Tuesday, December 09, 2008

Cyber Crime: Time to Exclude Bad ISPs

Oliver Day writes on SecurityFocus:

It is hard to argue that such takedowns, which took the command-and-control servers for several major botnets offline, would not benefit everyone who uses the Internet. Estimates of the decrease in spam from the McColo takedown ran from 40 to 80 percent, even if it lasted only for a short time. More importantly, as bulletproof hosting providers drop bad actors from their client list, the cost of hosting the command-and-control servers go up. Increasing the transaction costs to commit cybercrime is one of the best strategies to reduce it.

The takedown strategy, however, shows the weakness of the current system, rather than its strength. In both the McColo and Atrivo cases, shame seemed to be the only real trigger for action. Traditional law enforcement was absent, despite reports that alleged that computers hosted on those services' networks were responsible for many crimes.

While the hosting providers themselves may be protected as common carriers, it is still puzzling why agencies like the FBI weren't at least corroborating these claims. McColo and Atrivo were based in the United States, and thus under the jurisdiction of the nation's laws.

More here.


Post a Comment

<< Home