The Threat from the Net

During two keynote speeches at the Infosecurity Europe conference at Olympia (London UK), Lord Harris of Haringey warned the UK government of the serious threat to Critical National Infrastructure posed by groups of E-vandals and criminal gangs, and the fact that the UK has neither systematic protection nor a response strategy in place.

Spamhaus has for a number of years been attacked on a regular basis by giant botnets operated by these same groups, and has had to put its own substantial defences in place to survive electronic attacks, sophisticated defenses which most companies could not afford to implement. But neither Spamhaus, Microsoft nor any other target of these attacks can respond to them in isolation. From our own experience, and daily contact with specialist investigators around the world working on botnet cases, Spamhaus endorses every word of Lord Harris's excellent speech.

With the exception of the very few Internet expert politicians such as Lord Harris and Richard Allan MP, politicians in the UK and USA have failed to realise the serverity of the threat of cyber-attacks, and as a result no action has been taken to mitigate it.

Law enforcement agencies on both sides of the Atlantic are severely under-resourced in their E-crime strategy, so much so that only high-profile cases are handled. With the best will in the world the number of agents available to take on the plethora of E-crime cases is severely limited by funding. Spamhaus believes this is a dangerous strategy because in so many cases the intelligence needed to handle the serious issues is best acquired by responding to smaller incidents. We are routinely able to trace and locate botnet controllers but the legal resources on the ground to "knock the door down" and seize the controller are in most cases not there. We have seen many times with botnet and virus gangs, where extensive evidence of E-crime has been passed to security agencies, almost all cases involving cross border enforcement end up being filed under "too difficult", meaning lack of resources, meaning lack of government funding.

Privacy laws, drafted to allow an effective response where communications are an ancillary to crime, become a serious obstacle to investigating crimes where the communications system is the weapon used by Internet criminals.

Transnational networks, such as MCI, XO and Above Net, who are in a unique position to identify and remove the sources of such attacks, routinely turn a deaf ear to network specialists trying to report incidents for their attention.

With Internet crime at an all-time high, Internet users are being flooded with spam-borne bank phishing scams while their private PCs are hijacked into spam proxynets and botnets for criminal use.

Spamhaus believes that unless the industry becomes willing to develop a more positive response strategy, the incoming UK government should develop legislation to address the cybercrime threat and to protect Britain's critical national infrastructure from cyber-attack.