by Neil Schwartzman
"If I stay there will be trouble; If I go there will be double." — Joe Strummer (1952-2002)
"We can be heroes, just for one day." – David Bowie (1947- )
Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder.
We all know things are bad on the net, but if you want a dose of stark reality, check out Brian Krebs' fantastic Security Fix blog on the Washington Post site. Written with both technical accuracy and readability for the rest of us, a rare thing indeed, Brian is the current raving-fav among the security set, due to his high profile, and willingness to call a spade a spade.
He has shone the spotlight of national media on some real embarrassments, situations like ICANN dragging their feet regarding the decertification of rogue registrar EstDomains (a service much-favoured by malware authors and spammers), (they are now offline), Atrivo, a California-based ISP which played a pivotal role in sustaining the Storm botnet, (they are now offline) and Krebs played a part in the latest victory for us good guys on the net, noting McColo was a host for botnet command-and-control technologies (yes, they too are now offline!)
So why the ambivalence Neil? Good question! Speaking to an old friend who asked me what I was doing these days, I recently likened the fight against this relentless onslaught to having one's pinky in a dyke, and there are days when I don't even think we have a dyke! We've certainly seen dedicated anti-spam/anti-malware volunteers suffer from burn-out, and drop off, over the years, a loss to all of us as an Internet community.
Running down the Security Fix headlines is an exercise in roller-coaster emotions, or split personality:
Anonymous Domain Sales: A Spammer's Delight – Oh No!
FBI, FTC Take Down Scammers & Spammers – Yay!
One Spammer Jailed, Another Walks – Woo hoo! Er, wait
Security Software Suites No Match for Custom Attacks – Uh-oh!
And, of course, this morning's headline: Internet drug peddlers raided in 9 countries – Yahooooo!
A few months ago I sat in a room in sunny San Diego with 180 law enforcement agents at the Digital Phishnet conference. The keynote speech was by Shawn Henry, the Assistant Director of the U.S. Federal Bureau of Investigations' cyber division.
It was crystal clear from Mr. Henry's remarks that the FBI gets it.
They understand exactly how important the collaborative work of
independent researchers like Joe Stewart, Dan Kaminsky, and Gary Warner
is, in conjunction with industry partners and law enforcement really
is: "The adversary's (work) is a world-wide threat to our economy. We
cannot allow this to happen."
Every one of the cops in that California room spends their days working
on cyber-crime. A mere six years ago when I attended an anti-phishing
event and stressed the infrastructural impact of botnets on the economy
and national security, I was met with blank stares and rolled eyes. We
have taken a quantum leap forward from those days of inaction, but our
politicians and bureaucrats are not moving forward as quickly as they
should be (no surprise there!):
Nevertheless, McColo's disappearance yesterday has had a widely reported and dramatic impact on spam. Check out what Spamcop's weekly report shows!
Every once in a while, amidst the stream of bad news on the net, we as
a community see some major successes, and it heartens us tired old
spamfighters to continue the fight for another day.
What can you do to help the fight? Well go ahead, make my day, please
and undertake these two fixes today. Be a hero, do it now. Call your IT
Department and ask them if they have checked these things out and
patched them as need be, and if they haven't, ask why they haven't.
There truly is no excuse good enough.
Check your DNS server; make sure it isn't operating in recursive mode
If you are running Windows, patch your systems regularly, and make sure you have addressed these issues
Come on and let me know, should I cool it or should I blow?