Opinion: Fighting the botnet threat
- — 22 July, 2011 17:01
ISPs in Australia have for some time been notifying users about the likelihood that their computers have been compromised by malware.
Now under the icode, the system has been formalised. Education and remediation tools are being made available to suspected victims. The scheme even allows for home visits by accredited teams to debug infected machines and perform security upgrades. This recognises that the most vulnerable users, the ones most likely to be part of a zombie botnet, are also the ones least likely to have the skills to fix an offending machine. Why are ISPs cooperating? Because they understand an infected computer is not only a threat to the individual user, but to everyone else on the network – and the network itself.
The fact the recent high profile hacking efforts of LulzSec and Anonymous used botnets as their weapon of choice is not surprising. As organised criminals and state sponsored spies understand, the use of third party infected machines is cheap and relatively risk free. Hard to detect and harder still to mitigate, the CIO/CSO knows it’s going to be a bad day when the monitoring system signals a major outage and the company website goes down.
There are various points along the attack continuum. At one end is full-on cyberwar. As more and more of our critical services are connected to the open Net, we expose ourselves to doomsday scenarios of traffic gridlock, frozen banking systems, power outages and civil unrest, the stuff of Hollywood cyberdrama. Though we are yet to see this unfold in all its glory, former Bush advisor Richard Clarke in his book Cyberwar claims some 34 nations now have advanced cyberoffensive capabilities. Now enter cyberterrorists who don’t need to wait for an escalation in geopolitical tensions to make their run. Using the same tools as the hacktivist and the cyberwarrior, they no longer need to fly planes into buildings to make their point. Whether through war or terrorism, the prospect of a crippled economy is a risk most governments are taking very seriously.
At the other end of the spectrum lies the advanced persistent threat (APT). This relatively new term in the cyber lexicon signals a move from a world focused on preventing the bad guys getting into our systems to a world recognising they probably are already there. They got there using worms, viruses and spam, mainly spread by botnets. Now we just want to know and, if possible, control what they are doing with our information. The ‘low and slow’ activities of infiltrating foreign governments or organised criminals exposes the victim to loss of business intelligence, intellectual property or extortion. A new mindset must emerge – how to survive and continue business with compromised systems, while we figure out how to reinvent a more secure internet. A lot of investment and R&D has gone into breaking security systems. Jefferson said ‘the price of freedom is eternal vigilance’. We might say, that’s the price of being online.
Recently, the IIA held an cybersecurity forum where we invited a leading HIV AIDS researcher to share his experiences. He vindicated our theory that we need to take an epidemiological approach to internet security. Part of the AIDS fight is about minimising the attack vectors – the unprotected individual engaging in high risk activities. Isn’t that what we are dealing with here?
If we really want to counter the botnet threat we have to think globally. Australia’s scheme is attracting a lot of international attention. If we can get ISPs around the world to cooperate in identifying infected machines on their networks, a few things will start to happen. Firstly networks will be safer. Secondly users will be safer. Thirdly economies will be safer.
Alone it won’t solve all the problems. But targeting today’s weapon of choice is a goal worth pursuing – making it harder for the bad guys to do harm is something we all should support.
(As architect of the icode, Peter Coroneos recently ended a 13 year tenure as chief executive of Australia’s Internet Industry Association)
More info: icode.net.au
Peter Coroneos has recently completed a 13 year term as chief executive of the Internet Industry Association, the national industry body for the Internet in Australia. In addition to his role as primary industry advocate, political strategist and spokesperson for the IIA, Peter drove the IIA's policy development work and instigated the formation of specialist taskforces to leverage member expertise in diverse legal, economic and technical areas.
Peter oversaw the development and implementation of industry codes of practice within the IIA representing industry's proactive response to a range of challenging social policy areas within Australia, ranging from cybercrime to online privacy. In his role, Peter acted as industry representative on a number of high level bodies and regularly appeared before House of Representatives and Senate inquiries to advise on the development of facilitative and workable rules for the internet and new media.
Recognised as an international expert in internet governance and joint industry-government co-operation, Peter has addressed audiences in the US, Europe Asia and Africa.