Portal de Periódicos da CAPES

Fire and Water: Balancing the Elements for Successful Deterrence Online

2013; RELX Group (Netherlands); Linguagem: Inglês

1556-5068

Vaibhav Garg, Shaunak Dabadghao,

Information and Cyber Security

Botnets are the underlying infrastructure that allow for large-scale cybercrime to exist, as they provide bandwidth and computational power. Collaboration between law enforcement and private companies targets the Command & Control servers (CC the resources that were used to takedown the C&C servers, of Rustock for example, can be used towards alternative solutions. From the perspective of private entities such as Microsoft, individuals running pirated copies of Windows (servers) can be given access to timely updates and patches. From a public perspective alternative solutions could incorporate efforts like the German Botnet Initiative. Second, there is cost of collateral damage to users with such takedowns. For example, when such ISPs are taken down, along with the C&C and the individual, services of legitimate users are also impacted. Often the negative impact is disproportional to those with limited economic resources. For example, Microsoft’s takedown of the Nitol botnet was focused on the Dynamic DNS (DDNS) provider 3322. DDNS are typically used by entities with limited economic resources, e.g. individual users, small businesses. Finally, and arguably most importantly, is the collateral damage to other anti-botnet efforts. For example, there may be academic researchers, private corporations, law enforcement agencies from other countries, and sinkhole operators who have carefully created an infrastructure to monitor the activities of a botnet. Microsoft’s partial takedown of Zeus botnet, for example, curtailed such efforts prematurely. Partial takedowns may also increase resilience in the future. An alternative then is to have a comprehensive and coordinated effort, e.g. Conficker Working Group (CWG). CWG is a public private partnership, much like the one between Microsoft and FBI to take down the Zeus botnet. However, CWG is a coordinated long-term effort between academic researchers, private security companies, ICANN, and network providers. This kind of long-term comprehensive and coordinated effort targets the prosecution of botnet masters and is arguably more expensive. However, the benefit is the reduction in collateral damage. The economic resources of both public bodies, such as FBI, and private entities, e.g. Microsoft, are limited. Thus, it is critical to examine the relative benefits of a (partial) takedown regime vs. one that is more comprehensive to fighting botnets specifically and cybercrime in general. We compare the relative economic effectiveness of these two approaches and the conditions under which one of these approaches is more efficient. Our examination is grounded in the Fire and Water approaches to counter-terrorism efforts.