Question: What have do the CTO of online betting exchange Betfair and the US Government's ex-Cyber-security chief Richard Clarke have in common? Answer: They both think ISPs should be doing more to combat Distributed Denial of Service (DDOS) attacks.
In a recent interview with ZDNet UK Clarke claimed that the number of networks of remotely hijacked Pcs --- so-called Botnets -- being used to deliver DDOS attacks has shot up from around 2000 to 30,000 in the last year. "I think we are going to see companies asking their ISPS to do more. A lot of denial-of-service attacks could be prevented if ISPs co-operated with each other," he said.
Betfair's CTO, David Yu, recently voted Daily Telegraph IT director of the year and a runner up in our very own CNET UK awards, has had first hand experience of the havoc these kind of attacks can wreak. Earlier this year, his and some other online gambling sites fell victim to a coordinated series of DDOS attacks - no laughing matter when your business relies on 24/7 uptime with around 300 transactions being processed per second. For companies like Betfair -- which operate in real-time, changing odds and taking bets right up to the point a horse race or football game ends -- downtime is lost money and lots of it.
Things got so bad that at the height of the attacks, all the sites being targeted opted to forget their competitive differences and concentrate on the best way to combat the common enemy: the hackers and criminals threatening to crash their sites if cash wasn't forthcoming. Yu claims this cross-company coordination was vital in combating the problem.
The idea of companies coming together to form a united defence makes sound business sense. Capitalism is about competition but cooperation between rivals can make sense if it benefits them all equally. But while the gambling sites showed a willingness to cooperate against the DDOS groups not everyone with a part to play in the attacks was as forthcoming.
Yu is insistent that ISPs are a vital link in the chain and their participation in battling the DDOS groups is vital. Despite being pretty happy with his ISP's participation -- Cable & Wireless -- Yu said service providers should be doing more to prevent DDOS attacks. One answer would be proactively filtering or blocking the flood of traffic at source.
But it seems that some ISPs don't share Yu's penchant for reciprocal altruism. When contacted by ZDNet UK reporters last week to gauge their reaction to calls for greater ISP participation in blocking DDOS attacks, BT and, surprisingly given Yu's earlier praises, Cable& Wireless, were pretty dismissive.
The most scathing comments came from John Regnault, head of security technology for BT who when asked if ISPs should be doing more said: "Why should ISPs do something?" "It's very much as if people want something for nothing. This noise is superfluous and silly." Nice.
Just the kind of caring sharing attitude we have come to expect from BT. "It is a question of what a customer is prepared to buy," Regnault added. "There are a number of BT customers who are very happy with the DDoS defence. Perhaps if you are not prepared to pay that, you would jump up and down and say it's the duty of the ISP to do it. Perhaps I would say that it's time to change ISP."
Talkback
Dear Andrew,
You present an interesting article. I have worked in the Internet industry for over ten years and have had cause to work with, and for a variety of ISPs in that time. I am confused by the stance that you have taken.
The vast majority of ISP customers are not targets for DDOS attacks. Those that are target are readily identifiable (high profile, sensitive) and tend to be larger customers with more money than most - Gambling sites often fall into that category. It is in these larger sites commercial interest to try and get ISPs to deliver protection "for free" - it improves their return to their shareholders.
If ISPs took on the burden of protection against DDOS for all customers (which is expensive overkill as most are not targets), then the general cost of connectivity will increase - basically increasing the costs for all ISP customers for resolving a problem that only a fraction of the wealthier customers have.
Surely it's better at the moment to implement point defences for those one or two customers who have the money (the cost of these systems is not extortionate compared to the potential loss of revenue) - and the incentive to protect their systems, rather than charging a DDOS tax on general connectivity for smaller, less wealthy customers who will never be a target of a DDOS attack?
Your article seems to heavily side with betting sites without seeing them as a business concern looking to spend less money. Perhaps it's easy to paint ISPs as uncaring, unfeeling corporates, but then interviewing just BT and C&W is hardly a comprehensive or representative view of the UK ISP market.
Of course, the argument might be considerably different for anti-virus and malware protection which is of much more general concern to all connected companies. I think your article would have more mileage if it looked at how common these attack modes are for all customers and how ISPs deal with them, not just the high profile elite faced with an unusual attack mechanism.
I feel like you are advocating a general increase in the cost of car insurance to pay for the potential loss of flash alloys. Not everyone has them and I don't see a problem with charging those customers who chose to have alloys a premium for a bit of extra protection.
Best
Max
Max,
Thanks for your constructive feedback!
Take your point that DDOS attacks are niche at the moment but the general feeling seems to be that they might not stay that way.
Surely the best strategy is for the industry to cooperate and evolve effective ways of combating such attacks now? The attitude taken by BT and CW isn't exactly constructive: 'We'll help but it'll cost you'.
Call me idealistic but it would be nice to think that our two leading ISPs would want to cooperate and create a safer web for everyone to do businesses on.
With software from Micorsoft what good can an ISP do?Why not get to the real problem, MS's OS.
Botnets are not just the source of DDOS attacks, they are becoming the source of all evil - viruses, worms, spam - so now they are every one's enemy including Jo at home, the ISP's customer. Now it starts to affect their bottom line as well.
Your point that the ISPs need to take responsibility is perfectly valid but not in the way that they interpreted it - they need to stamp out the problem at source like the guy from Betfair said. Stamp out the compromised zombies which are on their networks. Chop off the unmaintained home broadband machines, they are killing the network for everyone.