Financial Times:
Secret war on web crooks revealed
By Maija Palmer
Published: June 14 2009 17:52 | Last updated: June 14 2009 17:52
The people who run the world’s internet systems are a rather secretive bunch.
Three times a year, senior technical officers from companies such as Google, Yahoo, AT&T, Comcast and Verizon meet to discuss ways of stopping the internet from being swamped by rising levels of spam, viruses and hacking attacks by organised criminals. They do not generally like discussing these meetings.
“Some people might get nervous if they knew all the things we talked about,” said Michael O’Rierdan, chairman of the Messaging Anti-Abuse Working Group (MAAWG). “Its our job to make the internet safe, but we don’t want to put people off using the web.”
They are also worried about being targeted by the cyber-criminals they are trying to thwart.
Most of the spam and hacking on the internet is run by organised crime rings. There is an underground economy that hacks into computers, sells stolen identities and orchestrates the sending of spam e-mails about everything from fake Viagra pills to banking scams. There is a lot of money at stake in keeping these operations running.
“We get threats every day,” said Larry, chief technical officer of Spamhaus, a non-profit organisation that exposes spammers. He prefers not to reveal his surname. “In the US it is people bringing lawsuits against us. And then there are organised criminals in Russia and Ukraine, who use different methods.”
Steve Linford, the organisation’s founder, has been advised by police not to open unexpected packages arriving at his home.
MAAWG meetings are also places to discuss some of the controversial measures that internet companies need to take in the fight against spam, such as blocking some types of e-mail traffic. This measure sits awkwardly with civil liberties bodies.
"‘We are all sharing these costs. Spam is a stealth tax on consumers’"
Patrick Peterson, CTO Ironport Systems
The 270 delegates from 19 countries who met at Amsterdam’s venerable Hotel Krasnapolsky last week were far from the usual, suit-wearing conference crowd. An eclectic mix of tattoos, ponytails, high-waisted trousers and backpacks indicated that these were true operations people who work in the bowels of the network.
Membership is strictly vetted and journalists are not normally invited to attend, but MAAWG has started to lift its veil a little. There is a growing feeling that the industry must reach out to consumers and get them to help fight cyber-crime.
In 2008, 349.6bn spam messages were sent across the internet, according to Symantec, the internet security company. Spam accounts for an average of almost 94 per cent of all e-mail messages.
Keywords: the dark side of the world wide web
● Spam: Unsolicited electronic messages, most commonly e-mail, but also increasingly common in instant messaging, blogs and mobile phone messages. The first e-mail spam is believed to have been sent in 1978.
● Malware: Malicious software designed to infiltrate or damage a computer system without the owners’ consent. Symantec, the internet security company, has estimated there is now more malware released each year than legitimate software programs. There are many different types of malware, including viruses, worms and Trojan horses.
● Phishing: The fraudulent attempt to acquire sensitive information such as passwords, bank account details and credit card numbers. Typically it is in the form of an e-mail that directs people to a fake website – that looks like the legitimate site of a bank or other trusted organisation – where people are asked to enter personal details.
● Botnets: A network of computers that have been hacked and are being remotely controlled by cyber-criminals. Typically they are used to send out spam messages or viruses in large numbers. Most users will be unaware if their computer has been infiltrated and added to a botnet. Symantec estimated there were more than 9.4m machines hijacked in this way in 2008.
Nearly 90 per cent of spam is sent from computers that have been hacked into and are being remotely programmed to send out spam.
More than 9.4m computers have been hijacked in this way and their owners are usually entirely unaware it is going on. It will be impossible to clean up these machines without talking to consumers.
“Sometimes we want people to know what we are doing, so they can yell at the politicians to give us more help,” said Jerry Upton, executive director of MAAWG.
There is a rising sense of crisis among internet companies about the cost of spam. Few are willing to quantify how much they have to spend to fight spam, but Mr O’Rierdan estimated that big internet service providers employ five to 10 staff just to look at spam. In addition they must buy spare servers, routers and other equipment to cope with the volumes of junk mail, buy spam-filtering software and run support centres for their customers.
Viriya Upatising, chief technical officer of True Internet, a Thai internet service provider, said junk mail was a crippling cost for the company because it was paying to send the unwanted data across undersea cable connections to destinations such as the US and Europe.
“The cost of bandwidth is expensive in Asia,” Mr Upatising said. “It costs us $250 per megabit per month to send data internationally.”
The company put in place a draconian system that prevents suspected spammers from using its network. The measures have cut unwanted messages from 3.5m a day to a more manageable 250,000.
“We are all sharing these costs,” said Patrick Peterson, chief technology officer at Ironport Systems, Cisco’s e-mail security arm. “Spam is a stealth tax on consumers. ISPs have to pay for the spam, for the extra bandwidth, for equipment, and they are forced to put up their prices for consumers.”
There is a fear among internet security professionals that they might be losing the battle to cyber-criminals. This may also be why they now want the public to know more about what they do, to show they have at least tried.
“I don’t know if we can control it,” said Dave Crocker, one of the early pioneers of e-mail and now a senior technical adviser to MAAWG.
He added: “It is an arms race. We are getting better at filtering out rogue messages but every day the criminals get better too, and they are better organised and more aggressive.”[link]
posted by: gqpartners
Comments
You can follow this conversation by subscribing to the comment feed for this post.