27/04/2004 - 22:00

Combating the new Internet war

27/04/2004 - 22:00


Save articles for future reference.

VIRTUAL villains are turning the Internet into a battleground.

Combating the new Internet war

VIRTUAL villains are turning the Internet into a battleground. A combination of international conventions and agreements, domestic enforcing legislation, appropriate law enforcement capabilities and new Internet technology is required if we are to address the problem effectively.

The Internet is under sustained attack and fast becoming a war zone. Spam, worms, viruses, denial-of-service attacks and, potentially, information warfare could become a matter of significant national concern.

Virus attacks are able to happen because of the technological monoculture, which is dominated by one platform (desktops by Microsoft).

The Internet’s ‘ecology’ enables continual evolution of new virulent forms of attack. The recent virus and worm onslaughts have affected many of us in one way or another.

These incidents generate real costs to society. Witness Telstra’s recent problems with the swen virus, whereby Bigpond subscribers suffered email delays of up to two days. These Internet attacks have the potential to escalate to the extent of disabling basic national infrastructure, such as power generation systems, transportation, and water utilities.

Denial-of-service attacks occur when a hacker creates software agents, which bombard a website to a point where the site is rendered inoperable.

In other words, the attack denies users the ability to utilise an electronic service. Like virus attacks, denial-of-service attacks are malicious and generate real costs to society.

Spam (electronic junk mail), too, is of growing concern. Some estimate that as much as 60 per cent of all Internet traffic is now spam. The spam industry consists of at least two parts – the spam delivery organisations, which are ultimately being paid to deliver sales material, and the businesses that originate the sales message.

It is practically costless to deliver each message, which makes mass mail-outs attractive to the originator (unlike physical mail, which requires the costs of stamp, envelope and processing).

A colleague in the US recently received up to 100,000 spam messages in one minute. If that rate continued unabated all day, it would hypothetically translate into 144,000,000 spam messages.

Sustained at this level, spam would swamp legitimate emails, dominate Internet traffic arteries and saturate Internet Service Providers (ISPs) – effectively crippling the Internet.

In the past five years, 33 States in the US have passed anti-spam laws, yet the problem gets worse. The Internet is a global phenomenon. Spammers may be mounting their attack from another country with no anti-spam legislation.

It is clear that we need a means of cross-border cooperation and coordination between governments, enforcement agencies and the military if we are to track down and penalise originating organisations and individuals.

Information warfare – the use of information systems to deny, exploit, corrupt or destroy an adversary’s information, information processes, systems and computer networks – particularly in the hands of a well-funded, highly knowledgeable and capable adversary, could be used to target items of national strategic significance, such as the banking industry.

These disruptive devices exploit three key characteristics of the Internet – scalability and zero marginal cost (facilitating rapid attack); anonymity (conferring an ability to hide); monoculture (a single Microsoft security hole may affect 90 per cent of Internet desktops).

A solution?

Technology on its own cannot solve these problems, nor can the unharnessed actions of individual Internet users. Rather than thinking about this as a series of issues to be separately managed, it is time to take a holistic view.

In addition to governments and relevant regulatory and law enforcement agencies, major technology companies, ISP, and the legal profession should be leading participants in the establishment of a new international legal and regulatory system governing the Internet, underpinned by an international Internet convention. The system must enable Internet law to continue to evolve, just as for example international maritime law has done.

If Australia wishes to protect itself against this new generation of marauders, it will need to encourage, participate in and perhaps even lead the formation of a new body of international law, modelled upon best practice in analogous international legal regimes.

p David McKeague is principal of Xon Xoff Pty Ltd



Subscription Options