The war on botnets

After the major DNS Changer takedown, Tom Brewster looks at how the pendulum has swung in favour of the anti-botnet warriors.

"We looked at the body of laws that were in place in the civil world in the US and asked how could we adopt these to be able to confront some of these 21st centutry problems?' There is always a cry for new laws and new legislation, but the reality is there are a lot of good laws on the books that were passed for other purposes that are easily translatable."

It's all about creative use of the current laws, rather than begging for fresh legislation, Boscovich argues. In this week's DNS Changer takedown, courts were again convinced to let law enforcement take a botnet apart. Datacentres in Chicago and New York were raided and dirty servers replaced with clean ones all thanks to a court order. If the perpetrators had been warned in that case, it could have ruined five years' worth of work.

Indeed, the company' responsible for running the botnet, an Estonian organisation called Rove Digital, had previously moved servers when they sensed law enforcement was closing in on some of its other suspicious operations, according to Trend Micro. Imagine if they'd been given notice again. Four million computers would still be infected and the crooks would continue making millions fraudulently.

The future

Advertisement - Article continues below
Advertisement - Article continues below

Whilst the work of law enforcement, industry and others involved in the war on botnets is more than commendable, it would be unwise to get carried away. There remain some major obstacles to overcome. The first is how to tackle the subdomain issue.

At the current time, there is no requirement for domain hosts to know anything about those using their subdomains. In the case of Kelihos, Microsoft got a little lucky. Dominique Alexander Piatti of Czech domain hoster dotFREE Group was accused, along with a number of unidentified suspects, of owning a domain and using it to register other subdomains which were running the Kelihos botnet.

It is time for the community to put more rules in place internationally through ICANN, hopefully, to get more transparency as to who is really behind these domains and subdomains.

Yet Microsoft dropped a lawsuit against Piatti late last month as it seemed dotFREE was simply being used by Kelihos's controllers. Anyone hoping the case would inspire law makers to create fresh legislation were to be sorely disappointed. Domain hosts will still not be forced into knowing who their customers are. The crooked ones will simply turn a blind eye to pernicious activity on their servers.

"There are a lot of domains hosting hundreds of thousands of subdomains that are really hosting nasty stuff," said Boscovich. He explained dotFREE had been highly proactive in cleaning up its game and learning about its customers. The domain industry should follow suit, he said. Either that or extra regulation is required.

"We would really like to see either the other subdomainers employ the same kind of business practices or maybe even have ICAAN require that if you're going to provide subdomains that you're required to get the same information registrars are asked to get," he added.

Advertisement - Article continues below

"It is time for the community to put more rules in place internationally through ICANN, hopefully, to get more transparency as to who is really behind these domains and subdomains that are causing a lot of problems."

Subdomainers aren't the only ones who need to be brought into line. The young up-starts of the info-sec world need to be convinced to join the party too. The divisions between the new players and the old guard could mean certain important data isn't being shared. If these schisms aren't dealt with, ironically, industry in-fighting will only benefit the cyber criminals.

In essence, it's all about greater and greater collaboration. The war against botnets will always be one of attrition. As in the real world, you can't ever completely kill crime. Yet if you can build a sizeable enough army, and keep its various factions at peace with one another, you'll be winning the fight even if you won't win outright.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020