Sunday, November 14, 2010

US internet hosts are linchpin of criminal botnets

From the New Scientist ...

WHILE criminal gangs in Russia and China are responsible for much of the world's cybercrime, many of the servers vital to their activities are located elsewhere. An investigation commissioned by New Scientist has highlighted how facilities provided by internet companies in the US and Europe are crucial to these gangs' activities.

Researchers at Team Cymru, a non-profit internet security company based in Burr Ridge, Illinois, delved into the world of botnets - networks of computers that are infected with malicious software. Millions of machines can be infected, and their owners are rarely aware that their computers have been compromised or are being used to send spam or steal passwords.

Several botnets have been linked to gangs based in Russia, where police have a poor record on tackling the problem. But to manage their botnets these gangs often seem to prefer to use computers, known as command-and-control (C&C) servers, in western countries. More than 40 per cent of the 1500 or so web-based C&C servers Team Cymru has tracked this year were in the US. When it comes to hosting C&C servers, "the US is significantly ahead of anyone else", says Steve Santorelli, Team Cymru's director of global outreach in San Diego.

Santorelli and his colleagues also detected a daily average of 226 C&C servers in China and 92 in Russia. But European countries not usually linked with cybercrime were in a similar range, with an average of 120 C&C servers based in Germany and 64 in the Netherlands.

Internet hosts in western countries appeal to criminals for the same reasons that regular computer users like them, says Santorelli: the machines are extremely reliable and enjoy high-bandwidth connections. Team Cymru's research did not identify which companies are hosting botnet servers, but Santorelli says the list would include well-known service providers.

The use of US-based C&C servers to control botnets is a source of frustration to security specialists, who have long been aware of the problem. It is happening even though most hosting companies shut down C&C servers as soon as they receive details of botnet activity from law enforcement agencies and security firms. "When we see an AT&T address serving as a botnet control point, we take it very seriously," says Michael Singer, an executive director at AT&T.

Despite these efforts, the criminals can quickly re-establish control by setting up a new C&C server with a different company, often using falsified registration information and stolen credit card details.

Hosting companies deal with botnets on a voluntary basis at present. They might be more vigilant if required to act by law, but that would create its own regulatory problems, Santorelli says. "The cops don't run or govern the internet after all, and neither do they want to," he says. For legal controls to work, it would be necessary to define who has the authority to decide whether a server is part of a botnet, and how requests from authorities abroad are dealt with.

Jeffrey Carr of security firm Taia Global, based in Washington DC, says that some less well-known providers have been warned about botnet activity on many occasions, but drag their heels when asked to shut down the criminals' servers.

The problem arises partly because web hosting can be a big earner for some firms. "They're generating millions of dollars in income," says Carr. Improvements in security, such as requiring service providers to verify the details of people who rent server facilities, could well hurt these firms' bottom line.

2 comments:

Christina O'Tousa said...

The impact of trusted companies hosting botnets on their servers is incredible. Unknowing customers are being exploited as their computers are comprised. They are sent spam or having their password stolen.

The main reason that companies are agreeing to being a C&C hosting server is because of the millions of dollars that they can make from the botnet gangs.The meaning of privacy is fading. In order to ensure that American citizens will still feel relatively safe just living in their own country, the government must act in order to establish a law enforcement agency for internet crime. In order to establish concrete laws to punish these corrupt companies, there needs to be certain government officials deputized to hack the hackers. These officials should be given some free reign, but there would be oversite so these officials wouldn't get carried away either. It would backfire if these officials ruined the privacy of the citizens even more than the actual botnet gangs.

Once there is a department to control internet crime, there will be a better understanding of internet crime which will lead to the government to establishing effective, and up-to-date laws against criminal activity. The punishment will need to be more extreme than being fined a couple million dollars because the botnet gangs are already paying these corrupt companies that much. More creative forms of punishment will need to be established like prison sentences and other methods. After all these laws and punishments are enacted, these botnet gangs will be forced to find C&C servers in other countries instead.

Margot Allen said...

This article highlights one of the main reasons why the internet has been so difficult to regulate; it is hard to define. It has proved extremely difficult to determine who has control over what. For some people, it is hard to define what the internet even is. It is not a ‘series of interconnected tubes’. Rather, it is an infinitely complex, exponentially growing, intangible network that many people use but only a handful can manipulate. The internet is unlike anything government has had to deal with before. While it grows exponentially in importance to our daily lives, it is hard for most people to understand the science and jargon behind something so complex. It has proved difficult to adapt the constantly growing and changing internet to our legal system. Government and policy simply move at a much slower pace than modern technology.
Another challenge of the internet is that it transcends borders. People worldwide have access to the internet and can communicate with people and access information internationally. This international aspect of the internet makes it even more difficult for any one nation to regulate it. How can you regulate something people under a different authority use? This is one of the many questions facing governments worldwide.