The Dreaded Flux?

A lot of my time this week has been taken up by the Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit group that oversees the Internet’s addressing system. I’ve been reviewing and commenting on an initial report from their Fast Flux Hosting Working Group. It’s a comprehensive piece of work that has had considerable input from a wide range of stakeholders.

If you keep up-to-date in this particular space you’ll already know that fast flux hosting is a technique used to increase the resiliency and availability of botnets which are used for criminal phishing operations. As international law enforcement have stepped up their efforts to take down these operations the criminal fraternity have replied with fast flux peer-to-peer technology to remove single points of failure  and dynamically change the Internet location of command-and-control servers. It really is more difficult to hit a fast moving target!

Personally, I’ve always found this interplay between the good and the bad, and the associated ‘arms race’ fascinating. The constant evolution and exploitation of technology to push criminal sophistication is not only entrepreneurial and innovative, but also ripe for further scholarly study, probably from a criminology perspective.

For the here-and-now all this is creating a big headache for Internet community at large. By itself fast flux hosting is not a bad thing. On the contrary, several premier Internet service providers use the technique to deliver highly resilient and reliable legitimate services to retail and wholesale users. And it is this dual use that is at the heart of defining the problem. There’s no clear answers, or solutions from ICANN and I didn’t expect there to be for this problem.  

What it does highlight is the need for joined up, cooperative action and quick action by the international law enforcement community, and maybe more importantly the need for burden sharing between international law enforcement and ISPs whichever jurisdiction they are in. I’ve commented before that we can no longer prevent electronic attack so the backstop is detection, response and repair. I’ve also commented before that I believe that the Internet is experiencing de-globalisation, but obviously with cyber-crime this just isn’t the case.

This issue hasn’t been lost on the great and the good. The World Economic Forum have summarised that the

“Cybercriminal has become a full-time (if secret) job title for some, including people with both brains and a top-flight education. Governments are finally beginning to grapple with the problem; however, they are nowhere near being able to come to grips with it. One idea is to establish a national or international authority that puts infected or infectious ISPs (internet service providers) through a quarantine process or sequesters them.”

Radical thinking from the Davos crowd!