ITU Home Page International Telecommunication Union
ITU Home Page
Home : Office of the Secretary General : CSD : Newslog
 Tuesday, June 05, 2007
Botnet Battlers Call for an Internet Driver's License

Wired News in an article reports on the recent Anti-Phishing Working Group's Counter e-Crime Operations Summit which took place in San Francisco, United States. The meeting gathered internet-crime fighters from security companies, law enforcement agencies, banks and e-commerce sites to confer on new tactics in the war on cybercrime. "And while nearly everyone agreed the internet has become an infected and dangerous breeding ground for malware and scams, no one could quite agree on what do."

Proposed solutions included:

  • the online fraud problem had become so bad due to the neglect of ISPs, users and private corporations alike that the only recourse was to build government-funded free clinics for infected computers;
  • the botnet threat requires some top-down authority to fix the problem, the current remediation model which mostly involves running from one computer to another installing patches cannot keep up with attackers that are now better organized and better funded than the security community;
  • the increased use of ingress filtering that prevents one computer from successfully spoofing the internet IP address of another (to be widely adopted by ISPs and router manufacturers);
  • etc. see the Anti-Phishing Working Group's Counter e-Crime Operations Summit for further information.

Service providers and everyday users were singled out by meeting panelists and audience members for not taking enough responsibility. Attendees slammed ISPs for not searching for rogue computers on their network or shutting off internet access to compromised PCs reported to them by security companies, charging that ISPs were endangering the internet to avoid support calls from cut off customers.

Is was stated that users don't care about security because the rogue zombie software often only uses minimal computing power, making the background spam-spouting code not their problem. A few audience members argued seriously that computer users should have to take a test to get an internet license, maintain botnet insurance and have their machines inspected for information-super highway worthiness. Others countered that individuals shouldn't have to know how to secure their own computers, the machines should simply be more inherently secure.

In the article a senior researcher for security company RSA, told Wired News that "none of those solutions would work, because new technical specifications for a security score would take years, and the other proposals wouldn't have the international reach needed to make a dent in the global internet infosphere." "The solution? Money. Governments need to provide rewards to ISPs for taking down botnets, the researcher explains."Governments are the only body with money and the incentive to take down botnets. If you are looking at either a carrot or stick approach, I would go carrot. If you are paying ISPs to get rid of the botnets, then it's international. Everyone wants to make money."

Read the full Wired News article here.

Cybersecurity | ICTs and Development | Privacy | SPAM
6/5/2007 9:10:59 AM (W. Europe Daylight Time, UTC+02:00)  #     | 
Related Posts:
ITU Will Publish a Major Report on the Impact of the Financial Crisis on the ICT Industry - 16 February 2009
Natural limit to the mobile market in Kenya?
Twenty thousand WiMAX subscribers in Africa at the end of 2007
Celtel expands its roaming service to 12 countries
The impact of submarine cable connectivity on the cost of Internet connectivity
Increasing the number of Internet exchanges is not sufficient to address problems in traffic flow