Botnets are an increasing problem in today's internet. They can do much
harm in the way of spam propagation and distributed denial of service
attacks, but they also tend to
evolve much more quickly than preventative measures. The International
Telecommunication Union, an organization that predates the internet
by more than 100 years, wants to do something about that. To that end,
they are creating a Botnet
The ITU is now an agency of the United Nations, which puts it in the right
place to assist with botnet mitigation. Much like the internet, botnets do
not respect political boundaries; it is often the case that a botnet is
attacking a target in one country, from hosts in multiple countries, using
a command and control (C&C) infrastructure in yet another country. It will
take an international response to thwart an attack of that sort.
The toolkit is primarily focused at developing countries; it is meant to provide
guidelines and best practice information to entities that need it. There
are three types of information in the toolkit: legal, technical, and
social. Each has a role to play in successfully handling botnets and their
From a legal standpoint, many developing countries do not have laws
governing "cybercrime" that could be used to shut down or redirect botnet
traffic. The toolkit will contain recommendations for how such legislation
might be structured, what kind of jurisdiction requirements make sense, as
well as the kinds of evidence that are likely to be available. One of the more
serious difficulties is rectifying the needs of botnet fighters with
the privacy of internet users. A country's privacy laws may cover what
information can be gathered. A paper
describing the toolkit (PDF), which is still in draft form, has some
information about the intersection of privacy rights and internet security,
but this is clearly an area that will need to be handled carefully.
Another policy area that will be covered by the toolkit is in establishing
a framework for handling incidents that occur. How to establish
monitoring, putting together a collaboration between the government and
internet service providers, along with deterring internet criminals from
setting up shop in the country are all facets of a national "cybersecurity"
policy. If a country is starting from a point where none of this kind of
organization exists, which is true for much of the developing world, the
toolkit will provide the government with the right questions to ask and
areas that need a decision. At a
minimum, it will also make recommendations that may be followed or ignored.
From a technical standpoint, internet service providers may need information on
best practices for securing their networks from external threats. They
also may need information on handling malicious traffic originating in
their networks. The toolkit intends to provide information on both. The
contents of the paper contain a great deal of good information for those
that are interested. Even for ISPs in developed countries, there is much
that could be learned.
The social aspect of dealing with botnets is perhaps the most difficult part,
but, if successful, may provide the best defense. Like the technical
measures, this is by no means a problem only in developing countries.
Users everywhere need to learn good habits when using the internet.
Free software is specifically called out as part of the solution in the social
section of the paper, not because it is more resistant to malware (which is
unclear), but because it can always be upgraded to fix security flaws.
Many users in developing countries use unlicensed software from proprietary vendors
that is difficult or impossible to upgrade.
The ITU toolkit is a worthy project, which will hopefully be well received
by countries around the world. Due care needs to be taken so that it is
not seen as something being imposed by the developed world. Even if botnets
are not currently causing any major pain for a country, they certainly
will some day. Getting out ahead of that curve would be of great benefit,
hopefully most countries will see it that way.
A pilot project is planned for Malaysia, in cooperation with the government
there, in 2008 that will
allow the ITU to fine tune its message and the toolkit. After that, it can
start rolling it out in other interested
countries. It may be a few years off, but bot herders may start feeling
to post comments)