The people who run the world’s internet systems are a rather secretive bunch.
Three times a year, senior technical officers from companies such as Google, Yahoo, AT&T, Comcast and Verizon
meet to discuss ways of stopping the internet from being swamped by
rising levels of spam, viruses and hacking attacks by organised
criminals. They do not generally like discussing these meetings.
“Some
people might get nervous if they knew all the things we talked about,”
said Michael O’Rierdan, chairman of the Messaging Anti-Abuse Working
Group (MAAWG). “Its our job to make the internet safe, but we don’t
want to put people off using the web.”
They are also worried about being targeted by the cyber-criminals they are trying to thwart.
Most of the spam and hacking on the internet is run by organised crime rings. There is an underground economy that
hacks into computers, sells stolen identities and orchestrates the
sending of spam e-mails about everything from fake Viagra pills to
banking scams. There is a lot of money at stake in keeping these
operations running.
“We get threats every day,” said Larry, chief
technical officer of Spamhaus, a non-profit organisation that exposes
spammers. He prefers not to reveal his surname. “In the US it is people
bringing lawsuits against us. And then there are organised criminals in
Russia and Ukraine, who use different methods.”
Steve Linford, the organisation’s founder, has been advised by police not to open unexpected packages arriving at his home.
MAAWG
meetings are also places to discuss some of the controversial measures
that internet companies need to take in the fight against spam, such as
blocking some types of e-mail traffic. This measure sits awkwardly with
civil liberties bodies.
The
270 delegates from 19 countries who met at Amsterdam’s venerable Hotel
Krasnapolsky last week were far from the usual, suit-wearing conference
crowd. An eclectic mix of tattoos, ponytails, high-waisted trousers and
backpacks indicated that these were true operations people who work in
the bowels of the network.
Membership is strictly vetted and
journalists are not normally invited to attend, but MAAWG has started
to lift its veil a little. There is a growing feeling that the industry
must reach out to consumers and get them to help fight cyber-crime.
In 2008,
349.6bn spam messages were sent across the internet, according to Symantec, the internet security company. Spam accounts for an average of almost 94 per cent of all e-mail messages.
Keywords: the dark side of the world wide web
● Spam:
Unsolicited electronic messages, most commonly e-mail, but also
increasingly common in instant messaging, blogs and mobile phone
messages. The first e-mail spam is believed to have been sent in 1978.
● Malware:
Malicious software designed to infiltrate or damage a computer system
without the owners’ consent. Symantec, the internet security company,
has estimated there is now more malware released each year than
legitimate software programs. There are many different types of
malware, including viruses, worms and Trojan horses.
● Phishing:
The fraudulent attempt to acquire sensitive information such as
passwords, bank account details and credit card numbers. Typically it
is in the form of an e-mail that directs people to a fake website –
that looks like the legitimate site of a bank or other trusted
organisation – where people are asked to enter personal details.
● Botnets:
A network of computers that have been hacked and are being remotely
controlled by cyber-criminals. Typically they are used to send out spam
messages or viruses in large numbers. Most users will be unaware if
their computer has been infiltrated and added to a botnet. Symantec
estimated there were more than 9.4m machines hijacked in this way in
2008.
Nearly 90 per cent of spam is sent from computers that have been hacked into and are being remotely programmed to send out spam.
More
than 9.4m computers have been hijacked in this way and their owners are
usually entirely unaware it is going on. It will be impossible to clean
up these machines without talking to consumers.
“Sometimes we
want people to know what we are doing, so they can yell at the
politicians to give us more help,” said Jerry Upton, executive director
of MAAWG.
There is a rising sense of crisis among internet
companies about the cost of spam. Few are willing to quantify how much
they have to spend to fight spam, but Mr O’Rierdan estimated that big
internet service providers employ five to 10 staff just to look at
spam. In addition they must buy spare servers, routers and other
equipment to cope with the volumes of junk mail, buy spam-filtering
software and run support centres for their customers.
Viriya
Upatising, chief technical officer of True Internet, a Thai internet
service provider, said junk mail was a crippling cost for the company
because it was paying to send the unwanted data across undersea cable
connections to destinations such as the US and Europe.
“The
cost of bandwidth is expensive in Asia,” Mr Upatising said. “It costs
us $250 per megabit per month to send data internationally.”
The
company put in place a draconian system that prevents suspected
spammers from using its network. The measures have cut unwanted
messages from 3.5m a day to a more manageable 250,000.
“We are all sharing these costs,” said Patrick Peterson, chief technology officer at Ironport Systems, Cisco’s
e-mail security arm. “Spam is a stealth tax on consumers. ISPs have to
pay for the spam, for the extra bandwidth, for equipment, and they are
forced to put up their prices for consumers.”
There is a fear
among internet security professionals that they might be losing the
battle to cyber-criminals. This may also be why they now want the
public to know more about what they do, to show they have at least
tried.
“I don’t know if we can control it,” said Dave Crocker,
one of the early pioneers of e-mail and now a senior technical adviser
to MAAWG.
He added: “It is an arms race. We are getting better
at filtering out rogue messages but every day the criminals get better
too, and they are better organised and more aggressive.”[link]
Recent Comments