The world of Internet threats has changed continually over the years. From the time that a “worm” first showed up in the wild, or whenever someone penetrated a system without authorization for the first time, various forms of attacks and malware have presented dangers to the system and those who use it.

Different vectors have received varied focus over the years. Distributed Denial of Service (DDoS) attacks and botnets have received significant headlines recently. Many parts of the Internet community have been involved in addressing relevant issues and fostering efforts to combat them. Public Interest Registry has made it a priority to be part of those efforts. We have been active generally among the anti-abuse community, attending programs such as at the National Cyber Forensics and Training Alliance in Pittsburgh, PA, and the Organization of American States in Washington, DC. We also sponsored and participated in a DDoS forum, Mitigating DDoS Attacks, A Global Challenge, in New York last December, as well as anti-botnet workshops conducted by the Online Trust Alliance.

Most recently, we have worked to foster conversations through organizing panels at Anti-Phishing Working Group meetings in San Juan, Puerto Rico, and Buenos Aires, Argentina. These panels brought experts together from around the world so that they could share their experience and expertise. The Buenos Aires program, for example, included representatives of the .co and .cl registries, cert.br, a malware researcher from Brazil, a representative of the Argentinian ISP association, and an expert in European anti-malware efforts. A member of the Buenos Aires Metropolitan Police cyber unit also contributed from the floor. In addition, I shared some of what I have learned during my time with Internet law enforcement,the Federal Trade Commission, and subsequent work.

These initiatives did not produce epiphanies on solving botnet issues, and it appears that the problem is not going to be solved through panels, meetings or studies. However, the problem can be addressed through what happens at these events in order to help the work progress forward. Some concepts have been clear through our involvement:

1. Any activities must be a continuing effort. Botnet and DDoS attack vectors continue to evolve.
2. Education is essential—whether it be to policy makers, law enforcement, or members of the private sector. Misinformation from speakers, particularly in the policy arena that is so essential to advancing programs and providing resources, is all too frequent at conferences. The problem was apparent at a recent program at which an official overstated the costs of getting a botnet into operation by a factor of 100. It’s less difficult than he understood, which could affect resource allocation recommendations that he might make.
3. Neither the private nor public anti-abuse sector alone holds the solution. They have varying areas of expertise, resources, and authority. Conferences, panels, and other efforts have proven the value of consulting and even working together. They provide knowledge also in addition to key contacts, familiarity, and the trust that is essential to fostering cooperation, especially on efforts that may be sensitive.
4. No one government or nation’s private community holds the solution. The Internet and threats to it obviously cross borders. It perhaps is easier for the private sector to work cross-border than for law enforcement, but more opportunities must be available that foster the cooperation. This work is important, no onlyfor addressing existing threats where they are long established, but also for information sharing in areas that may be relatively new to organized abuse activities. For example, the United States and Europe are common first thoughts when addressing malware. However, a recent Trend Micro study showed a growing threat level in Latin America.
5. All sectors of the Internet infrastructure, registries, registrars, ISPs, etc., have parts to play, some of which may or may not fit together. Their ability to attack the problems vary because of such considerations as laws, contracts, and levels of direct contact with corporate or individual victims, but there always is a benefit to knowing about both overlapping and parallel efforts.
6. Sometimes groups, constituencies, or entities have anti-botnet or other anti-malware efforts that need to be kept insular for various reasons such as pending private lawsuits. These efforts should not be positioned or carried out in a way that threatens the good work of others. Prior communication is essential in order to ensure that a large-scale initiative does not interfere with or destroy other ongoing efforts.

These points are lessons from our observations, and should not be considered a comprehensive list. No list could be, truly because of the changing nature and increasing sophistication of threats to the Internet. For this reason, Public Interest Registry will continue to work with the Internet community to do our part in combatting botnets, DDoS attacks, and other critical threats to the Internet as they evolve.