IDS vendors offer thoughts on how to address DDoS extortion.
Last week we heard from a number of readers who weren’t exactly enthusiastic about my earlier proposal to outlaw the growing practice of paying off extortionists who threaten companies with distributed denial-of-service attacks. My point was this: Don’t let decision makers take this shortsighted way out and we’ll be that much closer to wringing the profit motive out of distributed DoS.
I still believe it’s a swell idea, but this week we’ll hear from Peter Rendall, CEO of Top Layer Networks, a maker of intrusion-prevention systems, and Gary MacIsaac, founder of Cetacea Networks, which sells OrcaFlow IDS. They don’t agree with me either, but Rendall and MacIsaac do have constructive thoughts of their own about how to address the problem.
“I certainly do not condone paying extortionists,” Rendall says, even though he wouldn’t support a ban. “We have lots of clients and customers throughout the world, some of them have paid and some have not. The ones that did pay, they thought they were safe and then they were known as payers in that field and they got second, third and fourth letters saying, ‘You owe us more money.'”
MacIsaac sees more value in offering carrots than wielding sticks.
“I’m not sure putting pressure on the extortion victims will help solve the problem – there should not be a downside to reporting, which means some method of victim-identity protection,” he says. “More useful to helping the victim, perhaps, would be to gain as much information as possible about the sources of the DoS traffic through sampling. So perhaps businesses that are targets could be left to use whatever method they choose to deal with the problem, but encouraged to install data collection sensors at their site or with their ISP so as to permit some method of anonymous data gathering in a timely manner for subsequent analysis.”
If the government is to get involved, Top Layer’s Rendall says, a more constructive role than legislating against making payments would be to broker a national bandwidth back-up system.
“We have this strategic oil reserve,” he says, “and we need to have some strategic bandwidth as well to be able to cope with attacks in the future. When big companies are under [DoS] attack and the attack could have a catastrophic effect on national business, then the government should be able to prioritize that large service providers deal and scrub or do whatever they have to do to give additional bandwidth to those companies.”
Both gentlemen argue that a key portion of any solution has to involve limiting the number of computers left vulnerable to commandeering by extortionists.
“Some effort should be focused on encouraging users to exercise responsible participation – meaning the use of good security practice – in the Internet community,” MacIsaac says. “Recently, we drove across our metropolitan region, a distance of about 15 miles. Along that route we detected, using a standard handheld PDA, 380 active 802.11-class home and business networks. Of these networks, perhaps 40% had no security technology in place whatsoever.”
What to do about all these unlocked doors is the tough nut to crack, of course.
“Clearly, going after a home user whose computer is being used for an attack is not practical,” Rendall says. “But the service provider is absolutely responsible for maintaining security on the Internet. Secondly, any company that is used as a launch pad should be taking more proactive measures in stopping attacks going out as well as preventing stuff coming in.”
Bringing together those with the most at stake would be a good place to start, he adds.
“Perhaps an anti-DDoS extortion roundtable or organization should be created to proactively address this problem,” he says. “These attacks have begun with ‘gray area’ industries like online wagering, but cyberextortion is seeping into financial and e-commerce industries – anything reliant on online transactions. A combination of heads of industry, technology vendors, law enforcement and government should align to take this problem head-on – and out from under the covers.”
That would be a good place to start.
This topic isn’t going away anytime soon, so if you haven’t had your say yet, the address is buzz@nww.com.




