- From The Desk Of Oystein Torsas – Founder @CyberRehab
Accountability Is Security
Nobody wants less privacy on the internet tomorrow than we have today. If we don’t want government agencies reading every email – we certainly don’t want private citizens doing so – especially if they are criminals.
But network traffic is another matter. Seeing what is transpiring from above and having a layout of the digital landscape is critical to securing and maintaining the security of: users, businesses, governments, and the internet of things.
ISP’s can see what their networks are doing with the right tools. In some cases they are very cooperative with law enforcement agencies, in some cases perhaps even with big businesses. I’ve not heard anything particularly encouraging about their involvement with cyber-security firms.
Cyber-crime is an escalating threat to all levels of society.
Why are we told that nothing can be done about it?
First, it’s important to know that there’s a difference between targeted attacks like Stuxnet and random attacks like ransomware that encrypts your hard drive and demands a fee for decrypting it. Likewise the growing numbers of botnets.
We may never get rid of the high profile targeted cyber-attacks.
However, the fact that it’s very easy to build a botnet, and the fact that attempts to build them are going on all the time makes it much easier to carry out those big attacks.
Ideally it is very hard to figure out which attacks are random and which are targeted. One reason is that the targeted attack always uses the same kind of infrastructure as the low profile attacks to hide their locations.
If it became harder to build a botnet undetected, then it would also become much harder to carry out a targeted attack without being discovered.
FBI, Microsoft and others are doing a fine job of taking down well known botnets. However, they can only focus on the big ones that have been around for a long time. Meaning that smaller botnets built for a huge attack will probably just be ignored.
That is why we should at least do something about all the garbage traffic and all attempts to build botnets. It is hard to make a house look clean if there is garbage floating everywhere. Changing some habits is probably the best place to start.
The targeted attacks use the same or similar infrastructure as the low profile attacks to hide their locations.
So how can we get rid of the botnets?
ShadowServer.org is an NGO that has already begun doing the job. They are a volunteer driven network gathering information from honeypots, (which are computers set up to pretend to be vulnerable computers.)
They gather information about the attacking systems that try to “hack” them and send that information to ShadowServer.
ShadowServer then assembles reports about infected units and sends them to the owners of the IP addresses as well as the ISP.
If all ISPs took those reports seriously, then most of the garbage traffic would probably be history – and it would be much harder to carry out attacks.
What else should be done?
– ISPs that don’t take the reports from ShadowServer seriously should be discriminated against (pay for peering and traffic be put on low priority and in separate channels for easy discovery)
– ShadowServer should be given more resources to extend their great work. There are other networks like ShadowServer that should cooperate better. Modern Honey Networks is one.
– TOR should be replaced by a corporate style secured network where criminals are not allowed, unlike the ban systems on old proxy websites – using much better “incentives” to keep criminals off.
– CERT organizations should respond on all kind of attacks, not only those targeting high profile targets.
– Many countries don’t have CERT organizations. Why then should they have equal access to the internet traffic?
Is there any evidence that a reduction in botnets will reduce cyber-crime?
Botnets are only one type of attack infrastructure – and there are others – So imagine a reduction in attack vectors on a battlefield.
Botnets are a lot like coordinated strike vehicles that operate unmanned – like drones.
Autonomy offers a huge reduction in accountability – so if we can reduce the autonomy of a cyber-criminal and limit the vectors through which an attack can occur – will it produce a reduction in cyber-crime?
How you can contribute to making this happen
CyberRehab is a Norwegian NGO that aims to make all this happen. CyberRehab introduce a certification program for ISPs that take botnets and cyber-crime seriously. You can contribute either by demanding such certification, by spreading this word or by getting engaged either in ShadowServer or CyberRehab.
~ Oystein Torsas – Founder @CyberRehab