DOCSLIB.ORG

Pirates of the Isps: Tactics for Turning Online Crooks Into International Pariahs

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

21st CENTURY DEFENSE INITIATIVE CyBER SECuRITy #1 July 2011 Pirates of the ISPs: Tactics for Turning Online Crooks Into International Pariahs Noah Shachtman 1775 Massachusetts Ave., NW Washington, D.C. 20036 brookings.edu Pirates of the ISPs: Tactics for Turning Online Crooks Into International Pariahs Noah Shachtman CyberSeCurity #1 July 2011 21st CENTURY DEFENSE INITIATIVE Acknowledgements every research paper is a group effort, no mat- My Wired.com colleagues—ryan Singel, kevin ter what it says on the byline. this project relied Poulsen, kim Zetter and David kravets—cover more on outside assistance than most. brookings the cybersecurity beat better than anyone. this Senior fellows Peter Singer and ken lieberthal paper would have been impossible without them, were the ones who convinced me to explore the and without brian krebs, master investigator of broad topic of cybersecurity. the panel they as- the online underworld. sembled gave me new insight with every meeting; my colleague allan friedman was an especially bill Woodcock, rick Wesson, Jeff Cooper, tyler invaluable tutor and remarkably generous with Moore, audrey Plonk, Jim lewis, Dmitri alpero- his time. heather Messera and robert o’brien vitch, Paul Nicholas, Jessica herrera-flannigan, provided important research and logistical sup- Jart armin, richard bejtlich, Steve Schleien, Jona- port. My research assistant, adam rawnsley, was than Zittrain and many, many others steered me tireless in his exploration of the minutiae of ev- away from my worst ideas and towards those few erything from tort law to pirate havens. not-so-bad ones. for that, i am deeply in their debt. brookings recognizes that the value it provides to any supporter is in its absolute commitment to quality, independence and impact. activities supported by its donors reflect this commitment and the analysis and recommendations are not determined by any donation. 21 st C e n t u ry D e f e n s e I n I t I at I v e • J o h n L. t h o r n to n C h I n a C e n t e r at brookiNgS PirateS of the iSP S: t aC t ic s fo r t u r n I n g o n li n e C ro o ks I n to I n t e r n at I o n a L P a r I a h s ii Table of Contents acknowledgements . iii executive Summary . vii introduction . 1 What is Cybercrime? . .5 both Pirates and Privateers online . .7 “Cyberwar” vs. Cybercrime . 9 a Surprising Partner . 12 Cybercrime first; everything else May follow . 14 Who gets Squeezed? . 17 it is up to the iSPs . 20 a “grand bargain” for Security . 22 one Proposal for Pressuring the Criminal ecosystem . 24 Protecting the Victims . 28 Corporate responsibility . 31 Can insurance Curb Crime? . 35 Criminal enterprises, Civil Strategies . 36 Domain Demands . 39 thirteen Steps . 42 about the author . 44 21 st C e n t u ry D e f e n s e I n I t I at I v e • J o h n L. t h o r n to n C h I n a C e n t e r at brookiNgS PirateS of the iSP S: t aC t ic s fo r t u r n I n g o n li n e C ro o ks I n to I n t e r n at I o n a L P a r I a h s iii Executive Summary t the beginning of the 19th century, piracy as harvard’s tyler Moore and others have sug- Awas an ongoing threat and an accepted gested. after all, the internet is not a network of military tactic. by the end of the century, it was governments; it is mostly an amalgam of busi- taboo, occurring solely off the shores of failed nesses that rely almost exclusively on handshake states and minor powers. the practice of hijack- agreements to carry data from one side of the ing did not vanish entirely, of course; it is flourish- planet to another. the vast majority of the inter- ing now on the world’s computer networks, cost- net’s infrastructure is in the hands of these 5,000 ing companies and consumers countless billions or so internet Service Providers (iSPs) and car- of dollars. rier networks, as is the ability to keep crooks off that infrastructure. if this relatively small group Cybercrime today seems like a nearly insoluble can be persuaded to move against online crimi- problem, much like piracy was centuries ago. nals, it will represent an enormous step towards there are steps, however, that can be taken to turning these crooks into global pariahs. curb cybercrime’s growth—and perhaps begin to marginalize the people behind it. Some of the the most productive thing iSPs can do to curb methods used to sideline piracy provide a useful, crime is put pressure on the companies that sup- if incomplete, template for how to get it done. port and abet these underground enterprises. Shutting down the markets for stolen treasure Currently, registration companies sell criminals cut off the pirates’ financial lifeblood; similar their domain names, like “thief.com.” hosting pushes could be made against the companies firms provide the server space andi nternet Proto- that support online criminals. Piracy was eventu- col addresses needed to make malicious content ally brought to heel when nations took responsi- online accessible. but without iSPs, no business, bility for what went on within its borders. based straight or crooked, gets online. a simple statistic on this precedent, cybercrime will only begin to underscores the iSPs’ role as a critical intermedi- be curbed when greater authority—and account- ary: just 10 iSPs account for around 30 percent ability—is exercised over the networks that form of all the spam-spewing machines on the planet. the sea on which these modern pirates sail. iSPs are well aware of which hosting companies, in this new campaign, however, private companies, for example, are the most friendly to criminals; not governments, will have to play the central role, lists of these firms are published constantly. but, 21 st C e n t u ry D e f e n s e I n I t I at I v e • J o h n L. t h o r n to n C h I n a C e n t e r at brookiNgS PirateS of the iSP S: t aC t ic s fo r t u r n I n g o n li n e C ro o ks I n to I n t e r n at I o n a L P a r I a h s iv currently, iSPs have little motivation to cut these government can alter that equation by expand- criminal havens off from the rest of the internet. ing the requirements to report data breaches. it there is no penalty for allowing illicit traffic to could require its contractors to purchase network transit over their networks. if anything, there is a security insurance, forcing companies to take strong incentive for maintaining business-as-usu- these breaches more seriously. and it can pour al: the hosting company that caters to crooks also new resources into and craft new strategies for has legitimate customers, and both pay for inter- disrupting criminals’ support networks. net access. So iSPs often turn a blind eye, even though the worst criminal havens are well-known. these steps will serve as important signals that america will no longer tolerate thieves and con that is where government could help. it could artists operating on its networks. after all, 20 of introduce new mechanisms to hold hosting com- the 50 most crime-friendly hosts in the world are panies liable for the damage done by their crimi- american, according to the security researchers nal clientele. it could allow iSPs to be held liable at hostexploit. for their criminal hosts. it could encourage and as the united States gets serious in curbing these regulate iSPs to share more information on the criminals, it can ask more from—and work more threats they find. closely with—other countries. China, for instance, sees itself as the world’s biggest victim of cyber- government could also encourage more private crime, even as it remains a hotbed for illicit activ- businesses to come clean when they are victim- ity. Not coincidentally, China is also only partially ized. today, just three in ten organizations sur- connected to the global community of iSPs. Dia- veyed by the security firm Mcafee report all of logues to bring the Chinese closer into the fold their data breaches. that not only obscures the will not only make it easier to marginalize cyber- true scope of cybercrime; it prevents criminals criminals; it will build momentum for broader ne- and criminal trends from being caught earlier. gotiations on all sorts of internet security issues. 21 st C e n t u ry D e f e n s e I n I t I at I v e • J o h n L. t h o r n to n C h I n a C e n t e r at brookiNgS PirateS of the iSP S: t aC t ic s fo r t u r n I n g o n li n e C ro o ks I n to I n t e r n at I o n a L P a r I a h s v Introduction n May 22, 2009, nine pirates armed with rock- Convention on the law of the Sea, “every State” Oet-propelled grenades began to chase the is authorized to “seize a pirate ship… arrest the cargo ship Maersk Virginia as it steamed through persons and seize the property on board.”3 Pi- the gulf of aden.
Recommended publications
  • ASEC REPORT Malicious Code Trend 5 6 Vol.17 Security Trend Web Security Trend

    ASEC REPORT Malicious Code Trend 5 6 Vol.17 Security Trend Web Security Trend

    Disclosure to or reproduction for others without the specific written authorization of AhnLab is prohibited. ASEC Copyright (c) AhnLab, Inc. All rights reserved. REPORT VOL.17 | 2011.6 AhnLab Monthly Security Report AhnLab ASEC (AhnLab Security Emergency Response Center) is a Security global security response group consisting of virus analysts and CONTENTS Emergency security experts. This monthly report is published by ASEC, response and it focuses on the most significant security threats and the latest security technologies to guard against these threats. For 01. Malicious Code Trend 02. Security Trend Center further information about this report, please refer to AhnLab, a. Malicious Code Statistics 05 a. Security Statistics 14 Inc.’s homepage (www.ahnlab.com). - Top 20 Malicious Code Reports - Microsoft Security Updates- May 2011 - Top 20 Malicious Code Variant Reports b. Malicious Code Issues 16 - Breakdown of Primary Malicious Code Types - Comparison of Malicious Codes with - Zeus Source Code Leaked and Spyeye Trend Previous Month - Coreflood, a Banking Trojan - Monthly Malicious Code Reports - Online Banking Hacking Scam - Top 20 New Malicious Code Reports - Breakdown of New Malicious Code Types 03. Web Security Trend b. Malicious Code Issues 10 a. Web Security Statistics 17 - 'Dislike' Button Scam - Web Security Summary - AntiVirus AntiSpyware 2011 Scam - Monthly Blocked Malicious URLs - Scam Emails From Bobijou Inc. - Monthly Reported Types of Malicious Code - Spam Promising Nude Photo Spreads Malware - Monthly Domains with Malicious Code - Osama Bin Laden Themed Malware - Monthly URLs with Malicious Code - Distribution of Malicious Codes by Type - Top 10 Distributed Malicious Codes b. Web Security Issues 20 - May 2011 Malicious Code Intrusion: Website ASEC REPORT Malicious Code Trend 5 6 Vol.17 Security Trend Web Security Trend 01.
  • Homeland Threats and Agency Responses”

    Homeland Threats and Agency Responses”

    STATEMENT OF ROBERT S. MUELLER, III DIRECTOR FEDERAL BUREAU OF INVESTIGATION BEFORE THE COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE AT A HEARING ENTITLED “HOMELAND THREATS AND AGENCY RESPONSES” PRESENTED SEPTEMBER 19, 2012 Statement of Robert S. Mueller, III Director Federal Bureau of Investigation Before the Committee on Homeland Security and Governmental Affairs United States Senate At a Hearing Entitled “Homeland Threats and Agency Responses” Presented September 19, 2012 Good morning, Chairman Lieberman, Ranking Member Collins, and Members of the Committee. Thank you for the opportunity to appear before the Committee today and for your continued support of the men and women of the FBI. As you know, the Bureau has undergone unprecedented transformation in recent years. Since the attacks of September 11th, we have refocused our efforts to address and prevent emerging terrorist threats. The terrorist threat is more diverse than it was 11 years ago, but today, we in the FBI are better prepared to meet that threat. We also face increasingly complex threats to our nation’s cyber security. Nation-state actors, sophisticated organized crime groups, and hackers for hire are stealing trade secrets and valuable research from America’s companies, universities, and government agencies. Cyber threats also pose a significant risk to our nation’s critical infrastructure. As these threats continue to evolve, so too must the FBI change to counter those threats. We must continue to build partnerships with our law enforcement and private sector partners, as well as the communities we serve. Above all, we must remain firmly committed to carrying out our mission while protecting the civil rights and civil liberties of the people we serve.
  • Speaker Bios

    Speaker Bios

    Quad9 public domain name service moves to Switzerland for maximum internet privacy protection Press conference, February17 2021 Short bios of speakers Bill Woodcock Chairman of the Quad9 Foundation Council Bill is the executive director of Packet Clearing House, the international non- governmental organization that builds and supports critical Internet infrastructure, including Internet exchange points and the core of the domain name system. Since entering the Internet industry in 1985, Bill has helped establish more than three hundred Internet exchange points. In 1989, Bill developed the anycast routing technique that now protects the domain name system. Bill serves on the board of directors of the M3AA Foundation, and was on the board of the American Registry for Internet Numbers for fifteen years. Now, Bill’s work focuses principally on the security and economic stability of critical Internet infrastructure. [email protected] John Todd General Manager, Quad9 John Todd has been involved with the Quad9 project since inception in 2016, and has been working with DNS since 1989. His background in ISP, server hosting, satellite- based data systems, VoIP, and other large-scale network infrastructure have constantly incorporated the DNS as an underlying technology that forms the basis of his experience. [email protected] Version: February 17, 2021 1/2 Tom Kleiber Managing Director, SWITCH Tom Kleiber has been Managing Director of SWITCH since 1 January 2021. Previously, he held various leadership positions in large and medium-sized corporations. For example, as CEO of the ICT services provider connectis AG with 350 employees, at Siemens, Alcatel and as a member of the Management Board of Microsoft Switzerland.
  • Nber Working Paper Series the Impact of the General

    Nber Working Paper Series the Impact of the General

    NBER WORKING PAPER SERIES THE IMPACT OF THE GENERAL DATA PROTECTION REGULATION ON INTERNET INTERCONNECTION Ran Zhuo Bradley Huffaker kc claffy Shane Greenstein Working Paper 26481 http://www.nber.org/papers/w26481 NATIONAL BUREAU OF ECONOMIC RESEARCH 1050 Massachusetts Avenue Cambridge, MA 02138 November 2019 The authors are grateful to the Doctoral Office at Harvard Business School for financial support for field work. This research is partially supported by NSF OAC-1724853, NSF C-ACCEL OIA-1937165, U.S. AFRL FA8750-18-2-0049. The views and conclusions do not necessarily represent those of the Air Force Research Laboratory, the U.S. Government, or the National Bureau of Economic Research. NBER working papers are circulated for discussion and comment purposes. They have not been peer-reviewed or been subject to the review by the NBER Board of Directors that accompanies official NBER publications. © 2019 by Ran Zhuo, Bradley Huffaker, kc claffy, and Shane Greenstein. All rights reserved. Short sections of text, not to exceed two paragraphs, may be quoted without explicit permission provided that full credit, including © notice, is given to the source. The Impact of the General Data Protection Regulation on Internet Interconnection Ran Zhuo, Bradley Huffaker, kc claffy, and Shane Greenstein NBER Working Paper No. 26481 November 2019 JEL No. L00,L51,L86 ABSTRACT The Internet comprises thousands of independently operated networks, where bilaterally negotiated interconnection agreements determine the flow of data between networks. The European Union’s General Data Protection Regulation (GDPR) imposes strict restrictions on processing and sharing of personal data of EU residents. Both contemporary news reports and simple bilateral bargaining theory predict reduction in data usage at the application layer would negatively impact incentives for negotiating interconnection agreements at the internet layer due to reduced bargaining power of European networks and increased bargaining frictions.
  • Legal Considerations

    Legal Considerations

    © 2010 Cooperative Cyber Defence Centre of Excellence (CCD COE) Contact: Cooperative Cyber Defence Centre of Excellence (CCD COE) 12 Filtri Rd. 10132 Tallinn, Estonia [email protected] www.ccdcoe.org All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of CCD COE. The views, opinions, and/or findings and recommendations contained in this analysis are those of the authors and should not be construed as an official position, policy, or decision of NATO or any NATO entity. Layout, design and illustrations: Marko Söönurm ISBN: 978-9949-9040-0-6 INTERNATIONAL CYBER INCIDENTS: LEGAL CONSIDERATIONS Eneken Tikk Kadri Kaska Liis Vihul 2010 4 Contents PREFACE ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������6 INTRODUCTION TO CASE STUDIES..........................................................................................................................................................................................10 ESTONIA 2007 ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������14
  • Forensics 2Ème Partie

    Forensics 2Ème Partie

    actu l’ACTUSÉCU est un magazine numérique rédigé et éditésécu par les consultants du cabinet de conseil XMCO 34MAI 2013 SPÉCIAL INVESTIGATIONS Forensics 2ème partie Investigations Forensics Les étapes et réflexes essentiels pour la réalisation d’une mission forensics. APT1 Résumé et analyse de l’étude menée par Mandiant. Conférences BlackHat, JSSI et HITB. Actualité du moment Analyses du malware Dervec, de la vulnérabilité Java (CVE-2013-0422) et des at- - taques 0day ciblant ColdFusion. buildscharac Et toujours… les logiciels et nos Twitter favoris ! 1 Ce document est la propriété du cabinet XMCO. Toute reproduction est strictement interdite. ® we deliver security expertise www.xmco.fr 2 Ce document est la propriété du cabinet XMCO. Toute reproduction est strictement interdite. édito MAI 2013 [ 45 millions de dollars.... 5 millions chacun ] Ils sont neuf. Ils ont agi dans 27 pays et sont allés jusqu’à retirer 2,4 millions dans des distributeurs automatiques de billets : plus de 40 000 retraits en espèces !!! Bref, un job à plein temps, particulièrement bien rémunéré, mais qui comporte quand même quelques risques... Voici, en synthèse, la news qui est tombée le 10 mai 2013. Comment ne pas la reprendre dans le deuxième numéro de l’ActuSécu consacré au Forensic ? Attention, n’y voyez aucune espèce d’opération marketing conjointe : nous n’avons pas mandaté ces cybercriminels pour promouvoir l’activité de recherche de preuve ! Plusieurs anomalies, dont cette phrase, se trouvent dans cet édito. J’ai fait cela parce que personne ne fait jamais aucun retour sur mon unique contribution à notre magazine. Mais il faut bien admettre que cette information vient confirmer un phénomène de plus en plus constaté : la reconversion d’une partie de la criminalité vers la cybercriminalité.
  • An Interdisciplinary Introduction

    An Interdisciplinary Introduction

    Index # See OMB and, 82, 83–84 2-factor authentication, 57, 295, 296 Paperwork Reduction Act, 82 9/11/2001. September 11, 2001 supply chain security, 166, 170 60-Day Cyberspace Policy Review, 100–101, 130, 259 active responses to threats, 207–208, 237–238 256-bit encryption, 193 acts of law, 263 300A and 300B reports, 170 actual cost (AC), 152–154, 156, 299–300, 302 414s (hackers), 6 ACWP (actual cost of work performed), 152 1930s IT infrastructure, 185 “adequate security,” 171 1940s IT infrastructure, 75 Administrative Procedure Act (APA), 266 1950s IT infrastructure, 75–76, 185¬ advanced notices of proposed rulemaking (ANPR), 260, 1960s cybersecurity issues, 4, 76–77, 95 266 1970s cybersecurity issues, 5, 179 advanced persistent threats (APTs), 203–204, 276,- 277 1980s cybersecurity issues, 4–9, 77–81, 82, 185 Advanced Research Projects Agency (ARPA), 4 1990s cybersecurity issues, 9, 81–90, 223–225, 276 Advanced Research Projects Agency Network (AR 2000s cybersecurity issues, 9, 89, 90–101, 220, 276 agenciesPANET), 4, 179 A2010s cybersecurity issues, 10, 101–104, 221–222, 276 African Network Information Centre (AfriNIC), 278 A circulars. See under civilian.audits, 241 See civilian agencies OMB budgets, 260 AC (actual cost), 152–154, 156, 299–300, 302 acceptable levels of risk, 36 classified/unclassified protective markings, 79 acceptable quality level (AQL), 145 compliance standards, 168–169 accepting risks, 16, 20, 22, 60–61 creation of, 266 access codes, 236 cybersecurity policy role, 69–70 access points, 233, 258 Federal Register rules publication, 260 accessibility of systems intelligence.FISMA requirements, See intelligence 97–98, agencies 171 corporate systems, 233 impact on projects, 123 health care systems, 224 military.
  • Cyber Law and Espionage Law As Communicating Vessels

    Cyber Law and Espionage Law As Communicating Vessels

    Maurer School of Law: Indiana University Digital Repository @ Maurer Law Books & Book Chapters by Maurer Faculty Faculty Scholarship 2018 Cyber Law and Espionage Law as Communicating Vessels Asaf Lubin Maurer School of Law - Indiana University, [email protected] Follow this and additional works at: https://www.repository.law.indiana.edu/facbooks Part of the Information Security Commons, International Law Commons, Internet Law Commons, and the Science and Technology Law Commons Recommended Citation Lubin, Asaf, "Cyber Law and Espionage Law as Communicating Vessels" (2018). Books & Book Chapters by Maurer Faculty. 220. https://www.repository.law.indiana.edu/facbooks/220 This Book is brought to you for free and open access by the Faculty Scholarship at Digital Repository @ Maurer Law. It has been accepted for inclusion in Books & Book Chapters by Maurer Faculty by an authorized administrator of Digital Repository @ Maurer Law. For more information, please contact [email protected]. 2018 10th International Conference on Cyber Conflict CyCon X: Maximising Effects T. Minárik, R. Jakschis, L. Lindström (Eds.) 30 May - 01 June 2018, Tallinn, Estonia 2018 10TH INTERNATIONAL CONFERENCE ON CYBER CONFLicT CYCON X: MAXIMISING EFFECTS Copyright © 2018 by NATO CCD COE Publications. All rights reserved. IEEE Catalog Number: CFP1826N-PRT ISBN (print): 978-9949-9904-2-9 ISBN (pdf): 978-9949-9904-3-6 COPYRigHT AND REPRINT PERmissiONS No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]).
  • What Killed Australian Cinema & Why Is the Bloody Corpse Still Moving?

    What Killed Australian Cinema & Why Is the Bloody Corpse Still Moving?

    What Killed Australian Cinema & Why is the Bloody Corpse Still Moving? A Thesis Submitted By Jacob Zvi for the Degree of Doctor of Philosophy at the Faculty of Health, Arts & Design, Swinburne University of Technology, Melbourne © Jacob Zvi 2019 Swinburne University of Technology All rights reserved. This thesis may not be reproduced in whole or in part, by photocopy or other means, without the permission of the author. II Abstract In 2004, annual Australian viewership of Australian cinema, regularly averaging below 5%, reached an all-time low of 1.3%. Considering Australia ranks among the top nations in both screens and cinema attendance per capita, and that Australians’ biggest cultural consumption is screen products and multi-media equipment, suggests that Australians love cinema, but refrain from watching their own. Why? During its golden period, 1970-1988, Australian cinema was operating under combined private and government investment, and responsible for critical and commercial successes. However, over the past thirty years, 1988-2018, due to the detrimental role of government film agencies played in binding Australian cinema to government funding, Australian films are perceived as under-developed, low budget, and depressing. Out of hundreds of films produced, and investment of billions of dollars, only a dozen managed to recoup their budget. The thesis demonstrates how ‘Australian national cinema’ discourse helped funding bodies consolidate their power. Australian filmmaking is defined by three ongoing and unresolved frictions: one external and two internal. Friction I debates Australian cinema vs. Australian audience, rejecting Australian cinema’s output, resulting in Frictions II and III, which respectively debate two industry questions: what content is produced? arthouse vs.
  • Indias Strategic Options in a Changing Cyberspace

    Indias Strategic Options in a Changing Cyberspace

    India’s Strategic Options in a Changing Cyberspace India’s Strategic Options in a Changing Cyberspace Cherian Samuel Munish Sharma INSTITUTE FOR DEFENCE STUDIES & ANALYSES NEW DELHI PENTAGON PRESS LLPLLP India’s Strategic Options in a Changing Cyberspace Cherian Samuel and Munish Sharma First Published in 2019 Copyright © Institute for Defence Studies and Analyses, New Delhi ISBN 978-93-86618-66-5 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without first obtaining written permission of the copyright owner. Disclaimer: The views expressed in this book are those of the authors and do not necessarily reflect those of the Institute for Defence Studies and Analyses, or the Government of India. Published by PENTAGON PRESS LLP 206, Peacock Lane, Shahpur Jat New Delhi-110049 Phones: 011-64706243, 26491568 Telefax: 011-26490600 email: [email protected] website: www.pentagonpress.in In association with Institute for Defence Studies and Analyses No. 1, Development Enclave, New Delhi-110010 Phone: +91-11-26717983 Website: www.idsa.in Printed at Avantika Printers Private Limited. Contents Acknowledgements vii Abbreviations ix Introduction xi 1. Concepts and Definitions 1 2. Cyber Deterrence: The Emerging Landscape 12 3. The Geopolitics of Norms Building in Cyberspace 51 4. Active Cyber Defence: An Analysis 81 5. Critical Information Infrastructure Protection: National Practices and Perspectives 97 6. India’s Technology Challenges: Encryption, Quantum Computing and Artificial Intelligence 115 7. Public-Private Partnership in Cybersecurity: Opportunities and Challenges 143 8. India’s Strategic Options in a Changing Cyberspace 157 Recommendations 165 Index 169 Acknowledgements The seed for this publication was planted in the final meeting of the Project Review & Steering Group when Brig.
  • The Relationship Between Local Content, Internet Development and Access Prices

    The Relationship Between Local Content, Internet Development and Access Prices

    THE RELATIONSHIP BETWEEN LOCAL CONTENT, INTERNET DEVELOPMENT AND ACCESS PRICES This research is the result of collaboration in 2011 between the Internet Society (ISOC), the Organisation for Economic Co-operation and Development (OECD) and the United Nations Educational, Scientific and Cultural Organization (UNESCO). The first findings of the research were presented at the sixth annual meeting of the Internet Governance Forum (IGF) that was held in Nairobi, Kenya on 27-30 September 2011. The views expressed in this presentation are those of the authors and do not necessarily reflect the opinions of ISOC, the OECD or UNESCO, or their respective membership. FOREWORD This report was prepared by a team from the OECD's Information Economy Unit of the Information, Communications and Consumer Policy Division within the Directorate for Science, Technology and Industry. The contributing authors were Chris Bruegge, Kayoko Ido, Taylor Reynolds, Cristina Serra- Vallejo, Piotr Stryszowski and Rudolf Van Der Berg. The case studies were drafted by Laura Recuero Virto of the OECD Development Centre with editing by Elizabeth Nash and Vanda Legrandgerard. The work benefitted from significant guidance and constructive comments from ISOC and UNESCO. The authors would particularly like to thank Dawit Bekele, Constance Bommelaer, Bill Graham and Michuki Mwangi from ISOC and Jānis Kārkliņš, Boyan Radoykov and Irmgarda Kasinskaite-Buddeberg from UNESCO for their work and guidance on the project. The report relies heavily on data for many of its conclusions and the authors would like to thank Alex Kozak, Betsy Masiello and Derek Slater from Google, Geoff Huston from APNIC, Telegeography (Primetrica, Inc) and Karine Perset from the OECD for data that was used in the report.
  • ITU Botnet Mitigation Toolkit Background Information

    ITU Botnet Mitigation Toolkit Background Information

    ITU Botnet Mitigation Toolkit Background Information ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication Development Sector January 2008 Acknowledgements Botnets (also called zombie armies or drone armies) are networks of compromised computers infected with viruses or malware to turn them into “zombies” or “robots” – computers that can be controlled without the owners’ knowledge. Criminals can use the collective computing power and connected bandwidth of these externally-controlled networks for malicious purposes and criminal activities, including, inter alia, generation of spam e-mails, launching of Distributed Denial of Service (DDoS) attacks, alteration or destruction of data, and identity theft. The threat from botnets is growing fast. The latest (2007) generation of botnets such as the Storm Worm uses particularly aggressive techniques such as fast-flux networks and striking back with DDoS attacks against security vendors trying to mitigate them. An underground economy has now sprung up around botnets, yielding significant revenues for authors of computer viruses, botnet controllers and criminals who commission this illegal activity by renting botnets. In response to this growing threat, ITU is developing a Botnet Mitigation Toolkit to assist in mitigating the problem of botnets. This document provides background information on the toolkit. The toolkit, developed by Mr. Suresh Ramasubramanian, draws on existing resources, identifies relevant local and international stakeholders, and