http://www.newscientisttech.com/article/dn10494-isps-should-be-responsible-for-hacker-attacks.html By Paul Marks 09 November 2006 NewScientist.com news service Internet service providers (ISPs) should be made legally liable for the damage caused by "denial of service" (DoS) attacks carried out via their networks, a leading internet lawyer says. A DoS attack involves taking down a website or sever by flooding it with meaningless traffic, usually sent from a network of tens of thousands of PCs infected with viruses and controlled remotely. These viral "bots" do nothing until a hacker sends a command that tells them to attack a target, but can also be used to relay millions of spam email messages. At a conference called Blocking Denial of Service Attacks on the Internet, to be held in London on 13 September, Lilian Edwards, an internet lawyer based at the University of Southampton, UK, will argue that legal measures must be taken if these attacks are to be stemmed. Edwards notes that ISPs currently have no legal obligation to check data relayed to and from internet users. She thinks, however, that governments could require them to do so. Ian Brown of the Communication Research Network, an internet policy group based in Cambridge, UK, will chair the conference. The event will be held at the UK government's Department of Trade and Industry. "There will be a range of people present from government, industry, ISPs and companies that want to protect their online presence," he says. Gambling sites Brown says some gambling sites pay extortionists up to $50,000 to call off an attack, as this is cheaper than having their business offline for any length of time. "You can buy a custom-written bot virus on eBay for around $4000 that will evade antivirus software for at least two weeks, giving time to stage a DoS attack," he says. "Botnets can only really be cured by making Windows more secure, which Microsoft is slowly doing as it moves towards Vista," Brown told New Scientist. "Users can take basic measures, using antivirus software, but governments have the option of taking legal measures." The technology that might stem DoS attacks already exists: it is called deep packet inspection and allows ISPs to tell the difference between, say, internet phone calls and video downloads. Edwards says the same technique could identify sudden storms of traffic. "The ISPs have the knowledge, the resources and the power," she told New Scientist. "They control the net traffic and they can detect unusual patterns in that traffic." Strong resistance The idea of requiring ISPs to guard against DoS attacks will be strongly resisted by the companies concerned, says Malcolm Hutty of the London Internet Exchange, an association of London-based internet providers. "That idea is guaranteed to fail," he says. "It's not the ISP's fault that DoS attacks happen - it is the computer's fault for allowing the bots to be planted." Distinguishing between malicious and innocent traffic would also be too time-consuming and expensive, Hutty contends, and would cause delays for users too. "Recognising DoS attacks is not easy," Hutty says. He notes that the public blog of the Internet Governance Forum, an event in Athens, Greece, last week was so popular that its servers went down. "That was not a DoS attack," Hutty says, "but it looked like one. How is the ISP to know that it is not genuine site popularity, rather than some nefarious purpose?" Ollie Whitehouse of antivirus firm Symantec in the UK says criminals could begin encrypting their attack commands if ISPs start inspecting every packet they handle. "That will make spotting a DoS attack a whole lot harder for an ISP," he says. Hutty agrees: "If we try to tell the good traffic from the bad, it'll only incentivise the bad guys to make it more indistinguishable." Harnessing deep packet inspection is already a politically charged issue. ISPs could use the technique to create a multi-tiered internet, offering different download speeds or quality of service to different users, and infringing the principle of "net neutrality" (see Who said the internet was fair? [1]). [1] http://www.newscientisttech.com/channel/tech/mg19125645.000-who-said-the-internet-was-fair.html _________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Thu Nov 09 2006 - 23:22:32 PST