Security group converges to fight Internet abuse
- 12 June, 2009 19:50
As cybercrime continues to proliferate on the Internet, one industry security group is hoping its work will help stem the tide of spam and scams.
The Messaging Anti-Abuse Working Group (MAAWG) held a three-day meeting in Amsterdam this week, discussing spam, network security, the DNS (Domain Name System) and other topics. Industry professionals traded ideas on stopping abusive online behavior.
Much of MAAWG's work is done behind closed doors. The organization -- founded in 2003 and backed by heavyweights such as AT&T, Yahoo, Comcast and Verizon -- has rarely granted access to its sessions to journalists for fear the security strategies discussed will become known and then circumvented by cybercriminals.
Many participants at MAAWG meetings don't want to be identified in the press, in part because organized criminals gangs are now firmly entrenched in e-crime. Those who seek to disrupt those operations could be targeted for harassment.
The latest meeting was MAAWG's largest European meeting, with 270 participants from 19 countries, including representatives from the U.S. Federal Trade Commission, the Federal Bureau of Investigation and Europol, a European law enforcement organization.
One of the primary focuses of MAAWG is spam. In 2004, Microsoft founder Bill Gates made his now-famous prediction that spam wouldn't be a problem a couple of years later -- but spam remains a thorn in the side of ISPs and consumers and has become ever more tricky to suppress.
ISPs are also battling against botnets, or networks of computers infected with malicious software, a crucial component of spam-sending operations.
The PCs that comprise botnets can be also be used to attack other computers by bombarding them with electronic requests, known as denial-of-service attacks. Compromised PCs are highly valuable to hackers, said Jerry Upton, MAAWG's executive director.
Data can be stolen off the computers, which can be sold to other criminals who specialize in converting credit card numbers to cash, Upton said. E-mail addresses on a PC can be sold to spammers. The PC can then be linked into a botnet and its bandwidth used for spam campaigns, Upton said.
"It is phenomenal," Upton said. "They milk every dime. There's a huge amount of money to be made."
It's also a huge pain for ISPs, many of which aren't quite sure how best to deal with infected PCs on their network, said Michael O'Reirdan, chairman of MAAWG's board of directors. ISPs will often receive complains about abusive activity, and dealing with those complaints can be a time-consuming and expensive exercise.
One of the problems is that much of the responsibility for maintaining good computer security is falling on the shoulders of consumers, who are often unaware of the issues.
"The PC is a complicated device ... yet we are expecting end users to be responsible for them," O'Reirdan said.
Many ISPs are just in the early stages of designing automated systems that can identify infected computers, quarantine them and work with their subscribers to get the PC patched and cleansed of malware. Officials from two ISPs -- True Internet in Thailand and NetCologne in Germany -- gave presentations during MAAWG's meeting on how they have aggressive steps to work with their subscribers to get their PCs cleaned up.
Another big task at this week's MAAWG meeting was to fine-tune a set of best practices for ISPs to help them mitigate botnets. The paper should be released within the next few weeks and will comprise strategies other ISPs have found successful, O'Reirdan said.
MAAWG's papers have been influential within the ISP industry, Upton said. For example, MAAWG published a paper last year recommending that ISPs not allow their subscribers to directly send e-mail on Port 25. The problem was that spammers were using hacked computers to send spam directly from the compromised PC to the destination mail server, bypassing an ISPs mail-routing system.
But network technicians were having trouble convincing upper management that they needed to shut off Port 25, Upton said. The paper, which represented an industry consensus, proved a powerful document to help persuade ISPs to make the changes.
"It's still hard to get approval from the business guys," Upton said.