By DREW FITZGERALD
May 29, 2015 5:30 a.m. ET
18 COMMENTS
Earlier this month, Brett Wentworth took Level 3 Communications Inc. into territory that most rivals have been reluctant to enter. The director of global security at the largest carrier of Internet traffic cut off data from reaching a group of servers in China that his company believed was involved in an active hacking attack.
The decision was reached after a broad internal review. The Broomfield, Colo., company is taking an aggressive—and some say risky approach—to battling criminal activity. Risky because hackers often hijack legitimate machines to do their dirty work, raising the risk of collateral damage by sidelining a business using the same group of servers. Such tactics also run against a widely held belief that large carriers should be facilitating traffic, not halting it. And carriers are reluctant to create the expectation that they will police the Internet.
Yet with attacks on the rise, Level 3 three years ago decided it is worth the risks. At a rate of about once every few weeks, the carrier is shutting down questionable traffic that doesn’t involve any of its clients. When the source of the trouble is hard to pinpoint, it often casts a wide net and intercepts traffic from large blocks of Internet addresses.
RELATED NEWS
Hard Rock Hotel in Las Vegas Says Hit by Hackers
Health Insurer CareFirst Says It Was Hacked
Should Washington Allow Companies to Strike Back Against Hackers?
Recently, that meant stopping traffic from a powerful network of computer servers controlled by a group of hackers that security researchers dubbed SSHPsychos. The group used rented machines in a data center to hack other computers that could bring down target websites by flooding them with junk traffic. Level 3 blocked a broad swath of the Hong Kong-registered data center’s IP addresses from the Internet.
“Sometimes you have to cut off a finger to save the body,” Mr. Wentworth said.
Level 3 is now opening up about its methods because it wants its fellow network operators to follow its example. The stance, if copied, could change Internet carriers’ traditionally passive approach to defending against attacks meant to overwhelm websites or steal vast amounts of credit card data such as have plagued U.S. retailers for the past two years.
Other large Internet carriers remain wary of playing Internet cop. Swedish Internet carrier TeliaSonera AB says it usually blocks traffic when its network is under attack or its customers request it as a service. AT&T Inc. says Web traffic is often too ambiguous to block.
What may appear as a flood of Internet traffic designed to cripple a company’s Web servers might actually be an unexpectedly busy day for a retailer, said AT&T Chief Security Officer Ed Amoroso. The telecom giant focuses on attacks that target its own network or the systems of its customers and intrudes on third-party traffic only after careful discussion with its legal team.
“We have to be careful, and the carrier industry has to be very careful not to go pushing buttons,” Mr. Amoroso said. “You’re never 100% sure of these things.”
Other companies have tried more aggressive approaches against hackers in the past. Microsoft Corp. moved against botnets in 2013 when it worked with partners to cut off connections to ZeroAccess, a network of more than 2 million infected computers that their hijackers used to defraud online ad networks. Microsoft came armed in that case with a court order.
Level 3 carries traffic to or from about 40% of all Internet addresses, far more than any other network, according to analysis firm Dyn Inc.That means it is often hard for information sent from any website, legal or otherwise, to cross the globe without touching Level 3’s equipment at some point.
The company hunts for hackers by combing through security blog posts and email advisories to get a handle on possible threats. Its software scans more than 45 billion detailed routing logs a day for signs of malicious activity before deciding to a...
In other words, you want the death of journalism. Or are you telling us all you both have adblock disabled and click on ads you see on sites that make their money that way?
A one-sentence reply without any substance. I'd say you're well aware that it isn't in the least, which is why you didn't bother even attempting to expand on what is a blatantly false statement.
Didn't Level3 recently have Net-Neutrality issues with Verizon? While I think that botnets are a serious issue for internet security, I don't see how carriers have the authority or mandate to engage in selective traffic filtering without it contravening their support for NN.
If ICANN or the RIR's (APNIC, RIPE) were vested with the power and responsibility of maintaining botnet-blacklists then that might be better? I just don't think there's any legitimacy in carriers taking on this role.
9 comments
[ 2.3 ms ] story [ 41.6 ms ] threadAnyone have a non-paywalled source that doesn't involve circumventing said paywall? I would prefer to take my page views elsewhere.
The decision was reached after a broad internal review. The Broomfield, Colo., company is taking an aggressive—and some say risky approach—to battling criminal activity. Risky because hackers often hijack legitimate machines to do their dirty work, raising the risk of collateral damage by sidelining a business using the same group of servers. Such tactics also run against a widely held belief that large carriers should be facilitating traffic, not halting it. And carriers are reluctant to create the expectation that they will police the Internet.
Yet with attacks on the rise, Level 3 three years ago decided it is worth the risks. At a rate of about once every few weeks, the carrier is shutting down questionable traffic that doesn’t involve any of its clients. When the source of the trouble is hard to pinpoint, it often casts a wide net and intercepts traffic from large blocks of Internet addresses.
RELATED NEWS
Hard Rock Hotel in Las Vegas Says Hit by Hackers Health Insurer CareFirst Says It Was Hacked Should Washington Allow Companies to Strike Back Against Hackers? Recently, that meant stopping traffic from a powerful network of computer servers controlled by a group of hackers that security researchers dubbed SSHPsychos. The group used rented machines in a data center to hack other computers that could bring down target websites by flooding them with junk traffic. Level 3 blocked a broad swath of the Hong Kong-registered data center’s IP addresses from the Internet.
“Sometimes you have to cut off a finger to save the body,” Mr. Wentworth said.
Level 3 is now opening up about its methods because it wants its fellow network operators to follow its example. The stance, if copied, could change Internet carriers’ traditionally passive approach to defending against attacks meant to overwhelm websites or steal vast amounts of credit card data such as have plagued U.S. retailers for the past two years.
Other large Internet carriers remain wary of playing Internet cop. Swedish Internet carrier TeliaSonera AB says it usually blocks traffic when its network is under attack or its customers request it as a service. AT&T Inc. says Web traffic is often too ambiguous to block.
What may appear as a flood of Internet traffic designed to cripple a company’s Web servers might actually be an unexpectedly busy day for a retailer, said AT&T Chief Security Officer Ed Amoroso. The telecom giant focuses on attacks that target its own network or the systems of its customers and intrudes on third-party traffic only after careful discussion with its legal team.
“We have to be careful, and the carrier industry has to be very careful not to go pushing buttons,” Mr. Amoroso said. “You’re never 100% sure of these things.”
Other companies have tried more aggressive approaches against hackers in the past. Microsoft Corp. moved against botnets in 2013 when it worked with partners to cut off connections to ZeroAccess, a network of more than 2 million infected computers that their hijackers used to defraud online ad networks. Microsoft came armed in that case with a court order.
Level 3 carries traffic to or from about 40% of all Internet addresses, far more than any other network, according to analysis firm Dyn Inc.That means it is often hard for information sent from any website, legal or otherwise, to cross the globe without touching Level 3’s equipment at some point.
The company hunts for hackers by combing through security blog posts and email advisories to get a handle on possible threats. Its software scans more than 45 billion detailed routing logs a day for signs of malicious activity before deciding to a...
If ICANN or the RIR's (APNIC, RIPE) were vested with the power and responsibility of maintaining botnet-blacklists then that might be better? I just don't think there's any legitimacy in carriers taking on this role.