North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mitigating botnet C&Cs has become useless

  • From: Peter Dambier
  • Date: Tue Aug 08 19:40:16 2006

Mikael Abrahamsson wrote:

On Tue, 8 Aug 2006, Rick Wesson wrote:

Last sunday at DEFCON I explained how one consumer ISP cost American business $29M per month because of the existence of key-logging botnets.

you want to talk economics? Its not complicated to show that mitigating key-logging bots could save American business 2B or 4% of =losses to identity theft -- using FTC loss estimates from 2003

just because an ISP looses some money over transit costs does not equate to the loss american business+consumers are loosing to fraud.

I am sure that the total cost would be less if everybody cleaned up their act. It doesn't change the fact that the individual ISP has to spend money it will never see returns on, for this common good to emerge.

If the government wants to do this, then I guess it should start demanding responsibility from individuals as well, otherwise I don't see this happening anytime soon. Microsoft has a big cash reserve, perhaps the US government should start demanding them clean up their act and release more secure products, and start fining people who don't use their products responsibly. Oh, and go after the companies installing spyware, in ernest? And to find these, they have to start wiretapping everybody to collect the information they need.

I remember working in the sysops group of a big company we made our own law:

Leaving your terminal without logoff would cost you a bottle of cognac.

Writing your password under the keyboard would cost you a bottle of cognac.


My boss used to have stomach aches. That is why arround noon you would
find most of us in the machine room - sorting tapes :) It was the
coldest place in the building. Right to cool down our red faces :)

It might be cool if an ISP was to charge his costumers a bottle of Pepsi everytime they got hacked.

It might be even more cool if the costumer succeeded to charge Microsoft
if they were the culprit :)

Otoh this added security might add up to more losses than 2B per year in less functionality and more administration and procedures (overhead), so perhaps those 2B is the price we pay for freedom and liberty in this space?

Always hard to find the balance.

No more balance after that bottle of cognac :)

Peter and Karin

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP:
mail: [email protected]
mail: [email protected]