{"id":6755,"date":"2017-02-23T06:30:03","date_gmt":"2017-02-23T14:30:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/02\/23\/news-546\/"},"modified":"2017-02-23T06:30:03","modified_gmt":"2017-02-23T14:30:03","slug":"news-546","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/02\/23\/news-546\/","title":{"rendered":"Amid cyberattacks, ISPs try to clean up the internet"},"content":{"rendered":"

<\/p>\n

Credit to Author: Michael Kan| Date: Thu, 23 Feb 2017 06:26:00 -0800<\/strong><\/p>\n

If your computer\u2019s been hacked, Dale Drew might know something about that. <\/p>\n

Drew is chief security officer at Level 3 Communications, a major internet backbone provider that’s routinely on the lookout for cyberattacks on the network level. The company has linked more than 150 million IP addresses to malicious activity worldwide. <\/p>\n

That means all of those IP addresses have computers behind them that are probably involved in distributed denial-of-service attacks, email spam, or breaches of company servers, Drew said. <\/p>\n

Hackers have managed to hijack those computers to “cause harm to the internet,” but the owners don’t always know that, Drew said.\u00a0 <\/p>\n

The tracking capabilities of Level 3 highlight how ISPs can spot malicious patterns of activity over the internet, and even pinpoint the IP addresses that are being used for cybercrime. <\/p>\n

In more extreme cases, Level 3 can essentially block<\/a> bad traffic from harassing victims, and effectively shut down or disrupt the hackers\u2019 attacks. <\/p>\n

So why aren\u2019t ISPs doing more to crack down on cybercrime? The issue is that an ISP’s ability to differentiate between normal and malicious internet traffic has limits and finding ways to properly respond can open a whole can of worms. <\/p>\n

Level 3 has built up a database of 178 million IP addresses — most of them static IP addresses<\/a> — that it has connected to suspected malicious activity. It\u2019s done so by pinpointing patterns that deviate from \u201cknown good\u201d internet traffic, Drew said. He compared it to running a post office. Although Level 3 isn\u2019t examining the content of the internet traffic or the \u201cenvelopes\u201d passing through, it does know who\u2019s sending what and to whom. <\/p>\n

For example, \u201cevery time this user gets a red envelope from person X, they complain its spam,\u201d Drew said. \u201cSo I can start to build a heuristic off that behavior.\u201d <\/p>\n

Bad-behavior patterns have helped Level 3 build algorithms to identity suspicious traffic. Of the millions of IP addresses it\u2019s been tracking, 60 percent are likely associated with\u00a0botnets<\/a>, or armies of infected computers that can be used for DDoS attacks. <\/p>\n

Level 3 has associated another 22 percent with email phishing campaigns. <\/p>\n

One might wonder why Level 3 doesn\u2019t just block these IP addresses from the internet. But that can be problematic. \u00a0Often, users of hacked computers are unaware their machines have been compromised, and it may be unclear whether some of those machines are also being used for important purposes, such as legitimate financial transactions. <\/p>\n

Blocking those machines could potentially mean stopping millions of dollars in transactions, Drew said. <\/p>\n

Dale Drew, Level 3’s chief security officer. <\/p>\n

Instead, the company tries to notify the users of those IP addresses. In many cases, they are businesses, which can be quick to respond, Drew said. However, when it comes to consumers, there’s no phonebook linking one person to an IP address. So Level 3 has to work with the hosting provider in order to reach the user. <\/p>\n

Overall, it can be an uphill battle. \u201cFor every IP address we repair, more IP addresses are being compromised,\u201d Drew said. <\/p>\n

Other ISPs, including some in Europe, have also been notifying customers when their machines might be infected. It\u2019s become a years-old, growing practice, but getting users to fix their infected computers isn\u2019t always straightforward, said Richard Clayton<\/a>, a security researcher at the University of Cambridge and director of its cloud cybercrime center.\u00a0 <\/p>\n

Even when ISPs send warning messages to users, what then? Not every PC user knows how to resolve a malware infection, Clayton said. For ISPs, it can also be a matter of cost. <\/p>\n

\u201cOf course we want to see ISPs helping, but they are in a competitive market,\u201d he said. \u201cThey are trying to cut their costs wherever they can, and talking to customers and passing on a message is not a cheap thing to do.\u201d <\/p>\n

In addition, ISPs can\u2019t identify every malicious cyberattack. Most hacking attacks masquerade as normal traffic and even ISP detection methods can occasionally generate errors, Clayton said. <\/p>\n

\u201cIf you have a 99 percent detection rate, in an academic paper, that sounds fantastic,\u201d he said. \u201cBut that basically means one out of 100 times, you\u2019ll be plain wrong.\u201d <\/p>\n

That\u2019s why taking down suspected hackers usually requires collective action from law enforcement and security researchers who have thoroughly investigated a threat and confirmed that it is real. Governments<\/a> and ISPs<\/a> have also become involved in creating websites and services telling users how to effectively clean up their PCs. <\/p>\n

It\u2019s a difficult balancing act for ISPs, said Ed Cabrera, the chief cybersecurity officer at antivirus vendor Trend Micro. \u201cThey can do a lot of detection quite easily,\u201d he said. \u201cBut the blocking piece is not something that they want to take responsibility for.\u201d <\/p>\n

Cybercriminals are also continually elevating their game, making them harder to detect. \u201cThe problem is nowhere near black and white,\u201d Cabrera said. \u201cWe\u2019re quick to say ISPs aren\u2019t doing enough, but I think often times that\u2019s unfair.\u201d <\/p>\n

Level 3\u2019s Drew said it\u2019s tempting to think that the world\u2019s cybersecurity problems can be solved with a magic bullet. But for now, it will take a collective effort — of ISPs, governments, businesses and consumers — to clean up the internet and secure today’s devices.\u00a0 <\/p>\n

“Even if we were able to deploy exhaustive technology to analyze the bad, ugly traffic, it still doesn’t fix the infected devices,” Drew said. “The end user still has a role to properly patch that device.” <\/p>\n

He also encourages all ISPs to take Level 3’s approach and notify customers when their computers have been hijacked by hackers. <\/p>\n

If more ISPs did this, Drew said, “we might make a dent.” <\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Michael Kan| Date: Thu, 23 Feb 2017 06:26:00 -0800<\/strong><\/p>\n

\n
\n

If your computer\u2019s been hacked, Dale Drew might know something about that.<\/p>\n

Drew is chief security officer at Level 3 Communications, a major internet backbone provider that’s routinely on the lookout for cyberattacks on the network level. The company has linked more than 150 million IP addresses to malicious activity worldwide.<\/p>\n

That means all of those IP addresses have computers behind them that are probably involved in distributed denial-of-service attacks, email spam, or breaches of company servers, Drew said.<\/p>\n

Hackers have managed to hijack those computers to “cause harm to the internet,” but the owners don’t always know that, Drew said.\u00a0<\/p>\n

To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10629,4314,11080,714],"class_list":["post-6755","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-cyberattacks","tag-internet","tag-networking","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6755","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6755"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6755\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6755"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6755"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6755"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}