: SSAC Comment on the WHOIS Review Team Final Report (14 September 2012)
- SAC054: SSAC Report on the Domain Name Registration Data Model (11 June 2012)
- SAC053: SSAC Report on Dotless Domains (23 February 2012)
Anti-Phishing Working Group papers and presentations:
- Greg is the editor of the APWG’s quarterly Phishing Trends Reports
- “GDPR and WHOIS: Balancing Privacy Rights While Fighting Cybercrime,” 18 September 2018, EU Symposium on Electronic Crime Research, Krakow, Poland
- “GDPR and WHOIS,” presentation at APWG eCrime 2018, May 2018, San Diego CA, USA
- Global Phishing Survey: Domain Name Use and Trends in 2015-2016; June 2016; Scottsdale, AZ USA
- Global Phishing Survey: Domain Name Use and Trends in 2H2014; May 2015, Barcelona, Spain
- Global Phishing Survey: Domain Name Use and Trends in 1H2014
- Global Phishing Survey: Domain Name Use and Trends in 2H2013; April 2014, Hong Kong
- Global Phishing Survey: Domain Name Use and Trends in 1H2013; September 2013, San Francisco USA
- Global Phishing Survey: Domain Name Use and Trends in 2H2012; April 2013, Buenos Aires, Argentina
- Global Phishing Survey: Domain Name Use and Trends in 1H2012; October 2012, Puerto Rico
“Jonny Redux,” Hotwired.