Security Group Converges to Fight Internet Abuse

IDG News Service — As cybercrime continues to proliferate on the Internet, one industry security group is hoping its work will help stem the tide of spam and scams.

The Messaging Anti-Abuse Working Group (MAAWG) held a three-day meeting in Amsterdam this week, discussing spam, network security, the DNS (Domain Name System) and other topics. Industry professionals traded ideas on stopping abusive online behavior.

Much of MAAWG's work is done behind closed doors. The organization -- founded in 2003 and backed by heavyweights such as AT&T, Yahoo, Comcast and Verizon -- has rarely granted access to its sessions to journalists for fear the security strategies discussed will become known and then circumvented by cybercriminals.

Many participants at MAAWG meetings don't want to be identified in the press, in part because organized criminals gangs are now firmly entrenched in e-crime. Those who seek to disrupt those operations could be targeted for harassment.

The latest meeting was MAAWG's largest European meeting, with 270 participants from 19 countries, including representatives from the U.S. Federal Trade Commission, the Federal Bureau of Investigation and Europol, a European law enforcement organization.

One of the primary focuses of MAAWG is spam. In 2004, Microsoft founder Bill Gates made his now-famous prediction that spam wouldn't be a problem a couple of years later -- but spam remains a thorn in the side of ISPs and consumers and has become ever more tricky to suppress.

ISPs are also battling against botnets, or networks of computers infected with malicious software, a crucial component of spam-sending operations.

The PCs that comprise botnets can be also be used to attack other computers by bombarding them with electronic requests, known as denial-of-service attacks. Compromised PCs are highly valuable to hackers, said Jerry Upton, MAAWG's executive director.

Data can be stolen off the computers, which can be sold to other criminals who specialize in converting credit card numbers to cash, Upton said. E-mail addresses on a PC can be sold to spammers. The PC can then be linked into a botnet and its bandwidth used for spam campaigns, Upton said.

"It is phenomenal," Upton said. "They milk every dime. There's a huge amount of money to be made."

It's also a huge pain for ISPs, many of which aren't quite sure how best to deal with infected PCs on their network, said Michael O'Reirdan, chairman of MAAWG's board of directors. ISPs will often receive complains about abusive activity, and dealing with those complaints can be a time-consuming and expensive exercise.

Continue Reading