[91604] in North American Network Operators' Group
Re: mitigating botnet C&Cs has become useless
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Tue Aug 8 19:10:44 2006
Date: Wed, 9 Aug 2006 01:10:01 +0200 (CEST)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Rick Wesson <wessorh@ar.com>
Cc: nanog@merit.edu
In-Reply-To: <44D90BEA.90403@ar.com>
Errors-To: owner-nanog@merit.edu
On Tue, 8 Aug 2006, Rick Wesson wrote:
> Last sunday at DEFCON I explained how one consumer ISP cost American business
> $29M per month because of the existence of key-logging botnets.
>
> you want to talk economics? Its not complicated to show that mitigating
> key-logging bots could save American business 2B or 4% of =losses to identity
> theft -- using FTC loss estimates from 2003
>
> just because an ISP looses some money over transit costs does not equate to
> the loss american business+consumers are loosing to fraud.
I am sure that the total cost would be less if everybody cleaned up their
act. It doesn't change the fact that the individual ISP has to spend money
it will never see returns on, for this common good to emerge.
If the government wants to do this, then I guess it should start demanding
responsibility from individuals as well, otherwise I don't see this
happening anytime soon. Microsoft has a big cash reserve, perhaps the US
government should start demanding them clean up their act and release more
secure products, and start fining people who don't use their products
responsibly. Oh, and go after the companies installing spyware, in ernest?
And to find these, they have to start wiretapping everybody to collect the
information they need.
Otoh this added security might add up to more losses than 2B per year in
less functionality and more administration and procedures (overhead), so
perhaps those 2B is the price we pay for freedom and liberty in this
space?
Always hard to find the balance.
--
Mikael Abrahamsson email: swmike@swm.pp.se
