AOH :: ISN-3251.HTM

ISPs 'should be responsible' for hacker attacks

ISPs 'should be responsible' for hacker attacks
ISPs 'should be responsible' for hacker attacks 

By Paul Marks
09 November 2006 news service

Internet service providers (ISPs) should be made legally liable for the 
damage caused by "denial of service" (DoS) attacks carried out via their 
networks, a leading internet lawyer says.

A DoS attack involves taking down a website or sever by flooding it with 
meaningless traffic, usually sent from a network of tens of thousands of 
PCs infected with viruses and controlled remotely. These viral "bots" do 
nothing until a hacker sends a command that tells them to attack a 
target, but can also be used to relay millions of spam email messages.

At a conference called Blocking Denial of Service Attacks on the 
Internet, to be held in London on 13 September, Lilian Edwards, an 
internet lawyer based at the University of Southampton, UK, will argue 
that legal measures must be taken if these attacks are to be stemmed. 
Edwards notes that ISPs currently have no legal obligation to check data 
relayed to and from internet users. She thinks, however, that 
governments could require them to do so.

Ian Brown of the Communication Research Network, an internet policy 
group based in Cambridge, UK, will chair the conference. The event will 
be held at the UK government's Department of Trade and Industry. "There 
will be a range of people present from government, industry, ISPs and 
companies that want to protect their online presence," he says.

Gambling sites

Brown says some gambling sites pay extortionists up to $50,000 to call 
off an attack, as this is cheaper than having their business offline for 
any length of time. "You can buy a custom-written bot virus on eBay for 
around $4000 that will evade antivirus software for at least two weeks, 
giving time to stage a DoS attack," he says.

"Botnets can only really be cured by making Windows more secure, which 
Microsoft is slowly doing as it moves towards Vista," Brown told New 
Scientist. "Users can take basic measures, using antivirus software, but 
governments have the option of taking legal measures."

The technology that might stem DoS attacks already exists: it is called 
deep packet inspection and allows ISPs to tell the difference between, 
say, internet phone calls and video downloads. Edwards says the same 
technique could identify sudden storms of traffic. "The ISPs have the 
knowledge, the resources and the power," she told New Scientist. "They 
control the net traffic and they can detect unusual patterns in that 

Strong resistance

The idea of requiring ISPs to guard against DoS attacks will be strongly 
resisted by the companies concerned, says Malcolm Hutty of the London 
Internet Exchange, an association of London-based internet providers. 
"That idea is guaranteed to fail," he says. "It's not the ISP's fault 
that DoS attacks happen - it is the computer's fault for allowing the 
bots to be planted."

Distinguishing between malicious and innocent traffic would also be too 
time-consuming and expensive, Hutty contends, and would cause delays for 
users too.

"Recognising DoS attacks is not easy," Hutty says. He notes that the 
public blog of the Internet Governance Forum, an event in Athens, 
Greece, last week was so popular that its servers went down. "That was 
not a DoS attack," Hutty says, "but it looked like one. How is the ISP 
to know that it is not genuine site popularity, rather than some 
nefarious purpose?"

Ollie Whitehouse of antivirus firm Symantec in the UK says criminals 
could begin encrypting their attack commands if ISPs start inspecting 
every packet they handle. "That will make spotting a DoS attack a whole 
lot harder for an ISP," he says. Hutty agrees: "If we try to tell the 
good traffic from the bad, it'll only incentivise the bad guys to make 
it more indistinguishable."

Harnessing deep packet inspection is already a politically charged 
issue. ISPs could use the technique to create a multi-tiered internet, 
offering different download speeds or quality of service to different 
users, and infringing the principle of "net neutrality" (see Who said 
the internet was fair? [1]).


Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods