International Telecommunication Union   ITU
Site Map Contact us Print Version
 Tuesday, 24 July 2007

A growing, sophisticated technique of propagating cyber-crime, dubbed as fast-flux service networks, has increasingly been elevating the threats we face today on the Internet. "Fast-flux service networks are a network of compromised computer systems with public DNS records that are constantly changing, in some cases every few minutes. These constantly changing architectures make it much more difficult to track down criminal activities and shut down their operations." Despite the awareness of researchers and ISPs of fast-flux for over a year now, all of the current researches on fast-flux is new.

According to the Honeynet Project & Research Alliance, criminal organizations behind two infamous malware families, Warezov/Stration and Storm, have recently adopted this so-called fast-flux service networks into their infrastructures. "The purpose of this technique is to render the IP-based block list, a popular tool for identifying malicious systems, useless for preventing attacks," says Adam O'Donnell, director of emerging technologies at security vendor Cloudmark.

To fight against fast-flux, "ISPs and users should probe suspicious nodes and use intrusion detection systems; block TCP port 80 and UDP port 53; block access to mother ship and other controller machines when detected; 'blackhole' DNS and BGP route-injection; and monitor DNS."

Access the full article at the Dark Reading website.

Read more about fast flux service networks on the the Honeynet Project & Research Alliance's new report on the emerging networks and techniques.

Tuesday, 24 July 2007 09:06:38 (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, 23 July 2007

The Africa Health Infoway is a World Health Organization (WHO) project supported by the Department for International Development (DfiD) that aims to provide a technology platform that supports the collection of sub national health data and statistics for analysis, dissemination and use to facilitate decision making in health, and strengthen capacity of African countries to use information in decision making. It is a district-based public health information network for African health which focuses on infostructure and connectivity, district health information systems, and knowledge translation into policy and action.

For more information on the Africa Health Infoway, click here.

Monday, 23 July 2007 15:31:25 (W. Europe Standard Time, UTC+01:00)  #     | 

The OECD's Ministerial meeting on the Future of the Internet Economy has been opened to an Online Public Consultation, providing an opportunity for all stakeholders to comment on the topics and issues to be discussed at event. The public consultation is scheduled to be open until 14 September 2007, and stakeholders and players may share their views and opinions with the OECD through their Online Questionnaire.

"The Ministerial represents an opportunity for high-level stakeholders from government, business, the technical community, and civil society to consider broad social, economic and technical trends shaping the development of the Internet Economy, and to discuss policies that can respond to evolving societal needs. The participation of all players in the dialogue is important to ensure that the Ministerial is able to benefit from a wide range of viewpoints and expertise."

For more information on the public consultation, go here or visit the OECD website.

Monday, 23 July 2007 10:01:31 (W. Europe Standard Time, UTC+01:00)  #     | 

KPMG, a global network of professional firms providing audit, tax, and advisory services, released a report on Cross-Border Investigations: Effectively Meeting the Challenge.

KPMG, along with the research firm Penn, Schoen and Berland Associates Inc. approached multinational businesses in diverse industries around the world, and asked those charged with the responsibility for cross-border investigations within those companies how they responded to their current challenges. As the trade barriers fall and international commerce expands, and as the speed of conducting business and remitting funds increases, companies that conduct business across international boundaries are recognizing the corresponding increase in the risk of fraud and misconduct. They thus face several challenges such as taking the appropriate first steps, cultural and legal differences, investigation resources, and the availability and accessibility of electronic data.

The report proposes that an effective approach can lower the risk of the occurrence of fraud or misconduct, thus lowering the possibility of being hit with serious sanctions, can demonstrate to regulators, shareholders, stakeholders, bond-ratings agencies, and the capital markets that the business takes accountability and control seriously, thereby mitigating damage to reputations, can exhibit the business's commitment to overall corporate governance activities, and can assist in a rapid and efficient response before issues spiral beyond control.

This report aims to provide insights into possible responses to the described challenges. It points out as well that an effective cross-border investigations plan demonstrates not only an organization's sound risk management practices, but also its overall commitment to good corporate governance.

Read the full report here.

Monday, 23 July 2007 09:14:02 (W. Europe Standard Time, UTC+01:00)  #     | 
 Friday, 20 July 2007

The OECD Committee for Information, Computer and Communications Policy (ICCP), through its Working Party on Information Security and Privacy (WPISP) has developed the Recommendation on Electronic Authentication and the Guidance for Electronic Authentication. The project was made possible with the participation of Jane Hamilton from Industry Canada and with the support of delegates from Australia, France, Hungary, Korea, Norway, the United States, the OECD Secretariat and the Business and Industry Advisory Committee (BIAC) to the OECD. On 12 June 2007, the OECD Council adopted the Recommendation, and the Guidance for Electronic Authentication, was adopted by the ICCP Committee in April and declassified on 12 June 2007 by the OECD Council.

The Recommendation encourages efforts by OECD member countries to establish compatible, technology-neutral approaches for effective domestic and cross-border electronic authentication of persons and entities. It also reaffirms the important role of electronic authentication in fostering trust online and the continued development of the digital economy.

The OECD Guidance on Electronic Authentication aims to assist OECD member countries and non-member economies in establishing or amend their approaches to electronic authentication with a view to facilitate cross-border authentication. The Guidance sets out the context and importance of electronic authentication for electronic commerce, electronic government and many other social interactions. It provides a number of foundation and operational principles that constitute a common denominator for cross-jurisdictional interoperability.

Both the Recommendation and the Guidance conclude a work stream initiated in response to the "Declaration on Authentication for Electronic Commerce" adopted by Ministers at the Ottawa Ministerial Conference held on 7-9 October 1998 and serve as a bridge to future OECD work on identity management.

The ITU Telecommunication Standardization Sector with its Focus Group on Identity Management (FG IdM) works to facilitate the development of a generic Identity Management framework, by fostering participation of all telecommunications and ICT experts on Identity Management. To read more about the ITU-T FG IdM activities, go here.

Read the full article on the OECD Recommendation on Electronic Authentication and the Guidance for Electronic Authentication here.

Friday, 20 July 2007 09:58:44 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 19 July 2007

The Internet Society of New Zealand (InternetNZ) released the ISP Spam Code of Practice in May 2007 for public consultation, and it had been open to comments until 18 June 2007. The Code was developed by the InternetNZ / Telecommunication Carriers' Forum (TCF) / The Marketing Association (MA) Working Party which has representation from a cross section of service providers and other interested parties.

The ISP Spam Code of Practice was created in keeping with the requirements of the Unsolicited Electronic Messages Act 2007 of the New Zealand government. It had also been developed with regard to the MA’s Code of Practice for Direct Marketing and the TCF’s SMS Anti-Spam Code, which both deal with Spam related issues, as well as to the TCF’s Customer Complaints Code.

Both consumers and service providers are expected to benefit from the adoption of this Code. The Code aims to establish practices that will lead to the minimization of Spam in New Zealand. It also aims to provide information to end users about both preventative and curative steps against Spam. Anticipated benefits to the service providers include the generation of higher levels of customer satisfaction and improved operational efficiency due to the reduced volumes of spam.

Public submissions on the Code can be found here.

Visit the Internet Society of New Zealand website for further details.

Thursday, 19 July 2007 10:43:58 (W. Europe Standard Time, UTC+01:00)  #     | 

With the rise of innovative use of information and communication technologies (ICTs), the United Nations Conference on Trade and Development (UNCTAD) cites the "challenges and threats" that go with ICT development and gives emphasis on the importance of information security and risk management in chapter 5 of its Information Economy Report (IER) 2005.

The chapter elaborately presents an appreciation of the following policy points:

  • Information Security (IS) needs to be conducted from a Risk Management process perspective; managing IS from a technological, problem-response, reactive perspective is sub-optimal for firms and public institutions.
  • Information Security threats mainly come in the form of "social engineering", thus purely technology based defenses are misguided - i.e. they are the Maginot Line of cybersecurity.
  • Information Security threats regularly and easily transcend national boundaries, and thus the need for international cooperation and coordination, both at a technical and a policy level, is unambiguous.
  • Information Security policy should be a component of the national e-policy and should be appropriately incentivized to adopt a Risk Management framework through regulation.

An overview of international policy discussions on information security concludes this chapter together with a discussion of policy recommendations for Governments and some insights to future developments and relevance for intergovernmental processes and the international community.

Read the full chapter of the IER 2005 here.

Thursday, 19 July 2007 09:32:03 (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, 18 July 2007

CRITIS'07 together with IFIP WG 11.10 on Critical Infrastructures Protection, IEEE Computer Society Task Force on Information Assurance, and Joint Research Center Ispra of the European Commission will be holding the 2nd International Workshop on Critical Information Infrastructures Security on October 3-5, 2007 at Benalmadena-Costa (Malaga), Spain. This event aims to bring together researchers and professionals from universities, private companies and Public Administrations interested or involved in all security-related heterogeneous aspects of Critical Information Infrastructures.

Speakers that will grace the event include Jacques Bus of the European Commission, INFSO Unit "Security", Adrian Gheorghe of Old Dominion University, US, and Paulo Veríssimo of Universidade de Lisboa, Portugal. A panel discussion on Resilient Critical Information Infrastructures: a myth or a realistic target? will be held as well.

Visit the CRITIS'07 site for more information.

Wednesday, 18 July 2007 15:21:34 (W. Europe Standard Time, UTC+01:00)  #     | 

The new manual on Prosecuting Computer Crimes has been relesed by the Computer Crime & Intellectual Property Section of the United States Department of Justice in March 2007. This 53-page document discusses different cyber crimes and the corresponding penalties that are seen befit for the offenses. Definitions, background information as well as related statutes can also be found in the manual. Offenses discussed include obtaining national security information, compromising confidentiality, trespassing in a government computer, accessing to defraud and obtain value, damaging a computer or information, trafficking in passwords, and threatening to damage a computer. A legislative history on this subject has also been made available.

Wednesday, 18 July 2007 10:27:19 (W. Europe Standard Time, UTC+01:00)  #     | 

"When you've got a full-blown security breach on your hands, what do you do? If you've been smart, you'll already have a computer security incident response team -- and a plan -- in place. But many companies are too resource-strapped to have a full-blown, fully-tested incident response strategy." DarkReading proposes six steps on what to do when your security is breached.

1. Assemble an incident response team.

Experts believe that a computer security incident response team (CSIRT) must already be set up even before an event occurs. If a team is not yet in place, the company must create one quickly, and make sure all the stakeholders are there.

2. Assess the initial damage and the risk for more.

"According to BackGrounD Software, a Canadian forensics firm that does security breach damage assessment, the costs of a breach should include not only the technical costs associated with finding and fixing the breach, but also loss of productivity and loss of business. You'll need a plan that not only outlines your strategy for recovering your systems, but that includes steps for recovering customers."

3. Develop a notification plan.

An important decision to be made is who to notify when. Law enforcement, for instance, are contacted first when there is a potential crime involved. Other parties to be notified are customers that might have been affected by the incident and consultants, such as security experts or a computer forensics firm, who must be called in as early as possible.

4. Begin remediating the problem.

It is very important to fully understand the problem and its potential impact before any remediation is done. Otherwise, evidences might be damaged or the problem might aggravate. BackGrounD Software suggests, "disconnect your server(s) from the network, and if there is a potentially malicious code running, disconnect media devices as quickly as possible (i.e. disks, SAN, NAS). You never know how far the intruder has managed to get, so the faster you disconnect the equipment, the more of a chance you have to save your data." The next steps in remediating the problem then depend on the resources and skills available within the team or the company.

5. Document everything.

Experts also stress the importance of documentation as it is often overlooked. Documentation aids in recovering the affected system and in strategizing against future incidents.

6. Develop a strategy for stopping the next attack.

As DarkReading puts it, "if one attacker finds a vulnerability, there's a good chance that he may have accomplices -- or that another attacker might find the same vulnerability." Thus, it is necessary to develop a strategy to block possible holes still existing in the system.

To read the full article, access it here.

Wednesday, 18 July 2007 09:13:22 (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, 17 July 2007

Gangs of hackers, who are presumed to be based in Eastern Europe, initiated various website assaults now known as "The Italian job." More than 10,000 web pages of popular web sites have been penetrated and infected by this attack, and it is believed to have started in the middle of last month. Most of the infected sites are Italian websites, but the expanse of the attacks has reached Spain and the US as well.

A "tool kit" worth $815 which is sold online in Russia was used by the hackers to embed "keylogger" codes on the computers of those who visited the sites. These codes enable the hackers to access the infected machines and track valuable user information such as bank details and passwords. The gravity of this attack has been evidently tremendous as it was aimed at established websites to steal banking identities.

David Perry, director of Trend Micro, says: "This is a paradigm shift. We can expect to see this kind of thing being replicated now for the next five or six months." He explained that the Italian job has become very effective because the bug has been particularly programmed to adapt to various types of weaknesses in computer security systems. "It looks for a wide spectrum of vulnerabilities in a computer, acting like a sort of Swiss Army knife with many different ways to pierce through the protection."

Access the full article at

Tuesday, 17 July 2007 15:55:02 (W. Europe Standard Time, UTC+01:00)  #     | 

Symantec recently reported that it has detected phishing sites hosted on government servers. In the last month, it has found phony sites hosted on government servers in Thailand, Indonesia, Hungary, Bangladesh, Argentina, Sri Lanka, Ukraine, China, Brazil, Bosnia-Herzegovina, Columbia and Malaysia. This new disturbing trend compromises the credibilty of government-hosted sites and jeopardizes the security within government online transactions.

Basically, these phishing sites managed by data thieves are used to mimic authentic business or government sites in order to gather valuable information from users such as credit card details or account passwords. These information are in demand in the underground market, and these could easily result to identity theft or account fraud.

Government servers that are involved in low-risk jobs are often the target of this sort of scams. However, despite these servers being relatively low-risk, this still poses a problem. "Under the Federal Information Security Management Act, information technology security in the federal government is based on a philosophy of risk management. It does not aim for absolute security — which is impossible anyway — but for the proper level of security. Administrators do a risk-based assessment of their IT systems, prioritizing them by their vulnerabilities, their role in the agency’s mission and the criticality of that mission." Nonetheless, the impact and dangers of these phishing sites that are faced by the citizens should very well be considered in the process of risk-assessment as well.

Read the full article here.

Tuesday, 17 July 2007 14:46:50 (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, 16 July 2007

The Computer Science and Telecommunications Board (CSTB) released on 26th June 2007 Toward a Safer and More Secure Cyberspace, "a broad research agenda that includes traditional, problem-specific studies as well as unconventional ideas necessary to combat current and future cybersecurity threats. The report examines the vulnerabilities of the Internet and offers a strategy for future research aimed at countering cyber attacks. The report also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated."

To purchase or skim through the publication online, go to the National Academies Press.

Monday, 16 July 2007 13:03:49 (W. Europe Standard Time, UTC+01:00)  #     | 

OECD recently released their Communications Outlook Report, a discussion and an analysis of market structures and recent policy developments. Among the topics discussed was the chapter on main trends in pricing in telecommunication services. It has been noted that with the dramatic increase in Broadband speeds, subscription costs have either remained constant or have been reduced. Based on monthly subscriptions, Sweden has the cheapest broadband plan with $10.47 a month, and US ranks fourth with $15.93 a month. With regard to the newest broadband technology: Fiber, Japan NTT residential connection (100 Mbps down/up) costs $49 a month, and in the US, Verizon FiOS (30 megabits down/5 megabits up) costs $191.20.

More on the OECD Communications Outlook Report here.

Related article may also be accessed at GigaOM.

Monday, 16 July 2007 08:56:01 (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, 11 July 2007

The Ugandan Government is finalising new cyber laws aimed at protecting computer users from cyber crime, including personal intrusion, national security, fraud and con activities.

"Liberalised information can lead to unwanted uses and usage leading to cyber crime. It is necessary to have legal infrastructure within which the technologies can be used. There are three bills which have been drafted, the Electronics Transactions Bill, Digital Signatures Bill and the Computer Misuse Bill," the information and communications technology minister, Ham Mulira, explained.

Read the full article at

For more information on ICT policy developments in Africa, please see the Balancing Act website.

Wednesday, 11 July 2007 09:56:40 (W. Europe Standard Time, UTC+01:00)  #     | 
 Tuesday, 26 June 2007

An ITU commissioned study on a Generic National Framework for Critical Information Infrastructure Protection is now available.

The objective was to outline a possible simple framework that could be of potential interest to developing countries who wished to establish a national Critical Information Infrastructure Protection (CIIP) programme. The framework is modeled after the Swiss Reporting and Analysis Center for Information Assurance (MELANI). The author, Manuel Suter, is from the Crisis and Risk Network (CRN), Center for Security Studies (CSS), ETH Zurich, Switzerland, who produce the International CIIP Handbook: An Inventory and Analysis of National Protection Policies.

The Center for Security Studies previously produced a study for ITU entitled A Comparative Analysis of Cybersecurity Initiatives Worldwide.

This paper has been submitted to ITU-D Study Group Question 22/1: Securing information and communication networks: best practices for developing a culture of cybersecurity for their consideration.

The views expressed in the study are those of the author and do not necessarily reflect the opinions of the ITU or of its membership.

Tuesday, 26 June 2007 20:14:42 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 21 June 2007

A new paper: Terrorism in Cyberspace - Myth or reality? has been posted by cybercrime expert Judge Stein Schjolberg on his website

Thursday, 21 June 2007 22:17:39 (W. Europe Standard Time, UTC+01:00)  #     | 

28-31 Aug 2007 The ITU, in collaboration with the Viet Nam Ministry of Posts and Telematics and with support from the government of Australia, will be hosting a workshop 28-31 August 2007 entitled Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection in Hanoi, Viet Nam.

The description of the event, draft agenda, invitation letter, and practical information for meeting participants is available on the event website. Further information is available from

Thursday, 21 June 2007 08:33:04 (W. Europe Standard Time, UTC+01:00)  #     | 
 Thursday, 07 June 2007

ITU has developed an online tool to keep track of crucial ICT security standards work through a single access point. The guide called the ICT Security Standards Roadmap brings together information about existing standards and work in progress by the world's key standards developers. It is a collaborative effort between ITU, the European Network and Security Information Agency (ENISA) and the Network and Information Security Steering Group (NISSG).

Thursday, 07 June 2007 09:45:14 (W. Europe Standard Time, UTC+01:00)  #     | 

The ICT Applications and Cybersecurity Division Internet Multilingualization website is now available.

Thursday, 07 June 2007 06:06:00 (W. Europe Standard Time, UTC+01:00)  #     | 
 Wednesday, 30 May 2007

An electronic version of the 2007 Cybersecurity Guide for Developing Countries is available in English. Non-finalized versions are also available in Arabic, Chinese, French, Russian and Spanish. NB: A printed copy of this publication is available on request.

The 2006 version of the guide is available in English and French.

Wednesday, 30 May 2007 09:45:28 (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, 28 May 2007
A North American corporation focused on acquiring versatile and profitable companies in the IT sector "...has received an order for a turnkey DICOM archive solution [...] to be deployed within Saskatchewan's Provincial health care region. The order is significant and unprecedented as it represents the first of its kind in Canada. The [...] Image Manager is a secure, open-system software solution for transporting, storing, tracking and retrieval of digital images across an entire DICOM network.

To view the full article by On The Go Technologies Group as published by GRIDtoday on 28 May 2007, click here.

Monday, 28 May 2007 16:48:16 (W. Europe Standard Time, UTC+01:00)  #     | 
 Monday, 21 May 2007

The ITU will be hosting a workshop on 17th Sepember 2007 entitled ITU Workshop on Frameworks for National Action: Cybersecurity and Critical Information Infrastructure Protection:

At the start of the 21st century, modern societies have a growing dependency on information and communication technologies (ICTs) which are globally interconnected. However, with these growing dependencies, new threats to network and information security have emerged. There is a growing misuse of electronic networks for criminal purposes or for objectives that can adversely affect the integrity of critical infrastructures within States. To address these threats and to protect these infrastructures, a coordinated national framework is required - combined with regional and international cooperation. This workshop will review several related ITU initiatives and present two case studies by expert speakers from the United States of America and the European Union on their respective approaches. Attendance at the workshop is open to all interested participants within available space. Further information is available from

Monday, 21 May 2007 12:02:12 (W. Europe Standard Time, UTC+01:00)  #     | 

This is the newly unveiled newslog for the ITU's Bureau for Telecommunication Development ICT Applications and Cybersecurity Division. More will be posted here soon.

Monday, 21 May 2007 11:22:47 (W. Europe Standard Time, UTC+01:00)  #     |