1 / 13

Fighting botnets: lessons from the field of public health, sanitation and epidemiology

Fighting botnets: lessons from the field of public health, sanitation and epidemiology. BotLeg project, NWO grant number 628.001.015. Dr . Bart van der Sloot B.vdrSloot@uvt.nl. TILT Tilburg Institute for Law, Technology, and Society. Outline. Metaphor Prevention strategies

mora
Download Presentation

Fighting botnets: lessons from the field of public health, sanitation and epidemiology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Fighting botnets: lessons from the field of public health, sanitation and epidemiology BotLeg project, NWO grantnumber 628.001.015 Dr. Bart van der Sloot B.vdrSloot@uvt.nl TILTTilburg Institute for Law, Technology, and Society

  2. Outline • Metaphor • Prevention strategies • Containmentstrategies • Lessons TILTTilburg Institute for Law, Technology, and Society

  3. Metaphor • Because botnets are a relatively new phenomenon, it is not surprising that when describing and interpreting their meaning, many have borrowed terms from other fields. A potent metaphor is that of transmissive and infectious diseases, viruses and contagious outbreaks. Like other malware, botnets have been described as a ‘virus’, and counter-measures involve quarantining a virus. The virus can ‘infect’ a computer and consequently corrupt a computer’s ‘immune system’. That is why authors have called for more ‘cyber hygiene’, disinfection measures, cyber sanitation and the generation of ‘vaccines for malware immunization’. • E.g. J. Wolff, ‘Cybersecurity as Metaphor: Policy and Defense Implications of Computer Security Metaphor’, TPRC Conference Paper, 2014, p. 6. R. Vogt, J. Aycock & M. J. Jacobson, ‘Army of Botnets’, <www.cpsc.ucalgary.ca/~aycock/papers/ndss07.pdf>. C. Wilson, ‘Botnets, Cybercrime, and Cyberterrorism’, CRS Report for Congres, 2008. • E.g., Council of Europe, Recommendation R(89) 9 on computer-related crime (Strasbourg 1990), p. 43. <https://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/how-to-remove-quarantined-malware-viruses/c022fcce-5f6e-e011-8dfc-68b599b31bf5>.Y. Carlinet et al., ‘Analysis of computer infection risk factors based on customer network usage’, <https://www.researchgate.net/profile/Herve_Debar/publication/4373164_Analysis_of_Computer_Infection_Risk_Factors_Based_on_Customer_Network_Usage/links/0fcfd5087b159210fe000000.pdf>. A. Somayaji, S. Hofmeyer & S. Forrest, ‘Principles of a Computer Immune System’, NSPW '97 Proceedings of the 1997 workshop on New security paradigms, 1997. • V. G. Cerf, ‘First, Do No Harm’, Philosophy & Technology, 24, 2011. M. E. O’Connell, ‘Cyber Security without Cyber War’, Journal of Conflict Security Law 17, 2, 2012. D. Dasgupta & M. Rahman, ‘A Framework for Estimating Security Coverage for Cloud Service Insurance’, <https://pdfs.semanticscholar.org/d66d/625085e6e6a4700c89135067b93274d6f617.pdf>. • H. Asghari, M. Ciere & M. J.G. van Eeten, ‘Post-Mortem of a Zombie: Conficker Cleanup After Six Years’, <https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/asghari>. • M. Jacobson , ‘Vulnerable Progress: The Internet of Things, the Department of Defense and the Dangers of Networked Warfare’, COMP-116: Computer Systems Security, <http://www.cs.tufts.edu/comp/116/archive/fall2015/mjacobson.pdf>. • Z. Xu et al., ‘AUTOVAC: Towards Automatically Extracting System Resource Constraints and Generating Vaccines for Malware Immunization’, <http://students.cse.tamu.edu/jialong/paper/Autovac_ICDCS13.pdf>.

  4. Prevention: precautionarymeasures • Health and safety rules for restaurants,setting rules on food storage and preparation, medical facilities, requiring medical personnel to wear protective clothing and setting clear rules on hygiene, and the sex-industry, for example obliging the use of a condom. • People known to carry certain infectious diseases can be obliged to take additional precautionary measures to avoid contamination. For example, a physician with AIDS may be required not perform certain invasive procedures or to double-glove as extra means of protection.

  5. Prevention: mandatory testing • A second strategy is mandatory testing. Such testing programs may be applied to specific individuals, to risk-groups or to the population at large.

  6. Prevention: mandatory vaccination • Besides vaccination programs for children, emergency vaccination and mandatory vaccination for risk-categories exists.

  7. Prevention: interfere at a pre-birth or DNA level • Specimens may be selected for breeding, choosing those that are more resilient against viruses and other diseases. Common with cattle and plants, but very few mandatory programs exist for humans, although there are countries with mandatory sterilization programs for mentally disabled. • Alternatively, embryo-selection can be used to terminate specimens with certain diseases or defects at an early stage, or the DNA and genetic make-up can be modified and improved of persons, either before or after birth, to cure or prevent diseases. No mandatory regimes exist, although many fear that in time they will.

  8. Containment: mandatory reporting • Informing the state authorities of disease outbreaks is mandatory, inter alia, with respect to virus outbreaks at farms. For humans, mandatory reporting of an HIV infection can be required of those with whom the infected person has had sex or shared a needle. • Medical personnel that is aware of the risk of an outbreak, through the treatment of patients, are placed under a special obligation to break the doctor-patient confidentiality and inform the group at risk or the community at large.

  9. Containment: mandatory treatment • Besides risk-based, there is information- or intelligence-based testing and treatment, which may be made mandatory when patients resist treatment. Regimes for mandatory treatment have also been proposed with respect to drug-using homeless people, for example making treatment a prerequisite for social welfare. Mandatory treatment is mostly unnecessary as patients want to be treated. • F. J. Frese, ‘The mental health service consumer's perspective on mandatory treatment’, New Directions for Mental Health Services, 1997. • M. Abbott, ‘Homelessness and Substance Abuse: Is Mandatory Treatment the Solution’, Fordham Urban Law Journal 22(1), 1994. S. Macdonald et al., ‘Drug testing and mandatory treatment for welfare recipients’, International Journal of Drug Policy, 12, 3, 2001.U.S. Supreme Court Addington v. Texas, 441 U.S. 418 (1979).

  10. Containment: quarantine • People entering a country can be quarantined • In the combat of Ebola, isolation centers were built in Africa, for example in Sierra Leone and Liberia

  11. Containment: culling • Used with plants and animals, but not with respect to humans

  12. Lessons: differences • By injecting a small fraction of a virus into a human body, its natural defense system can from then onwards detect the virus, make anti-bodies and remove it from the body, while anti-virus software is updated to recognize new malware. • Biological viruses mutate but are mostly relatively stable compared to computer viruses, which can be programmed to mutate in short cycles, or new malware, with new code can relatively easily be created. • Computer viruses serve a human purpose, biological do viruses not. Viruses in the physical realm usually act in a decentralized way – they are not controlled by a herder – while this traditionally has been the case with botnets. • Human hosts will usually show signs of illness in the offline world, while this is not necessarily the case with an infected computer. • In the offline world, the government traditionally takes the lead in public health, while in the digital world, such tools are mostly in the hands of private originations. • In the online world, either a botnet virus or a law enforcement agency can hack a computer and take control over the device, while such is impossible in the offline world. • Although direct or indirect contact is necessary to spread the virus in both the offline and the online world, in the digital realm, physical vicinity is not a prerequisite. • Computers do not bear offspring. • Computers have no emotions (right?), althoughthey store content withemotionalvalueforhumans

  13. Lessons?

More Related