TechRepublic’s Dan Patterson sat down with Caleb Barlow, vice president of IBM Security, to talk about why we might see more spam and phishing after the GDPR.

Patterson:Let’s talk about unintended consequences, especially the security unintended consequences. So the security community relies on data in order to protect not just consumers, but protect other businesses and to protect government organizations. All right, fair enough. So the GDPR removes a lot of that data that businesses or that the security professionals rely on in order to do their job. What are the unintended consequences of removing the data that security professionals need?

Barlow:Well, there’s two sides to this story. So, on the first front, removing data that you don’t need in order to process the transactions of your business, well, that’s a good thing, right? Cleaning up the shed, if you will, of all that data that you’ve been collecting that you no longer need to process, that’s all good. Where there is a very significant unintended consequence, however, is with something called WHOIS. Now, WHOIS, you may remember, this is the service you use. It’s free, it’s open, it’s available on the internet. It’s kind of one of the tenets of how the internet was formed where any domain that gets registered, you can go look up either individually or in bulk and say, “Who’s behind that domain? What’s their administrative contact name, address, phone number, email address,” and this is used for a variety of things.

SEE: IT pro’s guide to GDPR compliance (free PDF) (TechRepublic)

One, first of all, who’s behind this email message or this website, but also it gives the ability of there’s a problem for a security researcher to call up and say, “Hey, it looks like one of your computers is being owned by an adversary. Are you aware of this?” But most importantly, it allows us to ferret out nefarious activities and spam. If you remember back five, ten years ago, I don’t know about your inbox, but I had an awful lot of spam coming in, and nowadays a lot of that stuff is filtered out, and spam is really dangerous because if I click on that one link in an email that I shouldn’t have, next thing I know my computer and all my data’s owned. In fact, 70% of spam payloads are actually containing ransomware nowadays, so think about that from a construct, okay? So what happens with WHOIS data?

SEE: Phishing and spearphishing: A cheat sheet for business professionals (TechRepublic)

Well, WHOIS data was the tool that we use to pivot on to identify all the activities of bad actor, so when we would find one domain that went bad, one indicator, we would look at that and say, “Okay. Who registered this domain?” Although they may not fill in the real information, like they’re not going to use their real name and their real address, they have to use a real phone number. They have to use a real email address. That might be a burner phone. That might be a temporary email address, but you have to understand this is organized crime. They don’t register one or two emails at one or two domains. They register them by the thousands. We find one that goes bad, we block them all, and all at once, and we do this in a matter of minutes. This is the big tool that the security industry’s been doing to keep that spam out of your inbox, and all of that’s going away.

Patterson:Terrifying. Thanks, Caleb.

Also see: