Skip to navigation
Latest News

Spam fighters call for "parking tickets" on unsafe servers

Spam

By Tom Brewster

Posted on 27 Nov 2013 at 10:24

Anti-spam outfit, Spamhaus, has called on the UK government to fine those who are running internet infrastructure that could be exploited by criminals.

Spamhaus was hit by what's been described as the "biggest ever" cyber-attack earlier this year.

The fines would be akin to parking tickets, chief information officer of Spamhaus, Richard Cox, told PC Pro. Speaking from the Cyber Security Summit in London, which was attended by members of UK law enforcement and government, Cox said it should be illegal for people to leave servers unsecured, since that would allow crooks to use them as part of their attack infrastructure.

If we introduce a sensible law, it’s quite likely other countries will copy us

In Cox’s eyes, those who leave open Domain Name Server (DNS) resolvers vulnerable to attack should be fined, if they have previously received a warning. When Spamhaus was hit by a massive distributed denial of service (DDoS) attack – the biggest ever recorded at more than 300Gbits/sec – open DNS resolvers were used to amplify the hit, which was aimed at one of the organisation’s upstream partners.

"Once they know it can be used for attacks and fraud, that should be an offence," Cox said. "You should be subject to something like a parking ticket... where the fine is greater than the cost of fixing it.

"If we introduce a sensible law, it’s quite likely other countries will follow."

That would give people an incentive to adopt a more proactive approach, rather than a reactive one, as is the case now. "If somebody walks into a government building carrying a machine gun, you stop them before they fire," he added.

Not that Cox believes government policy makers will do anything about it. "The people who make the laws don’t understand the mechanisms," he said.

Cox was frustrated that, before he could make his case to officials at the Cyber Security Summit – including head of the new National Cyber Crime Unit, Andy Archibald, and head of the Office of Cyber Security, James Quinault – they had left straight after their keynotes.

Another flawed proposal?

Numerous proposals to police threats on the internet have been proposed in the past, none of which have come to fruition. Microsoft’s Scott Charney caused a stir in 2010 when he suggested infected machines should be quarantined from the web. Others have suggested something like a driving licence, where irresponsible users are given points before being banned for repeated bad behaviour.

Professor Alan Woodward, from the Department of Computing at University of Surrey, said Cox’s proposal was novel, but implementing it would be an onerous task.

"There is a danger that you could have some well-meaning governments putting in place appropriate regulation and legislation to support such an idea, only to find others haven’t. It would work only if there were a majority of earthly jurisdictions that cooperated in some way," he told PC Pro.

Woodward said government could be more proactive about notifying people. "That could be a useful service that government agencies could provide, not to penalise but to alert those running vulnerable servers. If anything this would be useful because it would add to the collective responsibility that is needed to successfully run the internet safely."

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Definition?

And the definition of unsecure / unsafe, etc. is???

Please don't say "obvious" - that's what the government thinks about filtering etc for porn / child abuse.

By AdrianB on 27 Nov 2013

Notifying owners of compromised servers

Where is the volunteer organization that notifies people with compromised servers?

By AustinHook on 27 Nov 2013

Collateral Damage

Seriously - it's the ISPs who route spoofed packets to blame, not the people who run the infrastructure that receives the spoofed traffic.

Cox should be used to using collateral damage blackmail techniques after all - that's what pays his salary (Spamhaus attacking innocent netblock bystanders in order to force ISPs to cut off occasional spammers).

By sparkly on 27 Nov 2013

Special Interest Lobbying

Special interests lobbying by a private company that is setup in the UK ONLY via a virtual office and that has no employees in the UK. A company that boasts non-profit status while advertising their for-profit companies via spamming a role account that they, themselves lobbied to mandate. Now they want to lobby for support from the UK Gov. because they can't do their jobs right...sad!

By stephensboy on 29 Nov 2013

Spamhaus is fraud and illegal organization

Spamhaus is fraud and illegal organization run by Stephen John linford to do his money laundering and tax evasion. Spamhaus do not exist and they do not have any physical office. They operate from offshore countries using European VPN to pretend they are based in Europe.
Stephen John linford used to earn his living by playing guitar in cafe and used to live in Motorhome. Now he lives in 2million Euro villa and have private yatch. Even corporaates do not earn that much as much this "so called" non profit organization makes by online extortion.
There are investigations going on against their CEO Stephen John linford and Interpol is aware of this activities of Money laundering, tax evasion and frauds. They are waiting for the right time to act.

By spamhaus on 14 Dec 2013

Spamhaus is fraud and illegal organization

Spamhaus is fraud and illegal organization run by Stephen John linford to do his money laundering and tax evasion. Spamhaus do not exist and they do not have any physical office. They operate from offshore countries using European VPN to pretend they are based in Europe.
Stephen John linford used to earn his living by playing guitar in cafe and used to live in Motorhome. Now he lives in 2million Euro villa and have private yatch. Even corporaates do not earn that much as much this "so called" non profit organization makes by online extortion.
There are investigations going on against their CEO Stephen John linford and Interpol is aware of this activities of Money laundering, tax evasion and frauds. They are waiting for the right time to act.

By spamhaus on 14 Dec 2013

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.