North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: mitigating botnet C&Cs has become useless

  • From: Sean Donelan
  • Date: Tue Aug 08 20:23:33 2006

On Tue, 8 Aug 2006, Rick Wesson wrote:
Last sunday at DEFCON I explained how one consumer ISP cost American business $29M per month because of the existence of key-logging botnets.

Why did you attribute responsibility for the cost only to the consumer ISP? How much of the cost should be attributed the PC OEM, or the software developers, or the American business, or the ....?

Because the numbers are significant. Finding any entity that could provide a choke-point for 4% of business side id-theft is an interesting exercise and of significant value to the community.

Ok, so the ISPs weren't actually responsible for the cost, you are just choosing ISPs as a convenient mechanism to impose controls on the Internet.

How do you intend to compensate the ISP for providing this valuable service to the American business community? Are American businesses going to get together and pay for it? Or are you expecting ISPs to charge consumers more to connect to the Internet in order to pay for it?

Or would the money be better spent by American businesses improving their
ID checking so the problem of id-theft could be addressed regardless of
the information was obtained by criminals, from computers, trash cans, phishing, online information brokers, etc.