DOCSLIB.ORG

Chapter 1 Introduction: Botnets in Context 12

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Chapter 1 Introduction: Botnets in Context 12 Botnet Badinage: Regulatory Approaches to Combating Botnets Alana M. Maurushat A thesis submitted in accordance with the requirements for the award of the degree of Doctor of Philosophy, Faculty of Law, University of New South Wales 2011 1 ABSTRACT A botnet is a collection of remotely controlled and compromised computers that are controlled by a bot master. Botnets are the main crime tool used by cybercriminals. To use an analogy, many crimes may be committed with a gun ranging from murder to rape to armed robbery to assault to breaking and entering to theft. Likewise, a botnet may be used in many forms of cybercrime and civil wrong ranging from sending spam, to denial of service attacks, to child pornography distribution, to worm propagation, to click-fraud, to keylogging technology and traffic sniffing which captures passwords and credit card information, and to mass identity theft. Botnets are a major crime tool used on the internet in a similar fashion to how a gun is used on the street. This thesis explores the regulation of botnets and the role that botnets play as a tool to commit many forms of cybercrime. In exploring regulation of botnets, countermeasures against fighting this crime tool will be analysed, and policy options evaluated as to under what circumstances society should prioritise combating botnets at the expense of encroaching on civil liberties, in particular the values of privacy and freedom of expression. This thesis argues that Internet service providers, domain name service providers and self-organised security communities are best positioned to effectively combat botnets. In determining the most effective regulatory measures to combat botnets, this thesis has investigated, and at points discounted, a range of other measures such as data breach notification, Sarbanes-Oxley, banking law, user education and training, non-criminal legal remedies, the range of technologies that botnets utilise, economic models to disrupt profitability, national and international criminal law, and technologies non-essential to botnets. This thesis is the result of inter-disciplinary research on botnets, combining insights from the disciplines of computer security, information systems, risk management, economics, regulation and law. Based on this inter-disciplinary research, the thesis demonstrates how cybercrime laws both at the national and international levels are rendered impotent through modern obfuscation crime tools. Reforms to the law are necessary to offer security research exemptions, remote search and seizure by law enforcement and the introduction of unwanted software legislation. At the same time, more safeguards to preserve civil liberties must also be built into Australian regulatory practice. In the course of examining the most effective ways to regulate botnets, the thesis also provides a case study demonstrating weaknesses in Lessig’s Internet regulatory theory. Internet regulatory theories have generally placed emphasis on civil liberties and the struggles between users and governments over control of the regulation of the Internet. These theories, however, ignored the complex issues that cybercrime would bring into the discussion. The regulation of botnets is used to evaluate the utility of Lawrence Lessig’s theory of Internet regulation through four modalities (market, norms, law and code). It is argued that the levels and types of cybercrime which have occurred in the last decade and in the decades to come were not anticipated by these theories and poses new theoretical issues. This thesis will demonstrate 2 that effective botnet regulation will involve some use of illegal means, and inevitably will challenge not only the mindset that the law plays an authoritative role in regulation, but also Lessig’s theory that market, code, and norms are the only significant forms of regulation. Changes or developments of Lessig’s model are required. For example, many of the actions by self-organised security groups to combat botnets may be conceived as effective and moral though, as will be demonstrated, clearly illegal. The work of self-help remedies by these groups does not fit well with Lessig’s theory. Self-organised security communities do not fall within any of Lessig’s modalities and yet, the efforts of such groups are the most important countermeasures in combating botnets, and possibly in combating many forms of cybercrime. 3 ACKNOWLEDGEMENTS I would like to thank my husband, Michael, as well as my parents, Don and Denise, for the sacrifices made and support given to allow me to finish the PhD. As with any PhD there were many obstacles and challenges along the way. I cannot thank enough my supervisors, Graham Greenleaf and Roger Clarke, for their excellent guidance, patience and diligence throughout this process. I am truly grateful to you both. I am indebted to the Faculty of Law and the Graduate Research School at the University of New South Wales for their financial support in the form of scholarships, a submission extension, travel grants, and for all of the advice both professional and personal from members of the Faculty of Law. There are two colleagues at UNSW whom I would like to expressly recognise for their generosity and support: David Vaile and Lyria Bennet-Moses. I would equally like to express my gratitude to my former colleagues from both the University of Hong Kong, Andy Halkyard and Roda Mushkat, and at the University of Ottawa, Daniel Gervais, Ian Kerr , Michael Geist and Greg Hagen. I would also like to recognize the interns whom I have worked with at the Cyberspace Law and Policy Centre for their wit, intellect, diligence, insight and hard work. In particular, I wish to thank Renee Watt, Pauline Rappaport, Adam Arnold, Lauren Loz, Jo Brick, Sarah Lux, Michael Whitbread, Eugenie Kyung-Eun Hwang, Nathalie Pala, David Chau, Pata Gogal and Samuel Sathiakumar. There are several friends whom I wish to thank for their willingness to help out in any way needed including final edits: Jill Matthews, Alex Colangelo, and Keiran Hardy. Lastly, I am wrapping my children, Saskia and Alexandre, up in a bundle of warm hugs and kisses. They inspire me more than words could possibly express and make me a better person. My thesis is dedicated to them. 4 TABLE OF CONTENTS FIGURES AND TABLES 6 ABBREVIATIONS 7 PUBLICATIONS ARISING FROM THIS THESIS 10 CHAPTER 1 INTRODUCTION: BOTNETS IN CONTEXT 12 CHAPTER 2 INTERNET REGULATORY THEORY AND BOTNETS 53 CHAPTER 3 BOTNETS 77 CHAPTER 4 THE AUSTRALIAN CRIMINAL LAW LANDSCAPE FOR BOTNET-RELATED PROSECUTIONS 117 CHAPTER 5 THE INTERNATIONAL CRIMINAL LEGAL FRAMEWORK 158 CHAPTER 6 CHALLENGES IN THE INVESTIGATION AND PROSECUTION OF BOTNET MASTERS 185 CHAPTER 7 THE ROLE OF INTERNET SERVICE PROVIDERS AND DOMAIN NAME SERVICE PROVIDERS IN COMBATTING BOTNETS 211 CHAPTER 8 SELF-ORGANISED SECURITY COMMUNITIES 267 CHAPTER 9 CONCLUSIONS: REGULATING BOTNETS, REVISING LESSIG 305 APPENDIXES 322 BIBLIOGRAPHY 357 5 FIGURES AND TABLES Figure 1(A) U.S. Cert Internet Security Categories Figure 1(B) Bot Propagation Trends (2006 to 2009) Figure 1(C) ShadowServer 2 Year Botnet Status Figure 1(D) Denial of Service Attack as Commercial Service Figure 2(A) Regulation as the Function of Four Modalities Figure 2(B) Modalities Influencing Other Modalities Figure 3(A) Steps in Procuring and Using a Botnet Figure 3(B) Wayback Machine Screen Shot of www.dollarrevenue.com ‘Home Page’ as it Stood on Nov. 9, 2006 Figure 3(C) Key ‘Content from ‘Affiliate Agreement’ Tab from Wayback Machine: Query ‘www.dollarrevenue.com’ Nov. 9, 2006 Figure 3(D) Botnet Countermeasures Figure 4(A): Table Outlining Pre-Botnet and Post-Botnet Offences Figure 4(B) Executable Code in Chatroom Triggering Bot Figure 5(A) Comparison between Substantive Provisions in the Convention and Provisions in the Criminal Code Figure 6(A) Content Warrant Framework in Australia Figure 9(A) Lessig’s Four Modalities Figure 9(B) Self-Help Modality 6 ABBREVIATIONS ACCC Australian Competition and Consumer Commission ACMA Australian Communications and Media Authority AIC Australian Institute of Criminology AISI Australian Internet Security Initiative APEC Asia-Pacific Economic Cooperation ARPA Advanced Research Projects Agency ATC Australian Trade Commission AUSD Australian Dollars AUSTRAC Australian Transaction Reports and Analysis Centre BSA Broadcasting Services Act ccTLD Country Code Top Level Domain CHR Chatham House Rules CC Criminal Code CCA Competition and Consumer Act CCTV Closed Circuit Television CRTC Canadian Radio and Telecommunications Commission DBN Data Breach Notification DNS Domain Name System DNSSEC Domain Name System Security Extensions DOS Denial of Service Attack DDOS Distributed Denial of Service Attack DDP Días de Pesadilla DPI Deep Packet Inspection DR DollarRevenue 7 EFT Electronic Funds Transfer (Code) FCC Federal Communications Commission FQDN Fully Qualified Domain Name FTA Fair Trading Act gTLD General Top Level Domain HTML Hypertext Markup Language HTTP Hyptertext Transfer Protocol HTTP2P Hypertext Transfer Peer to Peer Protocol IIA (Australian) Internet Industry Association ICANN Internet Corporation for Assigned Names and Numbers IETF Internet Engineering Task Force IP Internet Protocol IRC Internet Relay Chat ISO International Standards Organisation ISP Internet Service Provider ITU International Telecommunications Union MCC Model Criminal Code NCFTA National Cyber-Forensics Training Alliance NPP National Privacy Principles NSW New South Wales OECD Organisation for Economic Cooperation and Development OPC Office
Load more

Recommended publications
  • Statistical Structures: Fingerprinting Malware for Classification and Analysis
    Statistical Structures: Fingerprinting Malware for Classification and Analysis Daniel Bilar Wellesley College (Wellesley, MA) Colby College (Waterville, ME) bilar <at> alum dot dartmouth dot org Why Structural Fingerprinting? Goal: Identifying and classifying malware Problem: For any single fingerprint, balance between over-fitting (type II error) and under- fitting (type I error) hard to achieve Approach: View binaries simultaneously from different structural perspectives and perform statistical analysis on these ‘structural fingerprints’ Different Perspectives Idea: Multiple perspectives may increase likelihood of correct identification and classification Structural Description Statistical static / Perspective Fingerprint dynamic? Assembly Count different Opcode Primarily instruction instructions frequency static distribution Win 32 API Observe API calls API call vector Primarily call made dynamic System Explore graph- Graph structural Primarily Dependence modeled control and properties static Graph data dependencies Fingerprint: Opcode frequency distribution Synopsis: Statically disassemble the binary, tabulate the opcode frequencies and construct a statistical fingerprint with a subset of said opcodes. Goal: Compare opcode fingerprint across non- malicious software and malware classes for quick identification and classification purposes. Main result: ‘Rare’ opcodes explain more data variation then common ones Goodware: Opcode Distribution 1, 2 ---------.exe Procedure: -------.exe 1. Inventoried PEs (EXE, DLL, ---------.exe etc) on XP box with Advanced Disk Catalog 2. Chose random EXE samples size: 122880 with MS Excel and Index totalopcodes: 10680 3, 4 your Files compiler: MS Visual C++ 6.0 3. Ran IDA with modified class: utility (process) InstructionCounter plugin on sample PEs 0001. 002145 20.08% mov 4. Augmented IDA output files 0002. 001859 17.41% push with PEID results (compiler) 0003. 000760 7.12% call and general ‘functionality 0004.
    [Show full text]
  • Digital Investigation and Trojan Defense.Pdf
    Digital Investigation and the Trojan Defense, Revisited Golden G. Richard III Professor of Computer Science and University Research Professor Director, Greater New Orleans Center for Information Assurance (GNOCIA) University of New Orleans GIAC-certified Digital Forensics Investigator Founder, Arcane Alloy, LLC [email protected] / [email protected] / @nolaforensix http://www.cs.uno.edu/~golden 2 Who? Professor of Computer Science and University Research Professor, Director, Greater New Orleans Center for Information Assurance (GNOCIA), University of New Orleans http://www.cs.uno.edu/~golden Digital forensics, OS internals, reverse engineering, offensive computing, pushing students to the brink of destruction, et al. Founder, Arcane Alloy, LLC. http://www.arcanealloy.com Digital forensics, reverse engineering, malware analysis, security research, tool development, training. Co-Founder, Partner / Photographer, High ISO Music, LLC. http://www.highisomusic.com Music. Rock stars. Earplugs. Copyright 2015 by Golden G. Richard III (@nolaforensix) 3 Digital Forensics “Tools and techniques to recover, preserve, and examine digital evidence stored on or transmitted by digital devices.” Computers, PDAs, cellular phones, videogame consoles, digital cameras, copy machines, printers, digital voice recorders… 4 What That Really Means • Data. “You only think it’s gone.” • Sensitive data tenaciously clings to life. • The vast majority of users—and lots of technical people, too— have no idea what’s really stored on their digital devices… • …and no ability to properly “clean up” even if they do suspect what’s there Copyright 2015 by Golden G. Richard III (@nolaforensix) 5 Where’s the Evidence? Files and Filesystem Application Windows Deleted Files metadata metadata registry Print spool Hibernation Temp files Log files files files Browser Network Slack space Swap files caches traces RAM: OS and app data Volatile Evidence structures Copyright 2015 by Golden G.
    [Show full text]
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress
    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
    [Show full text]
  • SEARCH CONTENT File P3 OPTIMISATION Why Aussie Websites Are How Do Aussie Websites Missing Prime Content Fare? P10 Opportunities P9
    Edition 5, Nov 2015 BEHIND THE DOT state of the .au domain ONLINE SUCCESS Our nation’s best websites - 8 common traits p8 zone ahead A comprehensive analysis of the WEBSITE .au zone SEARCH CONTENT file p3 OPTIMISATION Why Aussie websites are How do Aussie websites missing prime content fare? p10 opportunities p9 @AusRegistry_au ausregistry.com.au Behind the Dot - State of the .au Domain is a quarterly magazine presenting .au statistics, expert commentary, analysis, industry related articles and feature stories. Publisher: AusRegistry Editor in Chief: George Pongas Managing Editor: Maggie Whitnall Regular Contributors: Maggie Whitnall, Alison Coffa, Michael Korjen, Adrian Kinderis, George Pongas, Jo Lim Data Analysis: Penelope Green Account Management and Circulation: Courtney Fabian Creative Director: Michelle O’Reilly ____________ Advertising Sales: [email protected] Contents DEPARTMENTS CHARTS & TABLES Under the Microscope ........................................................................1 .au Domains Under Management .......................................................1 An overview of the number of .au domains currently under .au Monthly Creates ............................................................................1 management (open 2LDs), monthly registrations, renewals by age of domain and APTLD statistics. Renewal Rates by Domain Age ...........................................................2 .au Research and Surveys ....................................................................2 Domain Numbers
    [Show full text]
  • EVALUATION of HIDDEN MARKOV MODEL for MALWARE BEHAVIORAL CLASSIFICATION By
    EVALUATION OF HIDDEN MARKOV MODEL FOR MALWARE BEHAVIORAL CLASSIFICATION By Mohammad Imran A research thesis submitted to the Department of Computer Science, Capital University of Science & Technology, Islamabad in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY IN COMPUTER SCIENCE DEPARTMENT OF COMPUTER SCIENCE CAPITAL UNIVERSITY OF SCIENCE & TECHNOLOGY ISLAMABAD October 2016 Copyright© 2016 by Mr. Mohammad Imran All rights reserved. No part of the material protected by this copyright notice may be reproduced or utilized in any form or any means, electronic or mechanical, including photocopying, recording or by any information storage and retrieval system, without the permission from the author. To my parents and family Contents List of Figures iv List of Tablesv Abbreviations vi Publications vii Acknowledgements viii Abstractx 1 Introduction1 1.1 What is malware?............................1 1.2 Types of malware............................3 1.2.1 Virus...............................3 1.2.2 Worm..............................3 1.2.3 Trojan horse...........................3 1.2.4 Rootkit.............................4 1.2.5 Spyware.............................4 1.2.6 Adware.............................4 1.2.7 Bot................................4 1.3 Malware attack vectors.........................5 1.3.1 Use of vulnerabilities......................5 1.3.2 Drive-by downloads.......................5 1.3.3 Social engineering........................5 1.4 Combating malware: Malware analysis................5 1.4.1 Static analysis..........................6 1.4.2 Dynamic analysis........................9 1.4.3 Hybrid analysis......................... 12 1.5 Combating malware: Malware detection and classification...... 12 1.6 Observations from the literature.................... 13 1.7 Problem statement........................... 15 1.8 Motivation................................ 15 1.8.1 Why malware analysis?..................... 16 1.8.2 Why Hidden Markov Model?................
    [Show full text]
  • Analysis of Malware and Domain Name System Traffic
    Analysis of Malware and Domain Name System Traffic Hamad Mohammed Binsalleeh A Thesis in The Department of Computer Science and Software Engineering Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy at Concordia University Montréal, Québec, Canada July 2014 c Hamad Mohammed Binsalleeh, 2014 CONCORDIA UNIVERSITY Division of Graduate Studies This is to certify that the thesis prepared By: Hamad Mohammed Binsalleeh Entitled: Analysis of Malware and Domain Name System Traffic and submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy complies with the regulations of this University and meets the accepted standards with respect to originality and quality. Signed by the final examining committee: Chair Dr. Christian Moreau External Examiner Dr. Nadia Tawbi Examiner to Program Dr. Lingyu Wang Examiner Dr. Peter Grogono Examiner Dr. Olga Ormandjieva Thesis Co-Supervisor Dr. Mourad Debbabi Thesis Co-Supervisor Dr. Amr Youssef Approved by Chair of the CSE Department 2014 Dean of Engineering ABSTRACT Analysis of Malware and Domain Name System Traffic Hamad Mohammed Binsalleeh Concordia University, 2014 Malicious domains host Command and Control servers that are used to instruct in- fected machines to perpetuate malicious activities such as sending spam, stealing creden- tials, and launching denial of service attacks. Both static and dynamic analysis of malware as well as monitoring Domain Name System (DNS) traffic provide valuable insight into such malicious activities and help security experts detect and protect against many cyber attacks. Advanced crimeware toolkits were responsible for many recent cyber attacks. In order to understand the inner workings of such toolkits, we present a detailed reverse en- gineering analysis of the Zeus crimeware toolkit to unveil its underlying architecture and enable its mitigation.
    [Show full text]
  • A Case Study in DNS Poisoning
    A wrinkle in time: A case study in DNS poisoning Harel Berger Amit Z. Dvir Moti Geva Abstract—The Domain Name System (DNS) provides a trans- lation between readable domain names and IP addresses. The DNS is a key infrastructure component of the Internet and a prime target for a variety of attacks. One of the most significant threat to the DNS’s wellbeing is a DNS poisoning attack, in which the DNS responses are maliciously replaced, or poisoned, by an attacker. To identify this kind of attack, we start by an analysis of different kinds of response times. We present an analysis of typical and atypical response times, while differentiating between the different levels of DNS servers’ response times, from root servers down to internal caching servers. We successfully identify empirical DNS poisoning attacks based on a novel method for DNS response timing analysis. We then present a system we developed to validate our technique that does not require any changes to the DNS protocol or any existing network equipment. Our validation system tested data from different architectures including LAN and cloud environments and real data from an Internet Service Provider (ISP). Our method and system differ from most other DNS poisoning detection methods and achieved high detection rates exceeding 99%. These findings suggest that when used in conjunction with other methods, they can considerably enhance the accuracy of these methods. I. INTRODUCTION Fig. 1. DNS hierarchy example The Domain Name System (DNS) [1], [2] is one of the best known protocols in the Internet. Its main function is to trans- late human-readable domain names into their corresponding following steps.
    [Show full text]
  • Exploring Corporate Decision Makers' Attitudes Towards Active Cyber
    Protecting the Information Society: Exploring Corporate Decision Makers’ Attitudes towards Active Cyber Defence as an Online Deterrence Option by Patrick Neal A Dissertation Submitted to the College of Interdisciplinary Studies in Partial Fulfilment of the Requirements for the Degree of DOCTOR OF SOCIAL SCIENCES Royal Roads University Victoria, British Columbia, Canada Supervisor: Dr. Bernard Schissel February, 2019 Patrick Neal, 2019 COMMITTEE APPROVAL The members of Patrick Neal’s Dissertation Committee certify that they have read the dissertation titled Protecting the Information Society: Exploring Corporate Decision Makers’ Attitudes towards Active Cyber Defence as an Online Deterrence Option and recommend that it be accepted as fulfilling the dissertation requirements for the Degree of Doctor of Social Sciences: Dr. Bernard Schissel [signature on file] Dr. Joe Ilsever [signature on file] Ms. Bessie Pang [signature on file] Final approval and acceptance of this dissertation is contingent upon the candidate’s submission of the final copy of the dissertation to Royal Roads University. The dissertation supervisor confirms to have read this dissertation and recommends that it be accepted as fulfilling the dissertation requirements: Dr. Bernard Schissel[signature on file] Creative Commons Statement This work is licensed under the Creative Commons Attribution-NonCommercial- ShareAlike 2.5 Canada License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.5/ca/ . Some material in this work is not being made available under the terms of this licence: • Third-Party material that is being used under fair dealing or with permission. • Any photographs where individuals are easily identifiable. Contents Creative Commons Statement............................................................................................
    [Show full text]
  • Chapter 7: Protecting the Integrity of the Internet
    7 Protecting the Integrity of the Internet Introduction 7.1 This chapter discusses current and future initiatives for promoting a more secure Internet environment. In particular, it considers the role of the Australian Communications and Media Authority (ACMA), Internet Service Providers (ISPs), and Domain Name Registrars and Resellers in promoting greater resilience within the Australian Internet networks. 7.2 The chapter focuses on six key issues: the effectiveness of the Australian Internet Security Initiative (AISI) to detect and drive the remediation of bots; the role of ISPs in the AISI and the proposed Internet industry e- security code of practice; remediation of infected computers; ACMA‟s capacity to respond to the threat of compromised websites; ACMA‟s spam reporting initiative and the role of ISPs under the Spam Code of Practice; and e-security and the Domain Name Registration System. Australian Internet Security Initiative 7.3 The ACMA is a statutory authority within the Australian Government portfolio of Broadband, Communications and the Digital Economy. The 128 HACKERS, FRAUDSTERS AND BOTNETS: TACKLING THE PROBLEM OF CYBER CRIME ACMA is responsible for regulating broadcasting, the Internet, radio communications and telecommunications.1 7.4 The ACMA developed the AISI in 2005. The AISI identifies computers operating on the Australian Internet that have been infected by malware and are able to be controlled for illegal activities.2 The Committee was told that AISI has been progressively expanded over time and has attracted international interest.3 7.5 As noted previously in this report, 99 per cent of spam is sent from botnets.4 Spam email is one of the primary vectors of malware and the dissemination of scams and phishing attacks on end users.
    [Show full text]
  • The Next Digital Decade Essays on the Future of the Internet
    THE NEXT DIGITAL DECADE ESSAYS ON THE FUTURE OF THE INTERNET Edited by Berin Szoka & Adam Marcus THE NEXT DIGITAL DECADE ESSAYS ON THE FUTURE OF THE INTERNET Edited by Berin Szoka & Adam Marcus NextDigitalDecade.com TechFreedom techfreedom.org Washington, D.C. This work was published by TechFreedom (TechFreedom.org), a non-profit public policy think tank based in Washington, D.C. TechFreedom’s mission is to unleash the progress of technology that improves the human condition and expands individual capacity to choose. We gratefully acknowledge the generous and unconditional support for this project provided by VeriSign, Inc. More information about this book is available at NextDigitalDecade.com ISBN 978-1-4357-6786-7 © 2010 by TechFreedom, Washington, D.C. This work is licensed under the Creative Commons Attribution- NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Cover Designed by Jeff Fielding. THE NEXT DIGITAL DECADE: ESSAYS ON THE FUTURE OF THE INTERNET 3 TABLE OF CONTENTS Foreword 7 Berin Szoka 25 Years After .COM: Ten Questions 9 Berin Szoka Contributors 29 Part I: The Big Picture & New Frameworks CHAPTER 1: The Internet’s Impact on Culture & Society: Good or Bad? 49 Why We Must Resist the Temptation of Web 2.0 51 Andrew Keen The Case for Internet Optimism, Part 1: Saving the Net from Its Detractors 57 Adam Thierer CHAPTER 2: Is the Generative
    [Show full text]
  • GQ: Practical Containment for Measuring Modern Malware Systems
    GQ: Practical Containment for Measuring Modern Malware Systems Christian Kreibich Nicholas Weaver Chris Kanich ICSI & UC Berkeley ICSI & UC Berkeley UC San Diego [email protected] [email protected] [email protected] Weidong Cui Vern Paxson Microsoft Research ICSI & UC Berkeley [email protected] [email protected] Abstract their behavior, sometimes only for seconds at a time (e.g., to un- Measurement and analysis of modern malware systems such as bot- derstand the bootstrapping behavior of a binary, perhaps in tandem nets relies crucially on execution of specimens in a setting that en- with static analysis), but potentially also for weeks on end (e.g., to ables them to communicate with other systems across the Internet. conduct long-term botnet measurement via “infiltration” [13]). Ethical, legal, and technical constraints however demand contain- This need to execute malware samples in a laboratory setting ex- ment of resulting network activity in order to prevent the malware poses a dilemma. On the one hand, unconstrained execution of the from harming others while still ensuring that it exhibits its inher- malware under study will likely enable it to operate fully as in- ent behavior. Current best practices in this space are sorely lack- tended, including embarking on a large array of possible malicious ing: measurement researchers often treat containment superficially, activities, such as pumping out spam, contributing to denial-of- sometimes ignoring it altogether. In this paper we present GQ, service floods, conducting click fraud, or obscuring other attacks a malware execution “farm” that uses explicit containment prim- by proxying malicious traffic.
    [Show full text]
  • Protecting Europe Against Large-Scale Cyber-Attacks
    HOUSE OF LORDS European Union Committee 5th Report of Session 2009–10 Protecting Europe against large-scale cyber-attacks Report with Evidence Ordered to be printed 9 March 2010 and published 18 March 2010 Published by the Authority of the House of Lords London : The Stationery Office Limited £price HL Paper 68 The European Union Committee The European Union Committee of the House of Lords considers EU documents and other matters relating to the EU in advance of decisions being taken on them in Brussels. It does this in order to influence the Government’s position in negotiations, and to hold them to account for their actions at EU level. The Government are required to deposit EU documents in Parliament, and to produce within two weeks an Explanatory Memorandum setting out the implications for the UK. The Committee examines these documents, and ‘holds under scrutiny’ any about which it has concerns, entering into correspondence with the relevant Minister until satisfied. Letters must be answered within two weeks. Under the ‘scrutiny reserve resolution’, the Government may not agree in the EU Council of Ministers to any proposal still held under scrutiny; reasons must be given for any breach. The Committee also conducts inquiries and makes reports. The Government are required to respond in writing to a report’s recommendations within two months of publication. If the report is for debate, then there is a debate in the House of Lords, which a Minister attends and responds to. The Committee has seven Sub-Committees which are: Economic and
    [Show full text]