News Ticker

Dealing with spam and cyberattacks: Control Vs. Openness

This post first appeared in the San Jose Mercury News

by Larry Magid

Back in the early ’90s, then Vice President Al Gore spoke of the Internet as an “information superhighway.” While that’s a somewhat imperfect analogy, the Internet and highways do have some things in common. Both can move traffic and both can become too clogged up for traffic to move swiftly.

A traffic jam on a real highway can affect that road and any other roads that connect to it and the same can be true for the information highway.

And while most traffic jams are a result of an accident or too many vehicles (or data packets in the case of the Internet) legitimately trying to get from place to place, they can also be slowed down deliberately, as happened in Brussels last September when about 100 trucks slowed traffic entering the city as part of a planned protest.

Last week, a small Dutch Internet service provider called CyberBunker initiated a traffic jam of its own. Its apparent goal wasn’t to slow down the entire Internet but to bring down the services of Spamhaus — a spam fighting organization that had added CyberBunker to its block lists for allegedly allowing its customers to send spam around the world. CyberBunker advertises that customers “are allowed to host any content they like, except child porn and anything related to terrorism. Everything else is fine.”

According to published reports, that traffic jam affected servers around the world and impacted ordinary people thousands of miles away who weren’t able to watch online video or access other Web services as a result of a protest on another continent.

It’s a scary thought and a reminder of how this “global village” we live in is so interconnected that we can no longer afford to ignore problems that affect “other people,” because they can affect us, too. Of course that’s long been true to a certain extent — a fire in an oil field in the Middle East can affect gas prices in our Midwest; a poor wheat harvest in Kansas could affect bread prices in Russia; a storm in New York can affect air traffic in San Francisco. But on the Internet, the impact can be immediate and widespread.

This is one reason international bodies such as the United Nations hold occasional global forums like the Internet Governance Forum or the International Telecommunications Union (ITU) World Conference on International Telecommunications to talk about coordinated strategies to keep traffic flowing on our global highway. Of course, even these bodies are not without their controversy. Late last year, the United States led a coalition of countries that refused to sign an International Telecommunications Regulations treaty because it proposed regulations that many Western countries considered to be a threat to the open Internet.

Without getting into the specifics of the ITU treaty, the general issue of control vs. openness is one that needs to be looked at in light of today’s threat landscape. We need global cooperation to help thwart attacks and keep traffic moving. But we don’t need cyber police around the world stopping traffic for no legitimate reason just to see what’s in the trunk, so to speak.

Solving international cybercrime poses both legal and technical challenges. Dave Rand, who co-founded the Mail Abuse Prevention System (MAPS) and is now a technical fellow at Trend Micro, pointed out in an interview that it’s possible for spam to be sent from Antigua advertising a virus site in Canada with payment processed in the Virgin Islands, and with domain name servers in the United States and a fulfillment service in India.

“Where does law enforcement start?” he asked. “It’s very difficult for law enforcement to get a handle on it because there are no effective transnational laws for the Internet.” Finding a way to balance privacy, security and the legal aspect of the Internet as a whole is a “deep dark problem,” Rand said.

Rand said it’s up to the private sector to “apply appropriate pressures at the right time.” He pointed to an example from 2008, where a series of articles from then Washington Post columnist Brian Krebs pressured upstream Internet service providers into cutting off access to McColo, a San Jose-based company that was hosting spam sites. “At that moment,” said Rand, “spam on the Internet dropped by more than 50 percent.”

Rand said that it’s time to put international pressure on CyberBunker’s upstream providers that link them with the global Internet.

I might add that it’s also appropriate to continue international conversations about beefing up cross-border cooperation and international laws that can help protect the Internet. I am well aware of the potential for overregulation or oppressive laws, as we found at that last ITU meeting, but we also need to find better ways to protect our shared infrastructure while also protecting national sovereignty and an open Internet.