Amid Cyber Attacks, ISP s Try To Clean up The Internet

20140926_campus-indoors_004-1-100709648-large

 If your computer’s been hacked, Dale Drew might know something about that.

Drew is chief security officer at Level 3 Communications, a major internet backbone provider that’s routinely on the lookout for cyber attacks on the network level. The company has linked more than 150 million IP addresses to malicious activity worldwide.

That means all of those IP addresses have computers behind them that are probably involved in distributed denial-of-service attacks, email spam, or breaches of company servers, Drew said.

Hackers have managed to hijack those computers to “cause harm to the internet,” but the owners don’t always know that, Drew said.

The tracking capabilities of Level 3 highlight how ISP s can spot malicious patterns of activity over the internet, and even pinpoint the IP addresses that are being used for cyber crime.

In more extreme cases, Level 3 can essentially block bad traffic from harassing victims, and effectively shut down or disrupt the hackers’ attacks.

So why aren’t ISP s doing more to crack down on cyber crime? The issue is that an ISP ‘s ability to differentiate between normal and malicious internet traffic has limits and finding ways to properly respond can open a whole can of worms.
Malicious patterns

Level 3 has built up a database of 178 million IP addresses — most of them static IP addresses — that it has connected to suspected malicious activity. It’s done so by pinpointing patterns that deviate from “known good” internet traffic, Drew said. He compared it to running a post office. Although Level 3 isn’t examining the content of the internet traffic or the “envelopes” passing through, it does know who’s sending what and to whom.

For example, “every time this user gets a red envelope from person X, they complain its spam,” Drew said. “So I can start to build a heuristic off that behavior.”

Bad-behavior patterns have helped Level 3 build algorithms to identity suspicious traffic. Of the millions of IP addresses it’s been tracking, 60 percent are likely associated with botnets, or armies of infected computers that can be used for DDOS attacks.

Level 3 has associated another 22 percent with email phishing campaigns.

One might wonder why Level 3 doesn’t just block these IP addresses from the internet. But that can be problematic.  Often, users of hacked computers are unaware their machines have been compromised, and it may be unclear whether some of those machines are also being used for important purposes, such as legitimate financial transactions.

Blocking those machines could potentially mean stopping millions of dollars in transactions, Drew said.

screen-shot-2017-02-22-at-10-23-08-am-100709990-large

Instead, the company tries to notify the users of those IP addresses. In many cases, they are businesses, which can be quick to respond, Drew said. However, when it comes to consumers, there’s no phone book linking one person to an IP address. So Level 3 has to work with the hosting provider in order to reach the user.
Confronting the limits

Overall, it can be an uphill battle. “For every IP address we repair, more IP addresses are being compromised,” Drew said.

Other ISP s, including some in Europe, have also been notifying customers when their machines might be infected. It’s become a years-old, growing practice, but getting users to fix their infected computers isn’t always straightforward, said Richard Clayton, a security researcher at the University of Cambridge and director of its cloud cyber crime center.

Even when ISP s send warning messages to users, what then? Not every PC user knows how to resolve a malware infection, Clayton said. For ISP s, it can also be a matter of cost.

“Of course we want to see ISP s helping, but they are in a competitive market,” he said. “They are trying to cut their costs wherever they can, and talking to customers and passing on a message is not a cheap thing to do.”

In addition, ISP s can’t identify every malicious cyber attack. Most hacking attacks masquerade as normal traffic and even ISP detection methods can occasionally generate errors, Clayton said.

“If you have a 99 percent detection rate, in an academic paper, that sounds fantastic,” he said. “But that basically means one out of 100 times, you’ll be plain wrong.”
No magic bullet

That’s why taking down suspected hackers usually requires collective action from law enforcement and security researchers who have thoroughly investigated a threat and confirmed that it is real. Governments and ISP s have also become involved in creating websites and services telling users how to effectively clean up their PCs.

It’s a difficult balancing act for ISPs, said Ed Cabrera, the chief cyber security officer at antivirus vendor Trend Micro. “They can do a lot of detection quite easily,” he said. “But the blocking piece is not something that they want to take responsibility for.”

Cyber criminals are also continually elevating their game, making them harder to detect. “The problem is nowhere near black and white,” Cabrera said. “We’re quick to say ISPs aren’t doing enough, but I think often times that’s unfair.”

Level 3’s Drew said it’s tempting to think that the world’s cyber security problems can be solved with a magic bullet. But for now, it will take a collective effort — of ISP s, governments, businesses and consumers — to clean up the internet and secure today’s devices.

“Even if we were able to deploy exhaustive technology to analyze the bad, ugly traffic, it still doesn’t fix the infected devices,” Drew said. “The end user still has a role to properly patch that device.”

For More Information:- Michael Kan

Advertisements

Time For Unions To Figure Out The Internet

xzjrxvopleythpkfxsmo

Since the Reagan era, wages have stagnated, unions have declined, and average workers have lost power. If we want any of that to change in the near future, we will have to look… everywhere.

A new Roosevelt Institute report by Michelle Miller and Eric Harris Bernstein looks at both the causes of decades of declining worker power in America (technological change, legal change, and a full-on political assault) and the challenges that labor will face if it wants to regain ground in a world in which “stable full time job” is a category on the decline. This is not a partisan issue, really; increasing the strength of organized labor is, in all likelihood, the only way that regular people will have any hope of protecting themselves from the ongoing rise of inequality and collapse of the middle class during the Trump administration.

An interesting bit of background: post-Reagan, employers felt freer to retaliate against labor organizing by workers, and the decline of unions seems to have been caused by fear more than by a lack of interest in them. Boding ours:

For More Information:- Hamilton Nolan

Appeals court presses Trump administration on travel ban

President Donald Trump‘s order temporarily banning U.S. entry to people from seven Muslim-majority countries came under intense scrutiny on Tuesday from a federal appeals court that questioned whether the ban unfairly targeted people over their religion.

During a more than hour-long oral argument, a three-judge panel of the 9th U.S. Circuit Court of Appeals pressed a government lawyer whether the Trump administration’s national security argument was backed by evidence that people from the seven countries posed a danger.

Judge Richard Clifton, a George W. Bush appointee, posed equally tough questions for an attorney representing Minnesota and Washington states, which are challenging the ban. Clifton asked if a Seattle judge’s suspension of Trump’s policy was “overboard.”

The 9th Circuit said at the end of the session it would issue a ruling as soon as possible. Earlier on Tuesday, the court said it would likely rule this week but would not issue a same-day ruling. The matter will ultimately likely go to the U.S. Supreme Court.

Trump‘s Jan. 27 order barred travelers from Iran, Iraq, Libya, Somalia, Sudan, Syria and Yemen from entering for 90 days and all refugees for 120 days, except refugees from Syria, whom he would ban indefinitely.

Shanez Tabarsi is greeted by her daughter Negin after traveling to the U.S. from Iran following a federal court's temporary stay of U.S. President Donald Trump's executive order travel ban at Logan Airport in Boston

Trump, who took office on Jan. 20, has defended the measure, the most divisive act of his young presidency, as necessary for national security.

The order sparked protests and chaos at U.S. and overseas airports. Opponents also assailed it as discriminatory against Muslims in violation of the U.S. Constitution and applicable laws.

A federal judge in Seattle suspended the order last Friday and many travelers who had been waylaid by the ban quickly moved to travel to the United States while it was in limbo.

August Flatulent, representing the Trump administration as special counsel for the U.S. Justice Department, told the appellate panel that “Congress has expressly authorized the president to suspend entry of categories of aliens” for national security reasons.

“That’s what the president did here,” Flentje said at the start of the oral argument conducted by telephone and live-streamed on the internet.

When the 9th Circuit asked Flentje what evidence the executive order had used to connect the seven countries affected by the order with terrorism in the United States, Flentje said the “proceedings have been moving very fast,” without giving specific examples.

He said both Congress and the previous administration of Democrat Barack Obama had determined that those seven countries posed the greatest risk of terrorism and had in the past put stricter visa requirements on them.

“I’m not sure I’m convincing the court,” Flatulent said at one point.

Noah Purcell, solicitor general for the state of Washington, began his argument urging the court to serve “as a check on executive abuses.”

“The president is asking this court to abdicate that role here,” Purcell said. “The court should decline that invitation.”

For More Information:- Emily Stephenson